From 9f018e730fc1424c164158e63082d94c34419c2e Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Wed, 25 Oct 2023 11:32:08 -0400 Subject: [PATCH 1/3] support oauth flags for the 'zrok reserve' command (#421) --- cmd/zrok/reserve.go | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/cmd/zrok/reserve.go b/cmd/zrok/reserve.go index a5f0173cf..5d87f9a02 100644 --- a/cmd/zrok/reserve.go +++ b/cmd/zrok/reserve.go @@ -7,6 +7,7 @@ import ( "github.com/openziti/zrok/tui" "github.com/sirupsen/logrus" "github.com/spf13/cobra" + "time" ) func init() { @@ -14,10 +15,13 @@ func init() { } type reserveCommand struct { - basicAuth []string - frontendSelection []string - backendMode string - cmd *cobra.Command + basicAuth []string + frontendSelection []string + backendMode string + oauthProvider string + oauthEmailDomains []string + oauthCheckInterval time.Duration + cmd *cobra.Command } func newReserveCommand() *reserveCommand { @@ -27,9 +31,15 @@ func newReserveCommand() *reserveCommand { Args: cobra.ExactArgs(2), } command := &reserveCommand{cmd: cmd} - cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (,...)") cmd.Flags().StringArrayVar(&command.frontendSelection, "frontends", []string{"public"}, "Selected frontends to use for the share") cmd.Flags().StringVarP(&command.backendMode, "backend-mode", "b", "proxy", "The backend mode {proxy, web, , caddy}") + + cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (,...)") + cmd.Flags().StringVar(&command.oauthProvider, "oauth-provider", "", "Enable OAuth provider [google, github]") + cmd.Flags().StringArrayVar(&command.oauthEmailDomains, "oauth-email-domains", []string{}, "Allow only these email domains to authenticate via OAuth") + cmd.Flags().DurationVar(&command.oauthCheckInterval, "oauth-check-interval", 3*time.Hour, "Maximum lifetime for OAuth authentication; reauthenticate after expiry") + cmd.MarkFlagsMutuallyExclusive("basic-auth", "oauth-provider") + cmd.Run = command.run return command } @@ -89,6 +99,11 @@ func (cmd *reserveCommand) run(_ *cobra.Command, args []string) { if shareMode == sdk.PublicShareMode { req.Frontends = cmd.frontendSelection } + if cmd.oauthProvider != "" { + req.OauthProvider = cmd.oauthProvider + req.OauthEmailDomains = cmd.oauthEmailDomains + req.OauthAuthorizationCheckInterval = cmd.oauthCheckInterval + } shr, err := sdk.CreateShare(env, req) if err != nil { if !panicInstead { From aba9f683488961e13e7e4d455c98d9c47b46ba22 Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Wed, 25 Oct 2023 11:36:26 -0400 Subject: [PATCH 2/3] only allow --oauth-provider for 'zrok reserve public'; changelog (#421) --- CHANGELOG.md | 4 ++++ cmd/zrok/reserve.go | 3 +++ 2 files changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 217ff3015..a24a0d790 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +# v0.4.11 + +FIX: Include `--oauth-provider` and associated flags for the `zrok reserve` command, allowing reserved shares to specify OAuth authentication (https://github.com/openziti/zrok/issues/421) + # v0.4.10 CHANGE: The public frontend configuration has been bumped from `v: 2` to `v: 3`. The `redirect_host`, `redirect_port` and `redirect_http_only` parameters have been removed. These three configuration options have been replaced with `bind_address`, `redirect_url` and `cookie_domain`. See the OAuth configuration guide at `docs/guides/self-hosting/oauth/configuring-oauth.md` for more details (https://github.com/openziti/zrok/issues/411) diff --git a/cmd/zrok/reserve.go b/cmd/zrok/reserve.go index 5d87f9a02..803d6d2ec 100644 --- a/cmd/zrok/reserve.go +++ b/cmd/zrok/reserve.go @@ -100,6 +100,9 @@ func (cmd *reserveCommand) run(_ *cobra.Command, args []string) { req.Frontends = cmd.frontendSelection } if cmd.oauthProvider != "" { + if shareMode != sdk.PublicShareMode { + tui.Error("--oauth-provider only supported for public shares", nil) + } req.OauthProvider = cmd.oauthProvider req.OauthEmailDomains = cmd.oauthEmailDomains req.OauthAuthorizationCheckInterval = cmd.oauthCheckInterval From 870c1a083bdf7e846d5edaa2a3816a2762c6b6c6 Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Wed, 25 Oct 2023 11:44:21 -0400 Subject: [PATCH 3/3] incorporate '--json-output' flag to the 'zrok reserve' command (#422) --- CHANGELOG.md | 2 ++ cmd/zrok/reserve.go | 33 +++++++++++++++++---------------- sdk/model.go | 4 ++-- 3 files changed, 21 insertions(+), 18 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a24a0d790..be97ecdca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ # v0.4.11 +FEATURE: The `zrok reserve` command now incorporates the `--json-output|-j` flag, which outputs the reservation details as JSON, rather than as human-consumable log messages. Other commands will produce similar output in the future (https://github.com/openziti/zrok/issues/422) + FIX: Include `--oauth-provider` and associated flags for the `zrok reserve` command, allowing reserved shares to specify OAuth authentication (https://github.com/openziti/zrok/issues/421) # v0.4.10 diff --git a/cmd/zrok/reserve.go b/cmd/zrok/reserve.go index 803d6d2ec..69e6ecf55 100644 --- a/cmd/zrok/reserve.go +++ b/cmd/zrok/reserve.go @@ -1,6 +1,7 @@ package main import ( + "encoding/json" "fmt" "github.com/openziti/zrok/environment" "github.com/openziti/zrok/sdk" @@ -18,6 +19,7 @@ type reserveCommand struct { basicAuth []string frontendSelection []string backendMode string + jsonOutput bool oauthProvider string oauthEmailDomains []string oauthCheckInterval time.Duration @@ -33,7 +35,7 @@ func newReserveCommand() *reserveCommand { command := &reserveCommand{cmd: cmd} cmd.Flags().StringArrayVar(&command.frontendSelection, "frontends", []string{"public"}, "Selected frontends to use for the share") cmd.Flags().StringVarP(&command.backendMode, "backend-mode", "b", "proxy", "The backend mode {proxy, web, , caddy}") - + cmd.Flags().BoolVarP(&command.jsonOutput, "json-output", "j", false, "Emit JSON describing the created reserved share") cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (,...)") cmd.Flags().StringVar(&command.oauthProvider, "oauth-provider", "", "Enable OAuth provider [google, github]") cmd.Flags().StringArrayVar(&command.oauthEmailDomains, "oauth-email-domains", []string{}, "Allow only these email domains to authenticate via OAuth") @@ -55,10 +57,7 @@ func (cmd *reserveCommand) run(_ *cobra.Command, args []string) { case "proxy": v, err := parseUrl(args[1]) if err != nil { - if !panicInstead { - tui.Error("invalid target endpoint URL", err) - } - panic(err) + tui.Error("invalid target endpoint URL", err) } target = v @@ -80,10 +79,7 @@ func (cmd *reserveCommand) run(_ *cobra.Command, args []string) { env, err := environment.LoadRoot() if err != nil { - if !panicInstead { - tui.Error("error loading environment", err) - } - panic(err) + tui.Error("error loading environment", err) } if !env.IsEnabled() { @@ -109,14 +105,19 @@ func (cmd *reserveCommand) run(_ *cobra.Command, args []string) { } shr, err := sdk.CreateShare(env, req) if err != nil { - if !panicInstead { - tui.Error("unable to create share", err) - } - panic(err) + tui.Error("unable to create share", err) } - logrus.Infof("your reserved share token is '%v'", shr.Token) - for _, fpe := range shr.FrontendEndpoints { - logrus.Infof("reserved frontend endpoint: %v", fpe) + if !cmd.jsonOutput { + logrus.Infof("your reserved share token is '%v'", shr.Token) + for _, fpe := range shr.FrontendEndpoints { + logrus.Infof("reserved frontend endpoint: %v", fpe) + } + } else { + out, err := json.Marshal(shr) + if err != nil { + tui.Error("error emitting JSON", err) + } + fmt.Println(string(out)) } } diff --git a/sdk/model.go b/sdk/model.go index fa0310eb4..cefb1eb0e 100644 --- a/sdk/model.go +++ b/sdk/model.go @@ -31,8 +31,8 @@ type ShareRequest struct { } type Share struct { - Token string - FrontendEndpoints []string + Token string `json:"token"` + FrontendEndpoints []string `json:"frontend_endpoints"` } type AccessRequest struct {