mirror of
https://github.com/cloudflare/cloudflared.git
synced 2025-07-27 19:29:57 +00:00
TUN-6016: Push local managed tunnels configuration to the edge
This commit is contained in:
João Oliveirinha
@@ -1,15 +1,66 @@
|
||||
package orchestration
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
|
||||
"github.com/cloudflare/cloudflared/config"
|
||||
"github.com/cloudflare/cloudflared/ingress"
|
||||
)
|
||||
|
||||
type newConfig struct {
|
||||
type newRemoteConfig struct {
|
||||
ingress.RemoteConfig
|
||||
// Add more fields when we support other settings in tunnel orchestration
|
||||
}
|
||||
|
||||
type newLocalConfig struct {
|
||||
RemoteConfig ingress.RemoteConfig
|
||||
ConfigurationFlags map[string]string `json:"__configuration_flags,omitempty"`
|
||||
}
|
||||
|
||||
// Config is the original config as read and parsed by cloudflared.
|
||||
type Config struct {
|
||||
Ingress *ingress.Ingress
|
||||
WarpRoutingEnabled bool
|
||||
|
||||
// Extra settings used to configure this instance but that are not eligible for remotely management
|
||||
// ie. (--protocol, --loglevel, ...)
|
||||
ConfigurationFlags map[string]string
|
||||
}
|
||||
|
||||
func (rc *newLocalConfig) MarshalJSON() ([]byte, error) {
|
||||
var r = struct {
|
||||
ConfigurationFlags map[string]string `json:"__configuration_flags,omitempty"`
|
||||
ingress.RemoteConfigJSON
|
||||
}{
|
||||
ConfigurationFlags: rc.ConfigurationFlags,
|
||||
RemoteConfigJSON: ingress.RemoteConfigJSON{
|
||||
// UI doesn't support top level configs, so we reconcile to individual ingress configs.
|
||||
GlobalOriginRequest: nil,
|
||||
IngressRules: convertToUnvalidatedIngressRules(rc.RemoteConfig.Ingress),
|
||||
WarpRouting: rc.RemoteConfig.WarpRouting,
|
||||
},
|
||||
}
|
||||
|
||||
return json.Marshal(r)
|
||||
}
|
||||
|
||||
func convertToUnvalidatedIngressRules(i ingress.Ingress) []config.UnvalidatedIngressRule {
|
||||
result := make([]config.UnvalidatedIngressRule, 0)
|
||||
for _, rule := range i.Rules {
|
||||
var path string
|
||||
if rule.Path != nil {
|
||||
path = rule.Path.String()
|
||||
}
|
||||
|
||||
newRule := config.UnvalidatedIngressRule{
|
||||
Hostname: rule.Hostname,
|
||||
Path: path,
|
||||
Service: rule.Service.String(),
|
||||
OriginRequest: ingress.ConvertToRawOriginConfig(rule.Config),
|
||||
}
|
||||
|
||||
result = append(result, newRule)
|
||||
}
|
||||
|
||||
return result
|
||||
}
|
||||
|
||||
82
orchestration/config_test.go
Normal file
82
orchestration/config_test.go
Normal file
@@ -0,0 +1,82 @@
|
||||
package orchestration
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/cloudflare/cloudflared/ingress"
|
||||
)
|
||||
|
||||
// TestNewLocalConfig_MarshalJSON tests that we are able to converte a compiled and validated config back
|
||||
// into an "unvalidated" format which is compatible with Remote Managed configurations.
|
||||
func TestNewLocalConfig_MarshalJSON(t *testing.T) {
|
||||
|
||||
rawConfig := []byte(`
|
||||
{
|
||||
"originRequest": {
|
||||
"connectTimeout": 160,
|
||||
"httpHostHeader": "default"
|
||||
},
|
||||
"ingress": [
|
||||
{
|
||||
"hostname": "tun.example.com",
|
||||
"service": "https://localhost:8000"
|
||||
},
|
||||
{
|
||||
"hostname": "*",
|
||||
"service": "https://localhost:8001",
|
||||
"originRequest": {
|
||||
"connectTimeout": 121,
|
||||
"tlsTimeout": 2,
|
||||
"noHappyEyeballs": false,
|
||||
"tcpKeepAlive": 2,
|
||||
"keepAliveConnections": 2,
|
||||
"keepAliveTimeout": 2,
|
||||
"httpHostHeader": "def",
|
||||
"originServerName": "b2",
|
||||
"caPool": "/tmp/path1",
|
||||
"noTLSVerify": false,
|
||||
"disableChunkedEncoding": false,
|
||||
"bastionMode": false,
|
||||
"proxyAddress": "interface",
|
||||
"proxyPort": 200,
|
||||
"proxyType": "",
|
||||
"ipRules": [
|
||||
{
|
||||
"prefix": "10.0.0.0/16",
|
||||
"ports": [3000, 3030],
|
||||
"allow": false
|
||||
},
|
||||
{
|
||||
"prefix": "192.16.0.0/24",
|
||||
"ports": [5000, 5050],
|
||||
"allow": true
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
`)
|
||||
|
||||
var expectedConfig ingress.RemoteConfig
|
||||
err := json.Unmarshal(rawConfig, &expectedConfig)
|
||||
require.NoError(t, err)
|
||||
|
||||
c := &newLocalConfig{
|
||||
RemoteConfig: expectedConfig,
|
||||
ConfigurationFlags: nil,
|
||||
}
|
||||
|
||||
jsonSerde, err := json.Marshal(c)
|
||||
require.NoError(t, err)
|
||||
|
||||
var config ingress.RemoteConfig
|
||||
err = json.Unmarshal(jsonSerde, &config)
|
||||
require.NoError(t, err)
|
||||
|
||||
require.Equal(t, config.WarpRouting.Enabled, false)
|
||||
require.Equal(t, config.Ingress.Rules, expectedConfig.Ingress.Rules)
|
||||
}
|
||||
@@ -54,7 +54,7 @@ func NewOrchestrator(ctx context.Context, config *Config, tags []tunnelpogs.Tag,
|
||||
return o, nil
|
||||
}
|
||||
|
||||
// Update creates a new proxy with the new ingress rules
|
||||
// UpdateConfig creates a new proxy with the new ingress rules
|
||||
func (o *Orchestrator) UpdateConfig(version int32, config []byte) *tunnelpogs.UpdateConfigurationResponse {
|
||||
o.lock.Lock()
|
||||
defer o.lock.Unlock()
|
||||
@@ -63,12 +63,12 @@ func (o *Orchestrator) UpdateConfig(version int32, config []byte) *tunnelpogs.Up
|
||||
o.log.Debug().
|
||||
Int32("current_version", o.currentVersion).
|
||||
Int32("received_version", version).
|
||||
Msg("Current version is equal or newer than receivied version")
|
||||
Msg("Current version is equal or newer than received version")
|
||||
return &tunnelpogs.UpdateConfigurationResponse{
|
||||
LastAppliedVersion: o.currentVersion,
|
||||
}
|
||||
}
|
||||
var newConf newConfig
|
||||
var newConf newRemoteConfig
|
||||
if err := json.Unmarshal(config, &newConf); err != nil {
|
||||
o.log.Err(err).
|
||||
Int32("version", version).
|
||||
@@ -131,10 +131,26 @@ func (o *Orchestrator) updateIngress(ingressRules ingress.Ingress, warpRoutingEn
|
||||
return nil
|
||||
}
|
||||
|
||||
// GetConfigJSON returns the current version and configuration as JSON
|
||||
// GetConfigJSON returns the current json serialization of the config as the edge understands it
|
||||
func (o *Orchestrator) GetConfigJSON() ([]byte, error) {
|
||||
o.lock.RLock()
|
||||
defer o.lock.RUnlock()
|
||||
|
||||
c := &newLocalConfig{
|
||||
RemoteConfig: ingress.RemoteConfig{
|
||||
Ingress: *o.config.Ingress,
|
||||
WarpRouting: config.WarpRoutingConfig{Enabled: o.config.WarpRoutingEnabled},
|
||||
},
|
||||
ConfigurationFlags: o.config.ConfigurationFlags,
|
||||
}
|
||||
|
||||
return json.Marshal(c)
|
||||
}
|
||||
|
||||
// GetVersionedConfigJSON returns the current version and configuration as JSON
|
||||
func (o *Orchestrator) GetVersionedConfigJSON() ([]byte, error) {
|
||||
o.lock.RLock()
|
||||
defer o.lock.RUnlock()
|
||||
var currentConfiguration = struct {
|
||||
Version int32 `json:"version"`
|
||||
Config struct {
|
||||
|
||||
@@ -2,6 +2,7 @@ package orchestration
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
@@ -641,6 +642,19 @@ func TestPersistentConnection(t *testing.T) {
|
||||
wg.Wait()
|
||||
}
|
||||
|
||||
func TestSerializeLocalConfig(t *testing.T) {
|
||||
c := &newLocalConfig{
|
||||
RemoteConfig: ingress.RemoteConfig{
|
||||
Ingress: ingress.Ingress{},
|
||||
WarpRouting: config.WarpRoutingConfig{},
|
||||
},
|
||||
ConfigurationFlags: map[string]string{"a": "b"},
|
||||
}
|
||||
|
||||
result, _ := json.Marshal(c)
|
||||
fmt.Println(string(result))
|
||||
}
|
||||
|
||||
func wsEcho(w http.ResponseWriter, r *http.Request) {
|
||||
upgrader := gows.Upgrader{}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user