Merge pull request #1125 from openziti/tunnel-api-update

Update for tunnel api change. Add agent unroute command.
openziti · May 26, 2023 · a634f46 · a634f46
2 parents 92e0e6b + 147d0b9
commit a634f46
Show file tree

Hide file tree

Showing 11 changed files with 189 additions and 66 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -16,6 +16,7 @@
   * `-k/--client-key` allows a key to be supplied to login (used with `-c/--client-cert`)
 * Config type changes
   * address fields in `intercept.v1`, `host.v1`, and `host.v2` config types now permit hostnames with underscores.
+* Edge Router/Tunneler now supports setting default UDP idle timeout/check interval
 
 ## Event Changes
 
@@ -181,19 +182,40 @@ Example output:
 }
 ```
 
-## Component Updates and Bug Fixes
+## ER/T UDP Settings
+
+The edge router tunneler now allows configuring a timeout and check interval for tproxy UDP intercepts. By default intercepted UDP 
+connections will be closed after five minutes of no traffic, checking every thirty seconds. The configuration is done in the router 
+config file, in the options for the tunnel module. Note that these configuration options only apply to tproxy intercepts, not to
+proxy or host side UDP connections.
+
+Example configuration:
 
-* github.com/openziti/channel/v2: [v2.0.58 -> v2.0.64](https://github.com/openziti/channel/compare/v2.0.58...v2.0.64)
+```yaml
+listeners:
+  - binding: tunnel
+    options:
+      mode: tproxy
+      udpIdleTimeout: 10s
+      udpCheckInterval: 5s
+```
+
+## Component Updates and Bug Fixes
+* github.com/openziti/agent: [v1.0.10 -> v1.0.13](https://github.com/openziti/agent/compare/v1.0.10...v1.0.13)
+* github.com/openziti/channel/v2: [v2.0.58 -> v2.0.78](https://github.com/openziti/channel/compare/v2.0.58...v2.0.78)
     * [Issue #98](https://github.com/openziti/channel/issues/98) - Set default connect timeout to 5 seconds
 
-* github.com/openziti/edge: [v0.24.239 -> v0.24.300](https://github.com/openziti/edge/compare/v0.24.239...v0.24.300)
+* github.com/openziti/edge: [v0.24.239 -> v0.24.309](https://github.com/openziti/edge/compare/v0.24.239...v0.24.309)
+    * [Issue #1503](https://github.com/openziti/edge/issues/1503) - Support configurable UDP idle timeout and check interval for tproxy in edge router tunneler
     * [Issue #1471](https://github.com/openziti/edge/issues/1471) - UDP intercept connections report incorrect local/remote addresses, making confusing events
     * [Issue #629](https://github.com/openziti/edge/issues/629) - emit entity change events
     * [Issue #1295](https://github.com/openziti/edge/issues/1295) - Ensure DB migrations work properly in a clustered setup (edge)
     * [Issue #1418](https://github.com/openziti/edge/issues/1418) - Checks for session edge router availablility are inefficient
 
-* github.com/openziti/edge-api: [v0.25.11 -> v0.25.18](https://github.com/openziti/edge-api/compare/v0.25.11...v0.25.18)
-* github.com/openziti/fabric: [v0.22.87 -> v0.23.11](https://github.com/openziti/fabric/compare/v0.22.87...v0.23.11)
+* github.com/openziti/edge-api: [v0.25.11 -> v0.25.24](https://github.com/openziti/edge-api/compare/v0.25.11...v0.25.24)
+* github.com/openziti/fabric: [v0.22.87 -> v0.23.29](https://github.com/openziti/fabric/compare/v0.22.87...v0.23.29)
+    * [Issue #724](https://github.com/openziti/fabric/issues/724) - Controller should be notified of forwarding faults on links 
+    * [Issue #725](https://github.com/openziti/fabric/issues/725) - If reroute fails, circuit should be torn down
     * [Issue #706](https://github.com/openziti/fabric/issues/706) - Fix panic in link close 
     * [Issue #700](https://github.com/openziti/fabric/issues/700) - Additional Health Checks exposed on Edge Router
