diff --git a/CHANGELOG.md b/CHANGELOG.md index 3cfbb6d0..b45c2a64 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ ## v0.4.42 +CHANGE: Switch all `Dial` operations made into the OpenZiti overlay to use `DialWithOptions(..., &ziti.DialOptions{ConnectTimeout: 30 * time.Second})`, switching to a 30 second timeout from a 5 second default (https://github.com/openziti/zrok/issues/772) + FIX: Removed the `--basic-auth` flag from `zrok share private` as this was ignored... even if `zrok access private` honored the `ziti.proxy.v1` config to ask for basic auth, it would still be easy to write a custom SDK client that ignored the basic auth and accessed the share directly; better to remove the option than to allow confusing usage (https://github.com/openziti/zrok/issues/770) FIX: always append common options like `--headless` and conditionally append `--verbose --insecure` if their respective env vars are set to when running in a service manager like systemd or Docker and wrapping the `zrok` command with the `zrok-share.bash` shell script (https://openziti.discourse.group/t/question-about-reserved-public-vs-temp-public-shares/3169) diff --git a/cmd/zrok/testWebsocket.go b/cmd/zrok/testWebsocket.go index 57789e95..0dd3e6b5 100644 --- a/cmd/zrok/testWebsocket.go +++ b/cmd/zrok/testWebsocket.go @@ -76,7 +76,7 @@ func (cmd *testWebsocketCommand) run(_ *cobra.Command, args []string) { } dial := func(_ context.Context, _, addr string) (net.Conn, error) { service := strings.Split(addr, ":")[0] - return zitiContext.Dial(service) + return zitiContext.DialWithOptions(service, &ziti.DialOptions{ConnectTimeout: 30 * time.Second}) } zitiTransport := http.DefaultTransport.(*http.Transport).Clone() diff --git a/endpoints/proxy/frontend.go b/endpoints/proxy/frontend.go index f868f0aa..ce5494c5 100644 --- a/endpoints/proxy/frontend.go +++ b/endpoints/proxy/frontend.go @@ -91,7 +91,7 @@ type zitiDialContext struct { } func (zdc *zitiDialContext) Dial(_ context.Context, _ string, addr string) (net.Conn, error) { - conn, err := zdc.ctx.Dial(zdc.shrToken) + conn, err := zdc.ctx.DialWithOptions(zdc.shrToken, &ziti.DialOptions{ConnectTimeout: 30 * time.Second}) if err != nil { return conn, err } diff --git a/endpoints/publicProxy/http.go b/endpoints/publicProxy/http.go index 2cd52eba..f40093d2 100644 --- a/endpoints/publicProxy/http.go +++ b/endpoints/publicProxy/http.go @@ -95,7 +95,7 @@ type zitiDialContext struct { func (c *zitiDialContext) Dial(_ context.Context, _ string, addr string) (net.Conn, error) { shrToken := strings.Split(addr, ":")[0] // ignore :port (we get passed 'host:port') - conn, err := c.ctx.Dial(shrToken) + conn, err := c.ctx.DialWithOptions(shrToken, &ziti.DialOptions{ConnectTimeout: 30 * time.Second}) if err != nil { return conn, err } diff --git a/endpoints/tcpTunnel/frontend.go b/endpoints/tcpTunnel/frontend.go index 662f74fb..8695a20f 100644 --- a/endpoints/tcpTunnel/frontend.go +++ b/endpoints/tcpTunnel/frontend.go @@ -69,7 +69,7 @@ func (f *Frontend) Run() error { } func (f *Frontend) accept(conn net.Conn) { - if zConn, err := f.zCtx.Dial(f.cfg.ShrToken); err == nil { + if zConn, err := f.zCtx.DialWithOptions(f.cfg.ShrToken, &ziti.DialOptions{ConnectTimeout: 30 * time.Second}); err == nil { go endpoints.TXer(conn, zConn) go endpoints.TXer(zConn, conn) if f.cfg.RequestsChan != nil { diff --git a/endpoints/udpTunnel/frontend.go b/endpoints/udpTunnel/frontend.go index aa44d098..9df61b64 100644 --- a/endpoints/udpTunnel/frontend.go +++ b/endpoints/udpTunnel/frontend.go @@ -148,7 +148,7 @@ func (f *Frontend) Run() error { _ = clt.zitiConn.Close() } } else { - zitiConn, err := f.zCtx.Dial(f.cfg.ShrToken) + zitiConn, err := f.zCtx.DialWithOptions(f.cfg.ShrToken, &ziti.DialOptions{ConnectTimeout: 30 * time.Second}) if err != nil { logrus.Errorf("error dialing '%v': %v", f.cfg.ShrToken, err) continue diff --git a/endpoints/vpn/frontend.go b/endpoints/vpn/frontend.go index cab11df2..3ad26436 100644 --- a/endpoints/vpn/frontend.go +++ b/endpoints/vpn/frontend.go @@ -45,7 +45,7 @@ func NewFrontend(cfg *FrontendConfig) (*Frontend, error) { return nil, errors.Wrap(err, "error loading ziti context") } - zConn, err := zCtx.Dial(cfg.ShrToken) + zConn, err := zCtx.DialWithOptions(cfg.ShrToken, &ziti.DialOptions{ConnectTimeout: 30 * time.Second}) if err != nil { zCtx.Close() return nil, errors.Wrap(err, "error connecting to ziti") diff --git a/sdk/golang/sdk/dialer.go b/sdk/golang/sdk/dialer.go index 2283ea6c..b0e2f9e1 100644 --- a/sdk/golang/sdk/dialer.go +++ b/sdk/golang/sdk/dialer.go @@ -5,6 +5,7 @@ import ( "github.com/openziti/sdk-golang/ziti/edge" "github.com/openziti/zrok/environment/env_core" "github.com/pkg/errors" + "time" ) func NewDialer(shrToken string, root env_core.Root) (edge.Conn, error) { @@ -23,7 +24,7 @@ func NewDialer(shrToken string, root env_core.Root) (edge.Conn, error) { return nil, errors.Wrap(err, "error getting ziti context") } - conn, err := zctx.Dial(shrToken) + conn, err := zctx.DialWithOptions(shrToken, &ziti.DialOptions{ConnectTimeout: 30 * time.Second}) if err != nil { return nil, errors.Wrapf(err, "error dialing '%v'", shrToken) }