getting a basic tunnel backend plumbed up (#170)

2024-11-21 23:53:19 +01:00 · 2023-04-14 14:55:49 -04:00 · 2023-04-14 14:55:49 -04:00 · fd741353d7
commit fd741353d7
parent 3ec7e4253c
6 changed files with 94 additions and 11 deletions
--- a/cmd/zrok/sharePrivate.go
+++ b/cmd/zrok/sharePrivate.go
@ -7,6 +7,7 @@ import (
 	httptransport "github.com/go-openapi/runtime/client"
 	"github.com/openziti/zrok/endpoints"
 	"github.com/openziti/zrok/endpoints/proxyBackend"
+	"github.com/openziti/zrok/endpoints/tunnelBackend"
 	"github.com/openziti/zrok/endpoints/webBackend"
 	"github.com/openziti/zrok/model"
 	"github.com/openziti/zrok/rest_client_zrok"
@ -43,7 +44,7 @@ func newSharePrivateCommand() *sharePrivateCommand {
 	}
 	command := &sharePrivateCommand{cmd: cmd}
 	cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (<username:password>,...")
-	cmd.Flags().StringVar(&command.backendMode, "backend-mode", "proxy", "The backend mode {proxy, web}")
+	cmd.Flags().StringVar(&command.backendMode, "backend-mode", "proxy", "The backend mode {proxy, web, tunnel}")
 	cmd.Flags().BoolVar(&command.headless, "headless", false, "Disable TUI and run headless")
 	cmd.Flags().BoolVar(&command.insecure, "insecure", false, "Enable insecure TLS certificate validation for <target>")
 	cmd.Run = command.run
@ -67,8 +68,11 @@ func (cmd *sharePrivateCommand) run(_ *cobra.Command, args []string) {
 	case "web":
 		target = args[0]

+	case "tunnel":
+		target = args[0]
+
 	default:
-		tui.Error(fmt.Sprintf("invalid backend mode '%v'; expected {proxy, web}", cmd.backendMode), nil)
+		tui.Error(fmt.Sprintf("invalid backend mode '%v'; expected {proxy, web, tunnel}", cmd.backendMode), nil)
 	}

 	zrd, err := zrokdir.Load()
@ -99,6 +103,8 @@ func (cmd *sharePrivateCommand) run(_ *cobra.Command, args []string) {
 		panic(err)
 	}

+	logrus.Infof("here")
+
 	auth := httptransport.APIKeyAuth("X-TOKEN", "header", zrd.Env.Token)
 	req := share.NewShareParams()
 	req.Body = &rest_model_zrok.ShareRequest{
@ -169,6 +175,19 @@ func (cmd *sharePrivateCommand) run(_ *cobra.Command, args []string) {
 			panic(err)
 		}

+	case "tunnel":
+		cfg := &tunnelBackend.Config{
+			IdentityPath:    zif,
+			EndpointAddress: target,
+			ShrToken:        resp.Payload.ShrToken,
+		}
+		if err := cmd.tunnelBackendMode(cfg); err != nil {
+			if !panicInstead {
+				tui.Error("unable to create tunnel backend", err)
+			}
+			panic(err)
+		}
+
 	default:
 		tui.Error("invalid backend mode", nil)
 	}
@ -237,6 +256,21 @@ func (cmd *sharePrivateCommand) webBackendMode(cfg *webBackend.Config) (endpoint
 	return be, nil
 }

+func (cmd *sharePrivateCommand) tunnelBackendMode(cfg *tunnelBackend.Config) error {
+	be, err := tunnelBackend.New(cfg)
+	if err != nil {
+		return errors.Wrap(err, "error creating tunnel backend")
+	}
+
+	go func() {
+		if err := be.Run(); err != nil {
+			logrus.Errorf("error running tunnel backend: %v", err)
+		}
+	}()
+
+	return nil
+}
+
 func (cmd *sharePrivateCommand) destroy(id string, shrToken string, zrok *rest_client_zrok.Zrok, auth runtime.ClientAuthInfoWriter) {
 	logrus.Debugf("shutting down '%v'", shrToken)
 	req := share.NewUnshareParams()
--- a/controller/share.go
+++ b/controller/share.go
@ -18,6 +18,8 @@ func newShareHandler() *shareHandler {
 }

 func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zrok.Principal) middleware.Responder {
+	logrus.Info("handling")
+
 	trx, err := str.Begin()
 	if err != nil {
 		logrus.Errorf("error starting transaction: %v", err)
@ -93,6 +95,7 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
 		}

 	case "private":
+		logrus.Info("doing private")
 		shrZId, frontendEndpoints, err = newPrivateResourceAllocator().allocate(envZId, shrToken, params, edge)
 		if err != nil {
 			logrus.Error(err)
--- a/endpoints/tunnelBackend/tunnel.go
+++ b/endpoints/tunnelBackend/tunnel.go
@ -1,6 +1,14 @@
 package tunnelBackend

