hoelee/cloudflared
1
0
Fork 0
mirror of https://github.com/cloudflare/cloudflared.git synced 2025-07-27 15:30:19 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

TUN-9583: set proper url and hostname for cloudflared tail command

Browse Source 
This commit adds support for FedRAMP environments. Cloudflared will
now dynamically configure the management hostname and API URL, switching 
to FedRAMP-specific values like `management.fed.argotunnel.com` and `https://api.fed.cloudflare.com/client/v4`
when a FedRAMP endpoint is detected.

Key to this is an enhanced `ParseToken` function, which now includes an `IsFed()`
method to determine if a management token's issuer is `fed-tunnelstore`. This allows
cloudflared to correctly identify and operate within a FedRAMP context, ensuring 
proper connectivity.

Closes TUN-9583
This commit is contained in:
Luis Neto
2025-07-23 20:09:50 +01:00
parent ddf4e6d854
commit 1cedefa1c2
7 changed files with 60 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
management/middleware.go
View File

@@ -12,14 +12,7 @@ const (
accessClaimsCtxKey ctxKey = iota
)
const (
connectorIDQuery = "connector_id"
accessTokenQuery = "access_token"
)
var (
errMissingAccessToken = managementError{Code: 1001, Message: "missing access_token query parameter"}
)
var errMissingAccessToken = managementError{Code: 1001, Message: "missing access_token query parameter"}
// HTTP middleware setting the parsed access_token claims in the request context
func ValidateAccessTokenQueryMiddleware(next http.Handler) http.Handler {
@@ -30,7 +23,7 @@ func ValidateAccessTokenQueryMiddleware(next http.Handler) http.Handler {
writeHTTPErrorResponse(w, errMissingAccessToken)
return
}
token, err := parseToken(accessToken)
token, err := ParseToken(accessToken)
if err != nil {
writeHTTPErrorResponse(w, errMissingAccessToken)
return