cloudflared-mirror/cmd/cloudflared/tunnel/configuration.go

package tunnel

import (
	"fmt"
	"io/ioutil"
	"os"
	"path/filepath"
	"strings"

	"github.com/cloudflare/cloudflared/cmd/cloudflared/buildinfo"
	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
	"github.com/cloudflare/cloudflared/ingress"
	"github.com/cloudflare/cloudflared/logger"
	"github.com/cloudflare/cloudflared/origin"
	"github.com/cloudflare/cloudflared/tlsconfig"
	tunnelpogs "github.com/cloudflare/cloudflared/tunnelrpc/pogs"
	"github.com/cloudflare/cloudflared/validation"

	"github.com/google/uuid"
	"github.com/mitchellh/go-homedir"
	"github.com/pkg/errors"
	"github.com/urfave/cli/v2"
	"golang.org/x/crypto/ssh/terminal"
)

var (
	developerPortal = "https://developers.cloudflare.com/argo-tunnel"
	quickStartUrl   = developerPortal + "/quickstart/quickstart/"
	serviceUrl      = developerPortal + "/reference/service/"
	argumentsUrl    = developerPortal + "/reference/arguments/"
)

// returns the first path that contains a cert.pem file. If none of the DefaultConfigSearchDirectories
// contains a cert.pem file, return empty string
func findDefaultOriginCertPath() string {
	for _, defaultConfigDir := range config.DefaultConfigSearchDirectories() {
		originCertPath, _ := homedir.Expand(filepath.Join(defaultConfigDir, config.DefaultCredentialFile))
		if ok, _ := config.FileExists(originCertPath); ok {
			return originCertPath
		}
	}
	return ""
}

func generateRandomClientID(logger logger.Service) (string, error) {
	u, err := uuid.NewRandom()
	if err != nil {
		logger.Errorf("couldn't create UUID for client ID %s", err)
		return "", err
	}
	return u.String(), nil
}

func logClientOptions(c *cli.Context, logger logger.Service) {
	flags := make(map[string]interface{})
	for _, flag := range c.LocalFlagNames() {
		flags[flag] = c.Generic(flag)
	}

	sliceFlags := []string{"header", "tag", "proxy-dns-upstream", "upstream", "edge"}
	for _, sliceFlag := range sliceFlags {
		if len(c.StringSlice(sliceFlag)) > 0 {
			flags[sliceFlag] = strings.Join(c.StringSlice(sliceFlag), ", ")
		}
	}

	if len(flags) > 0 {
		logger.Infof("Environment variables %v", flags)
	}

	envs := make(map[string]string)
	// Find env variables for Argo Tunnel
	for _, env := range os.Environ() {
		// All Argo Tunnel env variables start with TUNNEL_
		if strings.Contains(env, "TUNNEL_") {
			vars := strings.Split(env, "=")
			if len(vars) == 2 {
				envs[vars[0]] = vars[1]
			}
		}
	}
	if len(envs) > 0 {
		logger.Infof("Environmental variables %v", envs)
	}
}

func dnsProxyStandAlone(c *cli.Context) bool {
	return c.IsSet("proxy-dns") && (!c.IsSet("hostname") && !c.IsSet("tag") && !c.IsSet("hello-world"))
}

func findOriginCert(c *cli.Context, logger logger.Service) (string, error) {
	originCertPath := c.String("origincert")
	if originCertPath == "" {
		logger.Infof("Cannot determine default origin certificate path. No file %s in %v", config.DefaultCredentialFile, config.DefaultConfigSearchDirectories())
		if isRunningFromTerminal() {
			logger.Errorf("You need to specify the origin certificate path with --origincert option, or set TUNNEL_ORIGIN_CERT environment variable. See %s for more information.", argumentsUrl)
			return "", fmt.Errorf("Client didn't specify origincert path when running from terminal")
		} else {
			logger.Errorf("You need to specify the origin certificate path by specifying the origincert option in the configuration file, or set TUNNEL_ORIGIN_CERT environment variable. See %s for more information.", serviceUrl)
			return "", fmt.Errorf("Client didn't specify origincert path")
		}
	}
	var err error
	originCertPath, err = homedir.Expand(originCertPath)
	if err != nil {
		logger.Errorf("Cannot resolve path %s: %s", originCertPath, err)
		return "", fmt.Errorf("Cannot resolve path %s", originCertPath)
	}
	// Check that the user has acquired a certificate using the login command
	ok, err := config.FileExists(originCertPath)
	if err != nil {
		logger.Errorf("Cannot check if origin cert exists at path %s", originCertPath)
		return "", fmt.Errorf("Cannot check if origin cert exists at path %s", originCertPath)
	}
	if !ok {
		logger.Errorf(`Cannot find a valid certificate for your origin at the path:

    %s

If the path above is wrong, specify the path with the -origincert option.
If you don't have a certificate signed by Cloudflare, run the command:

	%s login
`, originCertPath, os.Args[0])
		return "", fmt.Errorf("Cannot find a valid certificate at the path %s", originCertPath)
	}

	return originCertPath, nil
}

func readOriginCert(originCertPath string, logger logger.Service) ([]byte, error) {
	logger.Debugf("Reading origin cert from %s", originCertPath)

	// Easier to send the certificate as []byte via RPC than decoding it at this point
	originCert, err := ioutil.ReadFile(originCertPath)
	if err != nil {
		logger.Errorf("Cannot read %s to load origin certificate: %s", originCertPath, err)
		return nil, fmt.Errorf("Cannot read %s to load origin certificate", originCertPath)
	}
	return originCert, nil
}

func getOriginCert(c *cli.Context, logger logger.Service) ([]byte, error) {
	if originCertPath, err := findOriginCert(c, logger); err != nil {
		return nil, err
	} else {
		return readOriginCert(originCertPath, logger)
	}
}

func prepareTunnelConfig(
	c *cli.Context,
	buildInfo *buildinfo.BuildInfo,
	version string,
	logger logger.Service,
	transportLogger logger.Service,
	namedTunnel *origin.NamedTunnelConfig,
) (*origin.TunnelConfig, error) {
	isNamedTunnel := namedTunnel != nil
	compatibilityMode := !isNamedTunnel

	hostname, err := validation.ValidateHostname(c.String("hostname"))
	if err != nil {
		logger.Errorf("Invalid hostname: %s", err)
		return nil, errors.Wrap(err, "Invalid hostname")
	}
	isFreeTunnel := hostname == ""
	clientID := c.String("id")
	if !c.IsSet("id") {
		clientID, err = generateRandomClientID(logger)
		if err != nil {
			return nil, err
		}
	}

	tags, err := NewTagSliceFromCLI(c.StringSlice("tag"))
	if err != nil {
		logger.Errorf("Tag parse failure: %s", err)
		return nil, errors.Wrap(err, "Tag parse failure")
	}

	tags = append(tags, tunnelpogs.Tag{Name: "ID", Value: clientID})

	var originCert []byte
	if !isFreeTunnel {
		originCert, err = getOriginCert(c, logger)
		if err != nil {
			return nil, errors.Wrap(err, "Error getting origin cert")
		}
	}

	tunnelMetrics := origin.NewTunnelMetrics()

	var ingressRules ingress.Ingress
	if namedTunnel != nil {
		clientUUID, err := uuid.NewRandom()
		if err != nil {
			return nil, errors.Wrap(err, "can't generate clientUUID")
		}
		namedTunnel.Client = tunnelpogs.ClientInfo{
			ClientID: clientUUID[:],
			Features: []string{origin.FeatureSerializedHeaders},
			Version:  version,
			Arch:     fmt.Sprintf("%s_%s", buildInfo.GoOS, buildInfo.GoArch),
		}
		ingressRules, err = ingress.ParseIngress(config.GetConfiguration())
		if err != nil && err != ingress.ErrNoIngressRules {
			return nil, err
		}
		if !ingressRules.IsEmpty() && c.IsSet("url") {
			return nil, ingress.ErrURLIncompatibleWithIngress
		}
	}

	// Convert single-origin configuration into multi-origin configuration.
	if ingressRules.IsEmpty() {
		ingressRules, err = ingress.NewSingleOrigin(c, compatibilityMode, logger)
		if err != nil {
			return nil, err
		}
	}

