TUN-3855: Add ability to override target of 'access ssh' command to a different host for testing

This commit is contained in:
Igor Postelnik
2021-02-03 13:00:55 -06:00
committed by Nuno Diegues
parent 8b794390e5
commit 9c298e4851
4 changed files with 41 additions and 4 deletions

View File

@@ -1,6 +1,8 @@
package access
import (
"crypto/tls"
"fmt"
"net/http"
"strings"
@@ -84,6 +86,26 @@ func ssh(c *cli.Context) error {
options := &carrier.StartOptions{
OriginURL: originURL,
Headers: headers,
Host: hostname,
}
if connectTo := c.String(sshConnectTo); connectTo != "" {
parts := strings.Split(connectTo, ":")
switch len(parts) {
case 1:
options.OriginURL = fmt.Sprintf("https://%s", parts[0])
case 2:
options.OriginURL = fmt.Sprintf("https://%s:%s", parts[0], parts[1])
case 3:
options.OriginURL = fmt.Sprintf("https://%s:%s", parts[2], parts[1])
options.TLSClientConfig = &tls.Config{
InsecureSkipVerify: true,
ServerName: parts[0],
}
log.Warn().Msgf("Using insecure SSL connection because SNI overridden to %s", parts[0])
default:
return fmt.Errorf("invalid connection override: %s", connectTo)
}
}
// we could add a cmd line variable for this bool if we want the SOCK5 server to be on the client side

View File

@@ -33,6 +33,7 @@ const (
sshTokenIDFlag = "service-token-id"
sshTokenSecretFlag = "service-token-secret"
sshGenCertFlag = "short-lived-cert"
sshConnectTo = "connect-to"
sshConfigTemplate = `
Add to your {{.Home}}/.ssh/config:
@@ -54,7 +55,7 @@ Host cfpipe-{{.Hostname}}
const sentryDSN = "https://56a9c9fa5c364ab28f34b14f35ea0f1b@sentry.io/189878"
var (
shutdownC chan struct{}
shutdownC chan struct{}
)
// Init will initialize and store vars from the main program
@@ -164,6 +165,11 @@ func Commands() []*cli.Command {
Aliases: []string{"loglevel"}, //added to match the tunnel side
Usage: "Application logging level {fatal, error, info, debug}. ",
},
&cli.StringFlag{
Name: sshConnectTo,
Hidden: true,
Usage: "Connect to alternate location for testing, value is host, host:port, or sni:port:host",
},
},
},
{