-import "github.com/openziti/sdk-golang/ziti/edge"
+import (
+	"github.com/openziti/sdk-golang/ziti"
+	"github.com/openziti/sdk-golang/ziti/config"
+	"github.com/openziti/sdk-golang/ziti/edge"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"net"
+	"time"
+)

 type Config struct {
 	IdentityPath    string
@ -13,4 +21,42 @@ type Backend struct {
 	listener edge.Listener
 }

-func New
+func New(cfg *Config) (*Backend, error) {
+	options := ziti.ListenOptions{
+		ConnectTimeout: 5 * time.Minute,
+		MaxConnections: 64,
+	}
+	zcfg, err := config.NewFromFile(cfg.IdentityPath)
+	if err != nil {
+		return nil, errors.Wrap(err, "error loading config")
+	}
+	listener, err := ziti.NewContextWithConfig(zcfg).ListenWithOptions(cfg.ShrToken, &options)
+	if err == nil {
+		return nil, errors.Wrap(err, "error listening")
+	}
+	b := &Backend{
+		cfg:      cfg,
+		listener: listener,
+	}
+	return b, nil
+}
+
+func (b *Backend) Run() error {
+	logrus.Info("started")
+	defer logrus.Info("exited")
+
+	for {
+		if conn, err := b.listener.Accept(); err == nil {
+			go b.handle(conn)
+		} else {
+			return err
+		}
+	}
+}
+
+func (b *Backend) handle(conn net.Conn) {
+	logrus.Infof("handling '%v'", conn.RemoteAddr())
+	if err := conn.Close(); err != nil {
+		logrus.Errorf("error closing: %v", err)
+	}
+}
--- a/rest_model_zrok/share_request.go
+++ b/rest_model_zrok/share_request.go
@ -28,7 +28,7 @@ type ShareRequest struct {
 	AuthUsers []*AuthUser `json:"authUsers"`

 	// backend mode
-	// Enum: [proxy web dav]
+	// Enum: [proxy web tunnel]
 	BackendMode string `json:"backendMode,omitempty"`

 	// backend proxy endpoint
@ -100,7 +100,7 @@ var shareRequestTypeBackendModePropEnum []interface{}

 func init() {
 	var res []string
-	if err := json.Unmarshal([]byte(`["proxy","web","dav"]`), &res); err != nil {
+	if err := json.Unmarshal([]byte(`["proxy","web","tunnel"]`), &res); err != nil {
 		panic(err)
 	}
 	for _, v := range res {
@ -116,8 +116,8 @@ const (
 	// ShareRequestBackendModeWeb captures enum value "web"
 	ShareRequestBackendModeWeb string = "web"

-	// ShareRequestBackendModeDav captures enum value "dav"
-	ShareRequestBackendModeDav string = "dav"
+	// ShareRequestBackendModeTunnel captures enum value "tunnel"
+	ShareRequestBackendModeTunnel string = "tunnel"
 )

 // prop value enum
--- a/rest_server_zrok/embedded_spec.go
+++ b/rest_server_zrok/embedded_spec.go
@ -1167,7 +1167,7 @@ func init() {
          "enum": [
            "proxy",
            "web",
-            "dav"
+            "tunnel"
          ]
        },
        "backendProxyEndpoint": {
@ -2445,7 +2445,7 @@ func init() {
          "enum": [
            "proxy",
            "web",
-            "dav"
+            "tunnel"
          ]
        },
        "backendProxyEndpoint": {
--- a/specs/zrok.yml
+++ b/specs/zrok.yml
@ -771,7 +771,7 @@ definitions:
          type: string
      backendMode:
        type: string
-        enum: ["proxy", "web", "dav"]
+        enum: ["proxy", "web", "tunnel"]
      backendProxyEndpoint:
        type: string
      authScheme: