TUN-3669: Teamnet commands to add/show Teamnet routes.

2025-07-28 12:59:57 +00:00 · 2020-12-21 20:06:46 -06:00
parent 2ea491b1d0
commit 94c639d225
8 changed files with 528 additions and 7 deletions
--- a/cmd/cloudflared/tunnel/subcommand_context_teamnet.go
+++ b/cmd/cloudflared/tunnel/subcommand_context_teamnet.go
@@ -0,0 +1,21 @@
+package tunnel
+
+import (
+	"github.com/cloudflare/cloudflared/teamnet"
+)
+
+func (sc *subcommandContext) listRoutes(filter *teamnet.Filter) ([]*teamnet.Route, error) {
+	client, err := sc.client()
+	if err != nil {
+		return nil, err
+	}
+	return client.ListRoutes(filter)
+}
+
+func (sc *subcommandContext) addRoute(newRoute teamnet.NewRoute) (teamnet.Route, error) {
+	client, err := sc.client()
+	if err != nil {
+		return teamnet.Route{}, err
+	}
+	return client.AddRoute(newRoute)
+}
--- a/cmd/cloudflared/tunnel/subcommands.go
+++ b/cmd/cloudflared/tunnel/subcommands.go
@@ -203,14 +203,14 @@ func listCommand(c *cli.Context) error {
 	}

 	if len(tunnels) > 0 {
-		fmtAndPrintTunnelList(tunnels, c.Bool("show-recently-disconnected"))
+		formatAndPrintTunnelList(tunnels, c.Bool("show-recently-disconnected"))
 	} else {
 		fmt.Println("You have no tunnels, use 'cloudflared tunnel create' to define a new tunnel")
 	}
 	return nil
 }

-func fmtAndPrintTunnelList(tunnels []*tunnelstore.Tunnel, showRecentlyDisconnected bool) {
+func formatAndPrintTunnelList(tunnels []*tunnelstore.Tunnel, showRecentlyDisconnected bool) {
 	const (
 		minWidth = 0
 		tabWidth = 8
@@ -407,6 +407,9 @@ func buildRouteCommand() *cli.Command {
   To use this tunnel as a load balancer origin, creating pool and load balancer if necessary:
      cloudflared tunnel route lb <tunnel ID> <load balancer name> <load balancer pool>`,
 		CustomHelpTemplate: commandHelpTemplate(),
+		Subcommands: []*cli.Command{
+			buildRouteIPSubcommand(),
+		},
 	}
 }

--- a/cmd/cloudflared/tunnel/teamnet_subcommands.go
+++ b/cmd/cloudflared/tunnel/teamnet_subcommands.go
@@ -0,0 +1,134 @@
+package tunnel
+
+import (
+	"fmt"
+	"net"
+	"os"
+	"text/tabwriter"
+
+	"github.com/cloudflare/cloudflared/cmd/cloudflared/cliutil"
+	"github.com/cloudflare/cloudflared/teamnet"
+	"github.com/pkg/errors"
+
+	"github.com/urfave/cli/v2"
+)
+
+func buildRouteIPSubcommand() *cli.Command {
+	return &cli.Command{
+		Name:      "ip",
+		Category:  "Tunnel",
+		Usage:     "Configure and query Cloudflare for Teams private routes",
+		UsageText: "cloudflared tunnel [--config FILEPATH] route COMMAND [arguments...]",
+		Hidden:    true,
+		Description: `cloudflared lets you provision private Cloudflare for Teams routes to origins in your corporate
+		network, so that you can ensure the only people who can access your private IP subnets are people using a
+		corporate device enrolled in Cloudflare for Teams.
+		`,
+		Subcommands: []*cli.Command{
+			{
+				Name:      "add",
+				Action:    cliutil.ErrorHandler(addRouteCommand),
+				Usage:     "Add a new Teamnet route to the table",
+				UsageText: "cloudflared tunnel [--config FILEPATH] route ip add [CIDR] [TUNNEL] [COMMENT?]",
+				Description: `Add a new Cloudflare for Teams private route from a given tunnel (identified by name or
+				UUID) to a given IP network in your private IP space. This route will go through your Gateway rules.`,
+			},
+			{
+				Name:      "show",
+				Action:    cliutil.ErrorHandler(showRoutesCommand),
+				Usage:     "Show the routing table",
+				UsageText: "cloudflared tunnel [--config FILEPATH] route ip show [flags]",
+				Description: `Shows all Cloudflare for Teams private routes. Using flags to specify filters means that
+				only routes which match that filter get shown.`,
+				Flags: teamnet.Flags,
+			},
+		},
+	}
+}
+
+func showRoutesCommand(c *cli.Context) error {
+	sc, err := newSubcommandContext(c)
+	if err != nil {
+		return err
+	}
+
+	filter, err := teamnet.NewFromCLI(c)
+	if err != nil {
+		return errors.Wrap(err, "invalid config for routing filters")
+	}
+
+	routes, err := sc.listRoutes(filter)
+	if err != nil {
+		return err
+	}
+
+	if outputFormat := c.String(outputFormatFlag.Name); outputFormat != "" {
+		return renderOutput(outputFormat, routes)
+	}
+
+	if len(routes) > 0 {
+		formatAndPrintRouteList(routes)
+	} else {
+		fmt.Println("You have no routes, use 'cloudflared tunnel route ip add' to add a route")
+	}
+	return nil
+}
+
+func addRouteCommand(c *cli.Context) error {
+	sc, err := newSubcommandContext(c)
+	if err != nil {
+		return err
+	}
+	if c.NArg() < 2 {
+		return fmt.Errorf("You must supply at least 2 arguments, first the network you wish to route (in CIDR form e.g. 1.2.3.4/32) and then the tunnel ID to proxy with")
+	}
+	args := c.Args()
+	_, network, err := net.ParseCIDR(args.Get(0))
+	if err != nil {
+		return errors.Wrap(err, "Invalid network CIDR")
+	}
+	if network == nil {
+		return errors.New("Invalid network CIDR")
+	}
+	tunnelRef := args.Get(1)
+	tunnelID, err := sc.findID(tunnelRef)
+	if err != nil {
+		return errors.Wrap(err, "Invalid tunnel")
+	}
+	comment := ""
+	if c.NArg() >= 3 {
+		comment = args.Get(2)
+	}
+	_, err = sc.addRoute(teamnet.NewRoute{
+		Comment:  comment,
+		Network:  *network,
+		TunnelID: tunnelID,
+	})
+	if err != nil {
+		return errors.Wrap(err, "API error")
+	}
+	fmt.Printf("Successfully added route for %s over tunnel %s\n", network, tunnelID)
+	return nil
+}
+
+func formatAndPrintRouteList(routes []*teamnet.Route) {
+	const (
+		minWidth = 0
+		tabWidth = 8
+		padding  = 1
+		padChar  = ' '
+		flags    = 0
+	)
+
+	writer := tabwriter.NewWriter(os.Stdout, minWidth, tabWidth, padding, padChar, flags)
+	defer writer.Flush()
+
+	// Print column headers with tabbed columns
+	_, _ = fmt.Fprintln(writer, "NETWORK\tCOMMENT\tTUNNEL ID\tCREATED\tDELETED\t")
+
+	// Loop through routes, create formatted string for each, and print using tabwriter
+	for _, route := range routes {
+		formattedStr := route.TableString()
+		_, _ = fmt.Fprintln(writer, formattedStr)
+	}
+}