TUN-5702: Allow to deserialize config from JSON

2025-07-27 16:39:58 +00:00 · 2022-01-28 14:37:17 +00:00
parent d07d24e5a2
commit b1edf5b96d
7 changed files with 649 additions and 267 deletions
--- a/config/configuration.go
+++ b/config/configuration.go
@@ -175,60 +175,62 @@ func ValidateUrl(c *cli.Context, allowURLFromArgs bool) (*url.URL, error) {
 }

 type UnvalidatedIngressRule struct {
-	Hostname      string
-	Path          string
-	Service       string
-	OriginRequest OriginRequestConfig `yaml:"originRequest"`
+	Hostname      string              `json:"hostname"`
+	Path          string              `json:"path"`
+	Service       string              `json:"service"`
+	OriginRequest OriginRequestConfig `yaml:"originRequest" json:"originRequest"`
 }

 // OriginRequestConfig is a set of optional fields that users may set to
 // customize how cloudflared sends requests to origin services. It is used to set
 // up general config that apply to all rules, and also, specific per-rule
 // config.
-// Note: To specify a time.Duration in go-yaml, use e.g. "3s" or "24h".
+// Note:
+// - To specify a time.Duration in go-yaml, use e.g. "3s" or "24h".
+// - To specify a time.Duration in json, use int64 of the nanoseconds
 type OriginRequestConfig struct {
 	// HTTP proxy timeout for establishing a new connection
-	ConnectTimeout *time.Duration `yaml:"connectTimeout"`
+	ConnectTimeout *time.Duration `yaml:"connectTimeout" json:"connectTimeout"`
 	// HTTP proxy timeout for completing a TLS handshake
-	TLSTimeout *time.Duration `yaml:"tlsTimeout"`
+	TLSTimeout *time.Duration `yaml:"tlsTimeout" json:"tlsTimeout"`
 	// HTTP proxy TCP keepalive duration
-	TCPKeepAlive *time.Duration `yaml:"tcpKeepAlive"`
+	TCPKeepAlive *time.Duration `yaml:"tcpKeepAlive" json:"tcpKeepAlive"`
 	// HTTP proxy should disable "happy eyeballs" for IPv4/v6 fallback
-	NoHappyEyeballs *bool `yaml:"noHappyEyeballs"`
+	NoHappyEyeballs *bool `yaml:"noHappyEyeballs" json:"noHappyEyeballs"`
 	// HTTP proxy maximum keepalive connection pool size
-	KeepAliveConnections *int `yaml:"keepAliveConnections"`
+	KeepAliveConnections *int `yaml:"keepAliveConnections" json:"keepAliveConnections"`
 	// HTTP proxy timeout for closing an idle connection
-	KeepAliveTimeout *time.Duration `yaml:"keepAliveTimeout"`
+	KeepAliveTimeout *time.Duration `yaml:"keepAliveTimeout" json:"keepAliveTimeout"`
 	// Sets the HTTP Host header for the local webserver.
-	HTTPHostHeader *string `yaml:"httpHostHeader"`
+	HTTPHostHeader *string `yaml:"httpHostHeader" json:"httpHostHeader"`
 	// Hostname on the origin server certificate.
-	OriginServerName *string `yaml:"originServerName"`
+	OriginServerName *string `yaml:"originServerName" json:"originServerName"`
 	// Path to the CA for the certificate of your origin.
 	// This option should be used only if your certificate is not signed by Cloudflare.
-	CAPool *string `yaml:"caPool"`
+	CAPool *string `yaml:"caPool" json:"caPool"`
 	// Disables TLS verification of the certificate presented by your origin.
 	// Will allow any certificate from the origin to be accepted.
 	// Note: The connection from your machine to Cloudflare's Edge is still encrypted.
-	NoTLSVerify *bool `yaml:"noTLSVerify"`
+	NoTLSVerify *bool `yaml:"noTLSVerify" json:"noTLSVerify"`
 	// Disables chunked transfer encoding.
 	// Useful if you are running a WSGI server.
-	DisableChunkedEncoding *bool `yaml:"disableChunkedEncoding"`
+	DisableChunkedEncoding *bool `yaml:"disableChunkedEncoding" json:"disableChunkedEncoding"`
 	// Runs as jump host
-	BastionMode *bool `yaml:"bastionMode"`
+	BastionMode *bool `yaml:"bastionMode" json:"bastionMode"`
 	// Listen address for the proxy.
-	ProxyAddress *string `yaml:"proxyAddress"`
+	ProxyAddress *string `yaml:"proxyAddress" json:"proxyAddress"`
 	// Listen port for the proxy.
-	ProxyPort *uint `yaml:"proxyPort"`
+	ProxyPort *uint `yaml:"proxyPort" json:"proxyPort"`
 	// Valid options are 'socks' or empty.
-	ProxyType *string `yaml:"proxyType"`
+	ProxyType *string `yaml:"proxyType" json:"proxyType"`
 	// IP rules for the proxy service
-	IPRules []IngressIPRule `yaml:"ipRules"`
+	IPRules []IngressIPRule `yaml:"ipRules" json:"ipRules"`
 }

