diff --git a/CHANGELOG.md b/CHANGELOG.md index 628acd157..881899f4f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ * `-k/--client-key` allows a key to be supplied to login (used with `-c/--client-cert`) * Config type changes * address fields in `intercept.v1`, `host.v1`, and `host.v2` config types now permit hostnames with underscores. +* Edge Router/Tunneler now supports setting default UDP idle timeout/check interval ## Event Changes @@ -181,19 +182,40 @@ Example output: } ``` -## Component Updates and Bug Fixes +## ER/T UDP Settings + +The edge router tunneler now allows configuring a timeout and check interval for tproxy UDP intercepts. By default intercepted UDP +connections will be closed after five minutes of no traffic, checking every thirty seconds. The configuration is done in the router +config file, in the options for the tunnel module. Note that these configuration options only apply to tproxy intercepts, not to +proxy or host side UDP connections. + +Example configuration: -* github.com/openziti/channel/v2: [v2.0.58 -> v2.0.64](https://github.com/openziti/channel/compare/v2.0.58...v2.0.64) +```yaml +listeners: + - binding: tunnel + options: + mode: tproxy + udpIdleTimeout: 10s + udpCheckInterval: 5s +``` + +## Component Updates and Bug Fixes +* github.com/openziti/agent: [v1.0.10 -> v1.0.13](https://github.com/openziti/agent/compare/v1.0.10...v1.0.13) +* github.com/openziti/channel/v2: [v2.0.58 -> v2.0.78](https://github.com/openziti/channel/compare/v2.0.58...v2.0.78) * [Issue #98](https://github.com/openziti/channel/issues/98) - Set default connect timeout to 5 seconds -* github.com/openziti/edge: [v0.24.239 -> v0.24.300](https://github.com/openziti/edge/compare/v0.24.239...v0.24.300) +* github.com/openziti/edge: [v0.24.239 -> v0.24.309](https://github.com/openziti/edge/compare/v0.24.239...v0.24.309) + * [Issue #1503](https://github.com/openziti/edge/issues/1503) - Support configurable UDP idle timeout and check interval for tproxy in edge router tunneler * [Issue #1471](https://github.com/openziti/edge/issues/1471) - UDP intercept connections report incorrect local/remote addresses, making confusing events * [Issue #629](https://github.com/openziti/edge/issues/629) - emit entity change events * [Issue #1295](https://github.com/openziti/edge/issues/1295) - Ensure DB migrations work properly in a clustered setup (edge) * [Issue #1418](https://github.com/openziti/edge/issues/1418) - Checks for session edge router availablility are inefficient -* github.com/openziti/edge-api: [v0.25.11 -> v0.25.18](https://github.com/openziti/edge-api/compare/v0.25.11...v0.25.18) -* github.com/openziti/fabric: [v0.22.87 -> v0.23.11](https://github.com/openziti/fabric/compare/v0.22.87...v0.23.11) +* github.com/openziti/edge-api: [v0.25.11 -> v0.25.24](https://github.com/openziti/edge-api/compare/v0.25.11...v0.25.24) +* github.com/openziti/fabric: [v0.22.87 -> v0.23.29](https://github.com/openziti/fabric/compare/v0.22.87...v0.23.29) + * [Issue #724](https://github.com/openziti/fabric/issues/724) - Controller should be notified of forwarding faults on links + * [Issue #725](https://github.com/openziti/fabric/issues/725) - If reroute fails, circuit should be torn down * [Issue #706](https://github.com/openziti/fabric/issues/706) - Fix panic in link close * [Issue #700](https://github.com/openziti/fabric/issues/700) - Additional Health Checks exposed on Edge Router * [Issue #595](https://github.com/openziti/fabric/issues/595) - Add include filtering for V3 usage metrics @@ -203,15 +225,19 @@ Example output: * [Issue #582](https://github.com/openziti/fabric/issues/582) - Ensure DB migrations work properly in a clustered setup (fabric) * [Issue #668](https://github.com/openziti/fabric/issues/668) - Add network.Run watchdog, to warn if processing is delayed -* github.com/openziti/foundation/v2: [v2.0.21 -> v2.0.22](https://github.com/openziti/foundation/compare/v2.0.21...v2.0.22) -* github.com/openziti/identity: [v1.0.45 -> v1.0.48](https://github.com/openziti/identity/compare/v1.0.45...v1.0.48) -* github.com/openziti/runzmd: [v1.0.20 -> v1.0.21](https://github.com/openziti/runzmd/compare/v1.0.20...v1.0.21) -* github.com/openziti/sdk-golang: [v0.18.76 -> v0.20.20](https://github.com/openziti/sdk-golang/compare/v0.18.76...v0.20.20) -* github.com/openziti/storage: [v0.1.49 -> v0.2.2](https://github.com/openziti/storage/compare/v0.1.49...v0.2.2) -* github.com/openziti/transport/v2: [v2.0.72 -> v2.0.77](https://github.com/openziti/transport/compare/v2.0.72...v2.0.77) -* github.com/openziti/metrics: [v1.2.19 -> v1.2.21](https://github.com/openziti/metrics/compare/v1.2.19...v1.2.21) -* github.com/openziti/secretstream: v0.1.7 (new) +* github.com/openziti/foundation/v2: [v2.0.21 -> v2.0.24](https://github.com/openziti/foundation/compare/v2.0.21...v2.0.24) +* github.com/openziti/identity: [v1.0.45 -> v1.0.54](https://github.com/openziti/identity/compare/v1.0.45...v1.0.54) +* github.com/openziti/runzmd: [v1.0.20 -> v1.0.24](https://github.com/openziti/runzmd/compare/v1.0.20...v1.0.24) +* github.com/openziti/sdk-golang: [v0.18.76 -> v0.20.51](https://github.com/openziti/sdk-golang/compare/v0.18.76...v0.20.51) + * [Issue #407](https://github.com/openziti/sdk-golang/issues/407) - Allowing filtering which edge router urls the sdk uses + * [Issue #394](https://github.com/openziti/sdk-golang/issues/394) - SDK does not recover from API session expiration (during app/computer suspend) + +* github.com/openziti/storage: [v0.1.49 -> v0.2.6](https://github.com/openziti/storage/compare/v0.1.49...v0.2.6) +* github.com/openziti/transport/v2: [v2.0.72 -> v2.0.88](https://github.com/openziti/transport/compare/v2.0.72...v2.0.88) +* github.com/openziti/metrics: [v1.2.19 -> v1.2.25](https://github.com/openziti/metrics/compare/v1.2.19...v1.2.25) +* github.com/openziti/secretstream: v0.1.8 (new) * github.com/openziti/ziti: [v0.27.9 -> v0.28.0](https://github.com/openziti/ziti/compare/v0.27.9...v0.28.0) + * [Issue #1112](https://github.com/openziti/ziti/issues/1112) - `ziti pki create` creates CA's and intermediates w/ the same DN * [Issue #1087](https://github.com/openziti/ziti/issues/1087) - re-enable CI in forks * [Issue #1013](https://github.com/openziti/ziti/issues/1013) - docker env password is renewed at each `docker-compose up` * [Issue #1077](https://github.com/openziti/ziti/issues/1077) - Show auth-policy name on identity list instead of id diff --git a/common/enrollment/enroll.go b/common/enrollment/enroll.go index 89a1a7def..1ba66d9f9 100644 --- a/common/enrollment/enroll.go +++ b/common/enrollment/enroll.go @@ -19,6 +19,7 @@ package enrollment import ( "encoding/json" "fmt" + "github.com/openziti/identity/engines" "github.com/openziti/sdk-golang/ziti" "github.com/openziti/ziti/ziti/cmd/common" "io/ioutil" @@ -27,7 +28,6 @@ import ( "github.com/michaelquigley/pfxlog" "github.com/openziti/foundation/v2/term" - "github.com/openziti/identity/certtools" "github.com/openziti/sdk-golang/ziti/enroll" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -117,9 +117,9 @@ func NewEnrollCommand(p common.OptionsProvider) *cobra.Command { enrollSubCmd.Flags().VarP(&action.KeyAlg, "keyAlg", "a", "Crypto algorithm to use when generating private key") var keyDesc = "" - engines := certtools.ListEngines() - if len(engines) > 0 { - keyDesc = fmt.Sprintf("The key to use with the certificate. Optionally specify the engine to use. supported engines: %v", engines) + certEngines := engines.ListEngines() + if len(certEngines) > 0 { + keyDesc = fmt.Sprintf("The key to use with the certificate. Optionally specify the engine to use. supported engines: %v", certEngines) } else { keyDesc = "The key to use with the certificate." } diff --git a/go.mod b/go.mod index a8d48c470..726e1bf45 100644 --- a/go.mod +++ b/go.mod @@ -20,17 +20,17 @@ require ( github.com/gorilla/websocket v1.5.0 github.com/jedib0t/go-pretty/v6 v6.4.0 github.com/michaelquigley/pfxlog v0.6.10 - github.com/openziti/agent v1.0.10 - github.com/openziti/channel/v2 v2.0.76 - github.com/openziti/edge v0.24.300 + github.com/openziti/agent v1.0.13 + github.com/openziti/channel/v2 v2.0.78 + github.com/openziti/edge v0.24.309 github.com/openziti/edge-api v0.25.24 - github.com/openziti/fabric v0.23.26 + github.com/openziti/fabric v0.23.29 github.com/openziti/foundation/v2 v2.0.24 - github.com/openziti/identity v1.0.53 - github.com/openziti/runzmd v1.0.21 - github.com/openziti/sdk-golang v0.20.46 + github.com/openziti/identity v1.0.54 + github.com/openziti/runzmd v1.0.24 + github.com/openziti/sdk-golang v0.20.51 github.com/openziti/storage v0.2.6 - github.com/openziti/transport/v2 v2.0.86 + github.com/openziti/transport/v2 v2.0.88 github.com/openziti/xweb/v2 v2.0.2 github.com/openziti/ziti-db-explorer v1.1.1 github.com/pkg/errors v0.9.1 @@ -73,7 +73,7 @@ require ( github.com/dgryski/dgoogauth v0.0.0-20190221195224-5a805980a5f3 // indirect github.com/dineshappavoo/basex v0.0.0-20170425072625-481a6f6dc663 // indirect github.com/disintegration/imaging v1.6.2 // indirect - github.com/dlclark/regexp2 v1.9.0 // indirect + github.com/dlclark/regexp2 v1.10.0 // indirect github.com/docker/distribution v2.8.2+incompatible // indirect github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-units v0.5.0 // indirect @@ -114,7 +114,7 @@ require ( github.com/josharian/native v1.1.0 // indirect github.com/kataras/go-events v0.0.3 // indirect github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect - github.com/klauspost/compress v1.13.6 // indirect + github.com/klauspost/compress v1.16.5 // indirect github.com/kr/pty v1.1.8 // indirect github.com/kyokomi/emoji/v2 v2.2.12 // indirect github.com/lucasb-eyer/go-colorful v1.2.0 // indirect @@ -123,7 +123,7 @@ require ( github.com/magiconair/properties v1.8.5 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.18 // indirect + github.com/mattn/go-isatty v0.0.19 // indirect github.com/mattn/go-runewidth v0.0.14 // indirect github.com/mattn/go-tty v0.0.3 // indirect github.com/mdlayher/netlink v1.7.2 // indirect @@ -169,13 +169,14 @@ require ( github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect - github.com/yusufpapurcu/wmi v1.2.2 // indirect + github.com/yusufpapurcu/wmi v1.2.3 // indirect go.mongodb.org/mongo-driver v1.11.6 // indirect go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 // indirect - go.opentelemetry.io/otel v1.15.1 // indirect - go.opentelemetry.io/otel/trace v1.15.1 // indirect + go.opentelemetry.io/otel v1.16.0 // indirect + go.opentelemetry.io/otel/metric v1.16.0 // indirect + go.opentelemetry.io/otel/trace v1.16.0 // indirect golang.org/x/crypto v0.9.0 // indirect - golang.org/x/exp v0.0.0-20230510235704-dd950f8aeaea // indirect + golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 // indirect golang.org/x/image v0.7.0 // indirect golang.org/x/mod v0.8.0 // indirect golang.org/x/sync v0.2.0 // indirect diff --git a/go.sum b/go.sum index 2d9158ef9..8a255f275 100644 --- a/go.sum +++ b/go.sum @@ -191,8 +191,8 @@ github.com/disintegration/imaging v1.6.2 h1:w1LecBlG2Lnp8B3jk5zSuNqd7b4DXhcjwek1 github.com/disintegration/imaging v1.6.2/go.mod h1:44/5580QXChDfwIclfc/PCwrr44amcmDAg8hxG0Ewe4= github.com/dlclark/regexp2 v1.1.6/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= -github.com/dlclark/regexp2 v1.9.0 h1:pTK/l/3qYIKaRXuHnEnIf7Y5NxfRPfpb7dis6/gdlVI= -github.com/dlclark/regexp2 v1.9.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= +github.com/dlclark/regexp2 v1.10.0 h1:+/GIL799phkJqYW+3YbOd8LCcbHzT0Pbo8zl70MHsq0= +github.com/dlclark/regexp2 v1.10.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= github.com/dnsimple/dnsimple-go v0.63.0/go.mod h1:O5TJ0/U6r7AfT8niYNlmohpLbCSG+c71tQlGr9SeGrg= github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= @@ -549,8 +549,9 @@ github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvW github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= -github.com/klauspost/compress v1.13.6 h1:P76CopJELS0TiO2mebmnzgWaajssP/EszplttgQxcgc= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= +github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI= +github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/kolo/xmlrpc v0.0.0-20200310150728-e0350524596b/go.mod h1:o03bZfuBwAXHetKXuInt4S7omeXUu62/A845kiycsSQ= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -624,8 +625,8 @@ github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOA github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -github.com/mattn/go-isatty v0.0.18 h1:DOKFKCQ7FNG2L1rbrmstDN4QVRdS89Nkh85u68Uwp98= -github.com/mattn/go-isatty v0.0.18/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= +github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.6/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= @@ -718,36 +719,36 @@ github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+ github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= -github.com/openziti/agent v1.0.10 h1:9oTmNXghlggD+O7BJdBp3PkD5kAZ1ssSC6IHZkMakzQ= -github.com/openziti/agent v1.0.10/go.mod h1:6APWgkPP6Uxf1/VyirdTVLAJxwam2vVyakrVw6yvs40= -github.com/openziti/channel/v2 v2.0.76 h1:/fopm40/Pu1BKXpSggumZ6FexqDEaS0de+UsNCnegbU= -github.com/openziti/channel/v2 v2.0.76/go.mod h1:AG43uiANCWhVwM4BMYPJES9J4KCa3vHg9QPJjHDRqPI= +github.com/openziti/agent v1.0.13 h1:RptJCEANPb904cDqlP7IYfBI+he8EyosimYhG7bp9D0= +github.com/openziti/agent v1.0.13/go.mod h1:CRbwhhnpsoDw0BxZsCRyQUozoRnGzH7+wuQVp1h4qX8= +github.com/openziti/channel/v2 v2.0.78 h1:zY6olGzk0i7RdwnQQYV4J3aJmtuWqpTNUpbCKrghdFA= +github.com/openziti/channel/v2 v2.0.78/go.mod h1:yajD/OlGYESMURbogY+myEUZ49fWERPbIhU6kcDnQHE= github.com/openziti/dilithium v0.3.3 h1:PLgQ6PMNLSTzCFbX/h98cmudgz/cU6TmjdSv5NAPD8k= github.com/openziti/dilithium v0.3.3/go.mod h1:vsCjI2AU/hon9e+dLhUFbCNGesJDj2ASgkySOcpmvjo= -github.com/openziti/edge v0.24.300 h1:5R7kkCNDYpt/Esw8AHAA1dF7VY9ZrIyUx8sszOgLEUE= -github.com/openziti/edge v0.24.300/go.mod h1:h/lSg5SRynDTuLNDOSAFWGdmaIyMRzbPSGA2CElfxA4= +github.com/openziti/edge v0.24.309 h1:EGZZ7GqI6/2y8zoNc0Tb11DpHtDG3YTNMUChulFTDL4= +github.com/openziti/edge v0.24.309/go.mod h1:UDlCvgpuzQ6FFugSK0Sim7214c1O+7ahiOX5tvhJaP4= github.com/openziti/edge-api v0.25.24 h1:XrF3AtF9mnJXgG7rSV2M50Dj/EKUkBUaDdb9/n2TDHI= github.com/openziti/edge-api v0.25.24/go.mod h1:rmEkj8jAkBTUhhgE/GFXije6bpFbd2P9TzdxTqZlXI8= -github.com/openziti/fabric v0.23.26 h1:wEPNh8m3qcq9sw1Zmg5YgFZw1FovsKGu53rRf8qzI7A= -github.com/openziti/fabric v0.23.26/go.mod h1:0MtkZqIHs3cJPP4DB88xsWUemDm77nN/GvWBBfq7peo= +github.com/openziti/fabric v0.23.29 h1:FbAeUhfkNGYPNCYo3BFzRByvMTKhscxJEQxYU0BJJdA= +github.com/openziti/fabric v0.23.29/go.mod h1:/M8URo+qloi39qG0QWvXTgtpiPPneNYOjR+VvywS0cw= github.com/openziti/foundation/v2 v2.0.24 h1:cNJCbh4o9E+7mtSUDo7ZBuMoPjJAilDWgr7X8ntRz/Q= github.com/openziti/foundation/v2 v2.0.24/go.mod h1:H0w/ldKyE0ynwpIwt68k2rhMwt874IVxPQcimMuHJ3s= -github.com/openziti/identity v1.0.53 h1:w28wBcuiT8RlLjfcVgcqz0povQgfibj7zwS6OeLGSpI= -github.com/openziti/identity v1.0.53/go.mod h1:ZhMiSF9okmA781kFl0m4BkeyAmf3XA20h1Dh1oz480I= +github.com/openziti/identity v1.0.54 h1:1O/i3hnm5oCuHlOXesx4+aC2bXeTGoT+Rg1l2xZF14Y= +github.com/openziti/identity v1.0.54/go.mod h1:ZhMiSF9okmA781kFl0m4BkeyAmf3XA20h1Dh1oz480I= github.com/openziti/jwks v1.0.3 h1:hf8wkb+Cg4nH/HM0KROFd7u+C3DkRVcFZJ7tDV+4icc= github.com/openziti/jwks