     * [Issue #595](https://github.com/openziti/fabric/issues/595) - Add include filtering for V3 usage metrics 
@@ -203,15 +225,19 @@ Example output:
     * [Issue #582](https://github.com/openziti/fabric/issues/582) - Ensure DB migrations work properly in a clustered setup (fabric)
     * [Issue #668](https://github.com/openziti/fabric/issues/668) - Add network.Run watchdog, to warn if processing is delayed
 
-* github.com/openziti/foundation/v2: [v2.0.21 -> v2.0.22](https://github.com/openziti/foundation/compare/v2.0.21...v2.0.22)
-* github.com/openziti/identity: [v1.0.45 -> v1.0.48](https://github.com/openziti/identity/compare/v1.0.45...v1.0.48)
-* github.com/openziti/runzmd: [v1.0.20 -> v1.0.21](https://github.com/openziti/runzmd/compare/v1.0.20...v1.0.21)
-* github.com/openziti/sdk-golang: [v0.18.76 -> v0.20.20](https://github.com/openziti/sdk-golang/compare/v0.18.76...v0.20.20)
-* github.com/openziti/storage: [v0.1.49 -> v0.2.2](https://github.com/openziti/storage/compare/v0.1.49...v0.2.2)
-* github.com/openziti/transport/v2: [v2.0.72 -> v2.0.77](https://github.com/openziti/transport/compare/v2.0.72...v2.0.77)
-* github.com/openziti/metrics: [v1.2.19 -> v1.2.21](https://github.com/openziti/metrics/compare/v1.2.19...v1.2.21)
-* github.com/openziti/secretstream: v0.1.7 (new)
+* github.com/openziti/foundation/v2: [v2.0.21 -> v2.0.24](https://github.com/openziti/foundation/compare/v2.0.21...v2.0.24)
+* github.com/openziti/identity: [v1.0.45 -> v1.0.54](https://github.com/openziti/identity/compare/v1.0.45...v1.0.54)
+* github.com/openziti/runzmd: [v1.0.20 -> v1.0.24](https://github.com/openziti/runzmd/compare/v1.0.20...v1.0.24)
+* github.com/openziti/sdk-golang: [v0.18.76 -> v0.20.51](https://github.com/openziti/sdk-golang/compare/v0.18.76...v0.20.51)
+    * [Issue #407](https://github.com/openziti/sdk-golang/issues/407) - Allowing filtering which edge router urls the sdk uses 
+    * [Issue #394](https://github.com/openziti/sdk-golang/issues/394) - SDK does not recover from API session expiration (during app/computer suspend)
+
+* github.com/openziti/storage: [v0.1.49 -> v0.2.6](https://github.com/openziti/storage/compare/v0.1.49...v0.2.6)
+* github.com/openziti/transport/v2: [v2.0.72 -> v2.0.88](https://github.com/openziti/transport/compare/v2.0.72...v2.0.88)
+* github.com/openziti/metrics: [v1.2.19 -> v1.2.25](https://github.com/openziti/metrics/compare/v1.2.19...v1.2.25)
+* github.com/openziti/secretstream: v0.1.8 (new)
 * github.com/openziti/ziti: [v0.27.9 -> v0.28.0](https://github.com/openziti/ziti/compare/v0.27.9...v0.28.0)
+    * [Issue #1112](https://github.com/openziti/ziti/issues/1112) - `ziti pki create` creates CA's and intermediates w/ the same DN
     * [Issue #1087](https://github.com/openziti/ziti/issues/1087) - re-enable CI in forks
     * [Issue #1013](https://github.com/openziti/ziti/issues/1013) - docker env password is renewed at each `docker-compose up`
     * [Issue #1077](https://github.com/openziti/ziti/issues/1077) - Show auth-policy name on identity list instead of id

diff --git a/common/enrollment/enroll.go b/common/enrollment/enroll.go
@@ -19,6 +19,7 @@ package enrollment
 import (
 	"encoding/json"
 	"fmt"
+	"github.com/openziti/identity/engines"
 	"github.com/openziti/sdk-golang/ziti"
 	"github.com/openziti/ziti/ziti/cmd/common"
 	"io/ioutil"
@@ -27,7 +28,6 @@ import (
 
 	"github.com/michaelquigley/pfxlog"
 	"github.com/openziti/foundation/v2/term"
-	"github.com/openziti/identity/certtools"
 	"github.com/openziti/sdk-golang/ziti/enroll"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -117,9 +117,9 @@ func NewEnrollCommand(p common.OptionsProvider) *cobra.Command {
