From 2a1e39e1e6874f9f00c045ee4f0458632d454c65 Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Fri, 18 Oct 2024 11:36:13 -0400 Subject: [PATCH 1/4] Dial(shr) -> DialWithOptions(shr, ...) (#772) --- cmd/zrok/testWebsocket.go | 2 +- endpoints/proxy/frontend.go | 2 +- endpoints/publicProxy/http.go | 2 +- endpoints/tcpTunnel/frontend.go | 2 +- endpoints/udpTunnel/frontend.go | 2 +- endpoints/vpn/frontend.go | 2 +- sdk/golang/sdk/dialer.go | 3 ++- 7 files changed, 8 insertions(+), 7 deletions(-) diff --git a/cmd/zrok/testWebsocket.go b/cmd/zrok/testWebsocket.go index 57789e95f..0dd3e6b53 100644 --- a/cmd/zrok/testWebsocket.go +++ b/cmd/zrok/testWebsocket.go @@ -76,7 +76,7 @@ func (cmd *testWebsocketCommand) run(_ *cobra.Command, args []string) { } dial := func(_ context.Context, _, addr string) (net.Conn, error) { service := strings.Split(addr, ":")[0] - return zitiContext.Dial(service) + return zitiContext.DialWithOptions(service, &ziti.DialOptions{ConnectTimeout: 30 * time.Second}) } zitiTransport := http.DefaultTransport.(*http.Transport).Clone() diff --git a/endpoints/proxy/frontend.go b/endpoints/proxy/frontend.go index f868f0aa5..ce5494c54 100644 --- a/endpoints/proxy/frontend.go +++ b/endpoints/proxy/frontend.go @@ -91,7 +91,7 @@ type zitiDialContext struct { } func (zdc *zitiDialContext) Dial(_ context.Context, _ string, addr string) (net.Conn, error) { - conn, err := zdc.ctx.Dial(zdc.shrToken) + conn, err := zdc.ctx.DialWithOptions(zdc.shrToken, &ziti.DialOptions{ConnectTimeout: 30 * time.Second}) if err != nil { return conn, err } diff --git a/endpoints/publicProxy/http.go b/endpoints/publicProxy/http.go index 2cd52ebad..f40093d28 100644 --- a/endpoints/publicProxy/http.go +++ b/endpoints/publicProxy/http.go @@ -95,7 +95,7 @@ type zitiDialContext struct { func (c *zitiDialContext) Dial(_ context.Context, _ string, addr string) (net.Conn, error) { shrToken := strings.Split(addr, ":")[0] // ignore :port (we get passed 'host:port') - conn, err := c.ctx.Dial(shrToken) + conn, err := c.ctx.DialWithOptions(shrToken, &ziti.DialOptions{ConnectTimeout: 30 * time.Second}) if err != nil { return conn, err } diff --git a/endpoints/tcpTunnel/frontend.go b/endpoints/tcpTunnel/frontend.go index 662f74fb8..8695a20f6 100644 --- a/endpoints/tcpTunnel/frontend.go +++ b/endpoints/tcpTunnel/frontend.go @@ -69,7 +69,7 @@ func (f *Frontend) Run() error { } func (f *Frontend) accept(conn net.Conn) { - if zConn, err := f.zCtx.Dial(f.cfg.ShrToken); err == nil { + if zConn, err := f.zCtx.DialWithOptions(f.cfg.ShrToken, &ziti.DialOptions{ConnectTimeout: 30 * time.Second}); err == nil { go endpoints.TXer(conn, zConn) go endpoints.TXer(zConn, conn) if f.cfg.RequestsChan != nil { diff --git a/endpoints/udpTunnel/frontend.go b/endpoints/udpTunnel/frontend.go index aa44d0980..9df61b640 100644 --- a/endpoints/udpTunnel/frontend.go +++ b/endpoints/udpTunnel/frontend.go @@ -148,7 +148,7 @@ func (f *Frontend) Run() error { _ = clt.zitiConn.Close() } } else { - zitiConn, err := f.zCtx.Dial(f.cfg.ShrToken) + zitiConn, err := f.zCtx.DialWithOptions(f.cfg.ShrToken, &ziti.DialOptions{ConnectTimeout: 30 * time.Second}) if err != nil { logrus.Errorf("error dialing '%v': %v", f.cfg.ShrToken, err) continue diff --git a/endpoints/vpn/frontend.go b/endpoints/vpn/frontend.go index cab11df29..3ad26436d 100644 --- a/endpoints/vpn/frontend.go +++ b/endpoints/vpn/frontend.go @@ -45,7 +45,7 @@ func NewFrontend(cfg *FrontendConfig) (*Frontend, error) { return nil, errors.Wrap(err, "error loading ziti context") } - zConn, err := zCtx.Dial(cfg.ShrToken) + zConn, err := zCtx.DialWithOptions(cfg.ShrToken, &ziti.DialOptions{ConnectTimeout: 30 * time.Second}) if err != nil { zCtx.Close() return nil, errors.Wrap(err, "error connecting to ziti") diff --git a/sdk/golang/sdk/dialer.go b/sdk/golang/sdk/dialer.go index 2283ea6c1..b0e2f9e12 100644 --- a/sdk/golang/sdk/dialer.go +++ b/sdk/golang/sdk/dialer.go @@ -5,6 +5,7 @@ import ( "github.com/openziti/sdk-golang/ziti/edge" "github.com/openziti/zrok/environment/env_core" "github.com/pkg/errors" + "time" ) func