v1.0.3/go.mod h1:t4xxq8vlXGsPn29kiQVnZBBDDnEoOFqtJoHibkJunQQ= github.com/openziti/metrics v1.2.25 h1:acD/J/DcWgfbhmKS/s3HDvpt/1WS3QBZPeeGBZHbj94= github.com/openziti/metrics v1.2.25/go.mod h1:s2r1FS+wUdJ3LXp1qJK6777iQ8gPWXE2HFfDsiJo1/Y= -github.com/openziti/runzmd v1.0.21 h1:kdrXaWbQrXlsvCCQKI/MoYoFDmgR9D79aqayQ6Ku5U0= -github.com/openziti/runzmd v1.0.21/go.mod h1:tdNzEYSzMYw1ZEQ2drMdqNUUDdApcE/KZDQGkl1yGFU= -github.com/openziti/sdk-golang v0.20.46 h1:BKKSpMjmWGg7Ei9w1GSUWiDQjVY3EmsvgP/eSNLu5Zo= -github.com/openziti/sdk-golang v0.20.46/go.mod h1:haDZM4tr6FWN2+Klht8vpGIMiFvEoClIaXvCcq97ehM= +github.com/openziti/runzmd v1.0.24 h1:jSwfqpA6SLCtpDUzdQl92gECc08itE8eFeHYdaJu4tY= +github.com/openziti/runzmd v1.0.24/go.mod h1:NX3EPWMDZPIPNUztDOkLrV6akqdC/P/X0UUeAL63V58= +github.com/openziti/sdk-golang v0.20.51 h1:oVqo9kyh8OKtAAX4yrJIJa5nn6qZDvpfUqOlBPnqb14= +github.com/openziti/sdk-golang v0.20.51/go.mod h1:Ecgf8vgPSLOP7EgQgb3juv2UwsKbu37G1NHSqioTUCs= github.com/openziti/secretstream v0.1.8 h1:AgPHLDuXTiM1apHQmBvwvSW1vbQqAm7wUJDHqkQ/6Nk= github.com/openziti/secretstream v0.1.8/go.mod h1:qcF8EmSX5SAT8k2pzsDI4bWugopv9AA+ltgWDrcAAEw= github.com/openziti/storage v0.2.6 h1:/pbIRzDwrczMWRVkN75PfwAXFbArplIqhpRsUrsUOBc= github.com/openziti/storage v0.2.6/go.mod h1:JnjCofrnPcajwn6VIB2CgI7pVVUFBL7evbezIsQ4AgA= -github.com/openziti/transport/v2 v2.0.86 h1:IU53/XCpEUES7TabMrWrYPHsiDD5AzBxeSZk3nO1SI8= -github.com/openziti/transport/v2 v2.0.86/go.mod h1:ausyIxIQ4u+XeezXLo/nqJYQxO1AEf0APDrW0G1Hp6c= +github.com/openziti/transport/v2 v2.0.88 h1:K2kIrDInbjFqXvzPg+EkyYZkUiy8rEkBnYRKshELuho= +github.com/openziti/transport/v2 v2.0.88/go.mod h1:1eh1lpeIvB3KgyEC+OykpLa8Dj2AUC5921iOd2ovkwE= github.com/openziti/x509-claims v1.0.3 h1:HNdQ8Nf1agB3lBs1gahcO6zfkeS4S5xoQ2/PkY4HRX0= github.com/openziti/x509-claims v1.0.3/go.mod h1:Z0WIpBm6c4ecrpRKrou6Gk2wrLWxJO/+tuUwKh8VewE= github.com/openziti/xweb/v2 v2.0.2 h1:XYlVFriTq/U1wcUrc+XPnWJGhXh9NJPhtQ7+r3aC0cU= @@ -982,8 +983,9 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/yusufpapurcu/wmi v1.2.2 h1:KBNDSne4vP5mbSWnJbO+51IMOXJB67QiYCSBrubbPRg= github.com/yusufpapurcu/wmi v1.2.2/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0= +github.com/yusufpapurcu/wmi v1.2.3 h1:E1ctvB7uKFMOJw3fdOW32DwGE9I7t++CRUEMKvFoFiw= +github.com/yusufpapurcu/wmi v1.2.3/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ= go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= @@ -1007,11 +1009,13 @@ go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= -go.opentelemetry.io/otel v1.15.1 h1:3Iwq3lfRByPaws0f6bU3naAqOR1n5IeDWd9390kWHa8= -go.opentelemetry.io/otel v1.15.1/go.mod h1:mHHGEHVDLal6YrKMmk9LqC4a3sF5g+fHfrttQIB1NTc= +go.opentelemetry.io/otel v1.16.0 h1:Z7GVAX/UkAXPKsy94IU+i6thsQS4nb7LviLpnaNeW8s= +go.opentelemetry.io/otel v1.16.0/go.mod h1:vl0h9NUa1D5s1nv3A5vZOYWn8av4K8Ml6JDeHrT/bx4= +go.opentelemetry.io/otel/metric v1.16.0 h1:RbrpwVG1Hfv85LgnZ7+txXioPDoh6EdbZHo26Q3hqOo= +go.opentelemetry.io/otel/metric v1.16.0/go.mod h1:QE47cpOmkwipPiefDwo2wDzwJrlfxxNYodqc4xnGCo4= go.opentelemetry.io/otel/sdk