 	enrollSubCmd.Flags().VarP(&action.KeyAlg, "keyAlg", "a", "Crypto algorithm to use when generating private key")
 
 	var keyDesc = ""
-	engines := certtools.ListEngines()
-	if len(engines) > 0 {
-		keyDesc = fmt.Sprintf("The key to use with the certificate. Optionally specify the engine to use. supported engines: %v", engines)
+	certEngines := engines.ListEngines()
+	if len(certEngines) > 0 {
+		keyDesc = fmt.Sprintf("The key to use with the certificate. Optionally specify the engine to use. supported engines: %v", certEngines)
 	} else {
 		keyDesc = "The key to use with the certificate."
 	}

diff --git a/go.mod b/go.mod
@@ -20,17 +20,17 @@ require (
 	github.com/gorilla/websocket v1.5.0
 	github.com/jedib0t/go-pretty/v6 v6.4.0
 	github.com/michaelquigley/pfxlog v0.6.10
-	github.com/openziti/agent v1.0.10
-	github.com/openziti/channel/v2 v2.0.76
-	github.com/openziti/edge v0.24.300
+	github.com/openziti/agent v1.0.13
+	github.com/openziti/channel/v2 v2.0.78
+	github.com/openziti/edge v0.24.309
 	github.com/openziti/edge-api v0.25.24
-	github.com/openziti/fabric v0.23.26
+	github.com/openziti/fabric v0.23.29
 	github.com/openziti/foundation/v2 v2.0.24
-	github.com/openziti/identity v1.0.53
-	github.com/openziti/runzmd v1.0.21
-	github.com/openziti/sdk-golang v0.20.46
+	github.com/openziti/identity v1.0.54
+	github.com/openziti/runzmd v1.0.24
+	github.com/openziti/sdk-golang v0.20.51
 	github.com/openziti/storage v0.2.6
-	github.com/openziti/transport/v2 v2.0.86
+	github.com/openziti/transport/v2 v2.0.88
 	github.com/openziti/xweb/v2 v2.0.2
 	github.com/openziti/ziti-db-explorer v1.1.1
 	github.com/pkg/errors v0.9.1
@@ -73,7 +73,7 @@ require (
 	github.com/dgryski/dgoogauth v0.0.0-20190221195224-5a805980a5f3 // indirect
 	github.com/dineshappavoo/basex v0.0.0-20170425072625-481a6f6dc663 // indirect
 	github.com/disintegration/imaging v1.6.2 // indirect
-	github.com/dlclark/regexp2 v1.9.0 // indirect
+	github.com/dlclark/regexp2 v1.10.0 // indirect
 	github.com/docker/distribution v2.8.2+incompatible // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
@@ -114,7 +114,7 @@ require (
 	github.com/josharian/native v1.1.0 // indirect
 	github.com/kataras/go-events v0.0.3 // indirect
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
-	github.com/klauspost/compress v1.13.6 // indirect
+	github.com/klauspost/compress v1.16.5 // indirect
 	github.com/kr/pty v1.1.8 // indirect
 	github.com/kyokomi/emoji/v2 v2.2.12 // indirect
 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
@@ -123,7 +123,7 @@ require (
 	github.com/magiconair/properties v1.8.5 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.18 // indirect
+	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/mattn/go-runewidth v0.0.14 // indirect
 	github.com/mattn/go-tty v0.0.3 // indirect
 	github.com/mdlayher/netlink v1.7.2 // indirect
@@ -169,13 +169,14 @@ require (
 	github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
-	github.com/yusufpapurcu/wmi v1.2.2 // indirect
+	github.com/yusufpapurcu/wmi v1.2.3 // indirect
 	go.mongodb.org/mongo-driver v1.11.6 // indirect
 	go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 // indirect
-	go.opentelemetry.io/otel v1.15.1 // indirect
-	go.opentelemetry.io/otel/trace v1.15.1 // indirect
+	go.opentelemetry.io/otel v1.16.0 // indirect
+	go.opentelemetry.io/otel/metric v1.16.0 // indirect
+	go.opentelemetry.io/otel/trace v1.16.0 // indirect
 	golang.org/x/crypto v0.9.0 // indirect
-	golang.org/x/exp v0.0.0-20230510235704-dd950f8aeaea // indirect
+	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 // indirect
 	golang.org/x/image v0.7.0 // indirect
 	golang.org/x/mod v0.8.0 // indirect
 	golang.org/x/sync v0.2.0 // indirect