 type IngressIPRule struct {
-	Prefix *string `yaml:"prefix"`
-	Ports  []int   `yaml:"ports"`
-	Allow  bool    `yaml:"allow"`
+	Prefix *string `yaml:"prefix" json:"prefix"`
+	Ports  []int   `yaml:"ports" json:"ports"`
+	Allow  bool    `yaml:"allow" json:"allow"`
 }

 type Configuration struct {
@@ -240,7 +242,7 @@ type Configuration struct {
 }

 type WarpRoutingConfig struct {
-	Enabled bool `yaml:"enabled"`
+	Enabled bool `yaml:"enabled" json:"enabled"`
 }

 type configFileSettings struct {
--- a/config/configuration_test.go
+++ b/config/configuration_test.go
@@ -1,6 +1,7 @@
 package config

 import (
+	"encoding/json"
 	"testing"
 	"time"

@@ -26,6 +27,18 @@ func TestConfigFileSettings(t *testing.T) {
 	)
 	rawYAML := `
 tunnel: config-file-test
+originRequest:
+  ipRules:
+  - prefix: "10.0.0.0/8"
+    ports:
+    - 80
+    - 8080
+    allow: false
+  - prefix: "fc00::/7"
+    ports:
+    - 443
+    - 4443
+    allow: true
 ingress:
 - hostname: tunnel1.example.com
   path: /id
@@ -53,6 +66,21 @@ counters:
 	assert.Equal(t, firstIngress, config.Ingress[0])
 	assert.Equal(t, secondIngress, config.Ingress[1])
 	assert.Equal(t, warpRouting, config.WarpRouting)
+	privateV4 := "10.0.0.0/8"
+	privateV6 := "fc00::/7"
+	ipRules := []IngressIPRule{
+		{
+			Prefix: &privateV4,
+			Ports:  []int{80, 8080},
+			Allow:  false,
+		},
+		{
+			Prefix: &privateV6,
+			Ports:  []int{443, 4443},
+			Allow:  true,
+		},
+	}
+	assert.Equal(t, ipRules, config.OriginRequest.IPRules)

 	retries, err := config.Int("retries")
 	assert.NoError(t, err)
@@ -81,3 +109,71 @@ counters:
 	assert.Equal(t, 456, counters[1])

 }
+
+func TestUnmarshalOriginRequestConfig(t *testing.T) {
+	raw := []byte(`
+{
+	"connectTimeout": 10000000000,
+	"tlsTimeout": 30000000000,
+	"tcpKeepAlive": 30000000000,
+	"noHappyEyeballs": true,
+	"keepAliveTimeout": 60000000000,
+	"keepAliveConnections": 10,
+	"httpHostHeader": "app.tunnel.com",
+	"originServerName": "app.tunnel.com",
+	"caPool": "/etc/capool",
+	"noTLSVerify": true,
+	"disableChunkedEncoding": true,
+	"bastionMode": true,
+	"proxyAddress": "127.0.0.3",
+	"proxyPort": 9000,
+	"proxyType": "socks",
+	"ipRules": [
+		{
+			"prefix": "10.0.0.0/8",
+			"ports": [80, 8080],
+			"allow": false
+		},
+		{
+			"prefix": "fc00::/7",
+			"ports": [443, 4443],
+			"allow": true
+		}
+	]
+}
+`)
+	var config OriginRequestConfig
+	assert.NoError(t, json.Unmarshal(raw, &config))
+	assert.Equal(t, time.Second*10, *config.ConnectTimeout)
+	assert.Equal(t, time.Second*30, *config.TLSTimeout)
+	assert.Equal(t, time.Second*30, *config.TCPKeepAlive)
+	assert.Equal(t, true, *config.NoHappyEyeballs)
+	assert.Equal(t, time.Second*60, *config.KeepAliveTimeout)
+	assert.Equal(t, 10, *config.KeepAliveConnections)
+	assert.Equal(t, "app.tunnel.com", *config.HTTPHostHeader)
+	assert.Equal(t, "app.tunnel.com", *config.OriginServerName)
+	assert.Equal(t, "/etc/capool", *config.CAPool)
+	assert.Equal(t, true, *config.NoTLSVerify)
+	assert.Equal(t, true, *config.DisableChunkedEncoding)
+	assert.Equal(t, true, *config.BastionMode)
+	assert.Equal(t, "127.0.0.3", *config.ProxyAddress)
+	assert.Equal(t, true, *config.NoTLSVerify)
+	assert.Equal(t, uint(9000), *config.ProxyPort)
+	assert.Equal(t, "socks", *config.ProxyType)
+
+	privateV4 := "10.0.0.0/8"
+	privateV6 := "fc00::/7"
+	ipRules := []IngressIPRule{
+		{
+			Prefix: &privateV4,
+			Ports:  []int{80, 8080},
+			Allow:  false,
+		},
+		{
+			Prefix: &privateV6,
+			Ports:  []int{443, 4443},
+			Allow:  true,
+		},
+	}
+	assert.Equal(t, ipRules, config.IPRules)
+}