v1.14.0 h1:PDCppFRDq8A1jL9v6KMI6dYesaq+DFcDZvjsoGvxGzY= -go.opentelemetry.io/otel/trace v1.15.1 h1:uXLo6iHJEzDfrNC0L0mNjItIp06SyaBQxu5t3xMlngY= -go.opentelemetry.io/otel/trace v1.15.1/go.mod h1:IWdQG/5N1x7f6YUlmdLeJvH9yxtuJAfc4VW5Agv9r/8= +go.opentelemetry.io/otel/trace v1.16.0 h1:8JRpaObFoW0pxuVPapkgH8UhHQj+bJW8jJsCZEu5MQs= +go.opentelemetry.io/otel/trace v1.16.0/go.mod h1:Yt9vYq1SdNz3xdjZZK7wcXv1qv2pwLkqr2QVwea0ef0= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= @@ -1062,8 +1066,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20230510235704-dd950f8aeaea h1:vLCWI/yYrdEHyN2JzIzPO3aaQJHQdp89IZBA/+azVC4= -golang.org/x/exp v0.0.0-20230510235704-dd950f8aeaea/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= +golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc= +golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/image v0.0.0-20191009234506-e7c1f5e7dbb8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= diff --git a/ziti/cmd/agentcli/agent.go b/ziti/cmd/agentcli/agent.go index e9ec360b5..b18291a57 100644 --- a/ziti/cmd/agentcli/agent.go +++ b/ziti/cmd/agentcli/agent.go @@ -91,6 +91,7 @@ func NewAgentCmd(p common.OptionsProvider) *cobra.Command { agentCmd.AddCommand(routerCmd) routerCmd.AddCommand(NewRouteCmd(p)) + routerCmd.AddCommand(NewUnrouteCmd(p)) routerCmd.AddCommand(NewSimpleAgentCustomCmd("dump-api-sessions", AgentAppRouter, debugops.DumpApiSessions, p)) routerCmd.AddCommand(NewSimpleChAgentCustomCmd("dump-routes", AgentAppRouter, int32(mgmt_pb.ContentType_RouterDebugDumpForwarderTablesRequestType), p)) routerCmd.AddCommand(NewSimpleChAgentCustomCmd("dump-links", AgentAppRouter, int32(mgmt_pb.ContentType_RouterDebugDumpLinksRequestType), p)) diff --git a/ziti/cmd/agentcli/agent_router_add_route.go b/ziti/cmd/agentcli/agent_router_add_route.go index 71e338ed5..d88bcc11f 100644 --- a/ziti/cmd/agentcli/agent_router_add_route.go +++ b/ziti/cmd/agentcli/agent_router_add_route.go @@ -39,7 +39,7 @@ func NewRouteCmd(p common.OptionsProvider) *cobra.Command { } cmd := &cobra.Command{ - Args: cobra.RangeArgs(3, 4), + Args: cobra.ExactArgs(4), Use: "route ", RunE: func(cmd *cobra.Command, args []string) error { action.Cmd = cmd diff --git a/ziti/cmd/agentcli/agent_router_unroute.go b/ziti/cmd/agentcli/agent_router_unroute.go new file mode 100644 index 000000000..777ec5b3b --- /dev/null +++ b/ziti/cmd/agentcli/agent_router_unroute.go @@ -0,0 +1,88 @@ +/* + Copyright NetFoundry Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package agentcli + +import ( + "fmt" + "github.com/openziti/channel/v2" + "github.com/openziti/fabric/pb/ctrl_pb" + "github.com/openziti/fabric/pb/mgmt_pb" + "github.com/openziti/fabric/router" + "github.com/openziti/ziti/ziti/cmd/common" + "github.com/spf13/cobra" + "google.golang.org/protobuf/proto" +) + +type AgentUnrouteAction struct { + AgentOptions +} + +func NewUnrouteCmd(p common.OptionsProvider) *cobra.Command { + action := &AgentUnrouteAction{ + AgentOptions: AgentOptions{ + CommonOptions: p(), + }, + } + + cmd := &cobra.Command{ + Args: cobra.ExactArgs(1), + Use: "unroute ", + RunE: func(cmd *cobra.Command, args []string) error { + action.Cmd = cmd + action.Args = args + return action.MakeChannelRequest(router.AgentAppId, action.makeRequest) + }, + } + + action.AddAgentOptions(cmd) + + return cmd +} + +func (self *AgentUnrouteAction) makeRequest(ch channel.Channel) error { + route := &ctrl_pb.Unroute{ + CircuitId: self.Args[0], + Now: true, + } + + buf, err := proto.Marshal(route) + if err != nil { + return err + } + + msg := channel.NewMessage(int32(mgmt_pb.ContentType_RouterDebugUnrouteRequestType), buf) + reply, err := msg.WithTimeout(self.timeout).SendForReply(ch) + if err != nil { + return err + } + + if reply.ContentType == channel.ContentTypeResultType { + result := channel.UnmarshalResult(reply) + if result.Success { + if len(result.Message) > 0 { + fmt.Printf("success: %v\n", result.Message) + } else { + fmt.Println("success") + } + } else { + fmt.Printf("error: %v\n", result.Message) + } + } else { + fmt.Printf("unexpected response type %v\n", reply.ContentType) + } + return nil +} diff --git a/ziti/cmd/demo/zcat.go b/ziti/cmd/demo/zcat.go index 2711a14a5..3635cbc66 100644 --- a/ziti/cmd/demo/zcat.go +++ b/ziti/cmd/demo/zcat.go @@ -107,9 +107,8 @@ func (self *zcatAction) run(_ *cobra.Command, args []string) { addr = addr[atIdx+1:] } - zitiContext, err := ziti.NewContext(zitiConfig) - - if err != nil { + zitiContext, ctxErr := ziti.NewContext(zitiConfig) + if ctxErr != nil { pfxlog.Logger().WithError(err).Fatal("could not create sdk context from config") } diff --git a/ziti/tunnel/root.go b/ziti/tunnel/root.go index 9716915d5..4f7d51b3b 100644 --- a/ziti/tunnel/root.go +++ b/ziti/tunnel/root.go @@ -23,6 +23,7 @@ import ( "github.com/openziti/ziti/ziti/util" "os" "path/filepath" + "strings" "time" "github.com/michaelquigley/pfxlog" @@ -188,6 +189,9 @@ func startIdentity(cmd *cobra.Command, serviceListenerGroup *intercept.ServiceLi serviceListener.HandleProviderReady(tunnel.NewContextProvider(ctx)) }, OnServiceUpdate: serviceListener.HandleServicesChange, + EdgeRouterUrlFilter: func(url string) bool { + return strings.HasPrefix(url, "tls:") + }, } rootPrivateContext, err := ziti.NewContextWithOpts(zitiCfg, options) diff --git a/ziti/tunnel/run.go b/ziti/tunnel/run.go index 55a2841b7..2f544015a 100644 --- a/ziti/tunnel/run.go +++ b/ziti/tunnel/run.go @@ -50,7 +50,7 @@ func run(cmd *cobra.Command, args []string) { _ = cmd.Flag("identity").Value.Set(args[0]) } - tProxyInterceptor, err = tproxy.New("") + tProxyInterceptor, err = tproxy.New(tproxy.Config{}) if err != nil { log.Infof("tproxy initialization failed: %v", err) } else { diff --git a/ziti/tunnel/tproxy.go b/ziti/tunnel/tproxy.go index 0b6994df1..05842777d 100644 --- a/ziti/tunnel/tproxy.go +++ b/ziti/tunnel/tproxy.go @@ -48,7 +48,7 @@ func runTProxy(cmd *cobra.Command, _ []string) error { return err } - interceptor, err = tproxy.New(lanIf) + interceptor, err = tproxy.New(tproxy.Config{LanIf: lanIf}) if err != nil { return fmt.Errorf("failed to initialize tproxy interceptor: %v", err) }