NewDialer(shrToken string, root env_core.Root) (edge.Conn, error) { @@ -23,7 +24,7 @@ func NewDialer(shrToken string, root env_core.Root) (edge.Conn, error) { return nil, errors.Wrap(err, "error getting ziti context") } - conn, err := zctx.Dial(shrToken) + conn, err := zctx.DialWithOptions(shrToken, &ziti.DialOptions{ConnectTimeout: 30 * time.Second}) if err != nil { return nil, errors.Wrapf(err, "error dialing '%v'", shrToken) } From d62e2f9b04b4f372e88722dd0eba47f5eb053fe9 Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Fri, 18 Oct 2024 11:37:32 -0400 Subject: [PATCH 2/4] changelog (#772) --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index bd482c65f..145af2684 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ ## v0.4.42 +CHANGE: Switch all `Dial` operations made into the OpenZiti overlay to use `DialWithOptions(..., &ziti.DialOptions{ConnectTimeout: 30 * time.Second})`, switching to a 30 second timeout from a 5 second default (https://github.com/openziti/zrok/issues/772) + FIX: always append common options like `--headless` and conditionally append `--verbose --insecure` if their respective env vars are set to when running in a service manager like systemd or Docker and wrapping the `zrok` command with the `zrok-share.bash` shell script (https://openziti.discourse.group/t/question-about-reserved-public-vs-temp-public-shares/3169) FIX: Correct registration page CSS to ensure that the entire form is visible From 4eefa83ae81f20cb11ccbe4a7831cc8a34f299d0 Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Fri, 18 Oct 2024 11:45:03 -0400 Subject: [PATCH 3/4] remove --basic-auth from 'zrok share private' (#770) --- cmd/zrok/sharePrivate.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/cmd/zrok/sharePrivate.go b/cmd/zrok/sharePrivate.go index fe71eb2ab..304a7a6ff 100644 --- a/cmd/zrok/sharePrivate.go +++ b/cmd/zrok/sharePrivate.go @@ -27,7 +27,6 @@ func init() { } type sharePrivateCommand struct { - basicAuth []string backendMode string headless bool insecure bool @@ -43,7 +42,6 @@ func newSharePrivateCommand() *sharePrivateCommand { Args: cobra.RangeArgs(0, 1), } command := &sharePrivateCommand{cmd: cmd} - cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (,...") cmd.Flags().StringVarP(&command.backendMode, "backend-mode", "b", "proxy", "The backend mode {proxy, web, tcpTunnel, udpTunnel, caddy, drive, socks, vpn}") cmd.Flags().BoolVar(&command.headless, "headless", false, "Disable TUI and run headless") cmd.Flags().BoolVar(&command.insecure, "insecure", false, "Enable insecure TLS certificate validation for ") @@ -145,7 +143,6 @@ func (cmd *sharePrivateCommand) run(_ *cobra.Command, args []string) { req := &sdk.ShareRequest{ BackendMode: sdk.BackendMode(cmd.backendMode), ShareMode: sdk.PrivateShareMode, - BasicAuth: cmd.basicAuth, Target: target, } if cmd.closed { From e5d5373f315241677304225bb90af345df3a6da3 Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Fri, 18 Oct 2024 11:48:21 -0400 Subject: [PATCH 4/4] changelog (#770) --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index bd482c65f..3cfbb6d0a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ ## v0.4.42 +FIX: Removed the `--basic-auth` flag from `zrok share private` as this was ignored... even if `zrok access private` honored the `ziti.proxy.v1` config to ask for basic auth, it would still be easy to write a custom SDK client that ignored the basic auth and accessed the share directly; better to remove the option than to allow confusing usage (https://github.com/openziti/zrok/issues/770) + FIX: always append common options like `--headless` and conditionally append `--verbose --insecure` if their respective env vars are set to when running in a service manager like systemd or Docker and wrapping the `zrok` command with the `zrok-share.bash` shell script (https://openziti.discourse.group/t/question-about-reserved-public-vs-temp-public-shares/3169) FIX: Correct registration page CSS to ensure that the entire form is visible