	toEdgeTLSConfig, err := tlsconfig.CreateTunnelConfig(c, isNamedTunnel)
	if err != nil {
		logger.Errorf("unable to create TLS config to connect with edge: %s", err)
		return nil, errors.Wrap(err, "unable to create TLS config to connect with edge")
	}
	return &origin.TunnelConfig{
		BuildInfo:          buildInfo,
		ClientID:           clientID,
		CompressionQuality: c.Uint64("compression-quality"),
		EdgeAddrs:          c.StringSlice("edge"),
		GracePeriod:        c.Duration("grace-period"),
		HAConnections:      c.Int("ha-connections"),
		HeartbeatInterval:  c.Duration("heartbeat-interval"),
		Hostname:           hostname,
		IncidentLookup:     origin.NewIncidentLookup(),
		IsAutoupdated:      c.Bool("is-autoupdated"),
		IsFreeTunnel:       isFreeTunnel,
		LBPool:             c.String("lb-pool"),
		Logger:             logger,
		TransportLogger:    transportLogger,
		MaxHeartbeats:      c.Uint64("heartbeat-count"),
		Metrics:            tunnelMetrics,
		MetricsUpdateFreq:  c.Duration("metrics-update-freq"),
		OriginCert:         originCert,
		ReportedVersion:    version,
		Retries:            c.Uint("retries"),
		RunFromTerminal:    isRunningFromTerminal(),
		Tags:               tags,
		TlsConfig:          toEdgeTLSConfig,
		NamedTunnel:        namedTunnel,
		ReplaceExisting:    c.Bool("force"),
		IngressRules:       ingressRules,
		// turn off use of reconnect token and auth refresh when using named tunnels
		UseReconnectToken: compatibilityMode && c.Bool("use-reconnect-token"),
	}, nil
}

func isRunningFromTerminal() bool {
	return terminal.IsTerminal(int(os.Stdout.Fd()))
}
TUN-1099: Bring back changes in 2018.10.1 2018-10-08 19:20:28 +00:00			`package tunnel`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00
			`import (`
			`"fmt"`
			`"io/ioutil"`
			`"os"`
			`"path/filepath"`
			`"strings"`

TUN-1961: Create EdgeConnectionManager to maintain outbound connections to the edge 2019-06-17 21:18:47 +00:00			`"github.com/cloudflare/cloudflared/cmd/cloudflared/buildinfo"`
TUN-1099: Bring back changes in 2018.10.1 2018-10-08 19:20:28 +00:00			`"github.com/cloudflare/cloudflared/cmd/cloudflared/config"`
TUN-3438: move ingress into own package, read into TunnelConfig 2020-10-09 00:12:29 +00:00			`"github.com/cloudflare/cloudflared/ingress"`
AUTH-2596 added new logger package and replaced logrus 2020-04-29 20:51:32 +00:00			`"github.com/cloudflare/cloudflared/logger"`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`"github.com/cloudflare/cloudflared/origin"`
			`"github.com/cloudflare/cloudflared/tlsconfig"`
			`tunnelpogs "github.com/cloudflare/cloudflared/tunnelrpc/pogs"`
			`"github.com/cloudflare/cloudflared/validation"`

TUN-1648: ConnectionID is now a UUID 2019-03-28 17:58:23 +00:00			`"github.com/google/uuid"`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`"github.com/mitchellh/go-homedir"`
			`"github.com/pkg/errors"`
TUN-3233: List tunnels support filtering by deleted, name, existed at and id 2020-08-05 10:49:53 +00:00			`"github.com/urfave/cli/v2"`
TUN-1648: ConnectionID is now a UUID 2019-03-28 17:58:23 +00:00			`"golang.org/x/crypto/ssh/terminal"`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`)`

			`var (`
TUN-1099: Bring back changes in 2018.10.1 2018-10-08 19:20:28 +00:00			`developerPortal = "https://developers.cloudflare.com/argo-tunnel"`
			`quickStartUrl = developerPortal + "/quickstart/quickstart/"`
			`serviceUrl = developerPortal + "/reference/service/"`
			`argumentsUrl = developerPortal + "/reference/arguments/"`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`)`

AUTH-2975 don't check /etc on windows 2020-08-14 20:52:47 +00:00			`// returns the first path that contains a cert.pem file. If none of the DefaultConfigSearchDirectories`
TUN-1099: Bring back changes in 2018.10.1 2018-10-08 19:20:28 +00:00			`// contains a cert.pem file, return empty string`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`func findDefaultOriginCertPath() string {`
AUTH-2975 don't check /etc on windows 2020-08-14 20:52:47 +00:00			`for _, defaultConfigDir := range config.DefaultConfigSearchDirectories() {`
TUN-1099: Bring back changes in 2018.10.1 2018-10-08 19:20:28 +00:00			`originCertPath, _ := homedir.Expand(filepath.Join(defaultConfigDir, config.DefaultCredentialFile))`
			`if ok, _ := config.FileExists(originCertPath); ok {`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`return originCertPath`
			`}`
			`}`
			`return ""`
			`}`

AUTH-2596 added new logger package and replaced logrus 2020-04-29 20:51:32 +00:00			`func generateRandomClientID(logger logger.Service) (string, error) {`
TUN-1648: ConnectionID is now a UUID 2019-03-28 17:58:23 +00:00			`u, err := uuid.NewRandom()`
			`if err != nil {`
AUTH-2596 added new logger package and replaced logrus 2020-04-29 20:51:32 +00:00			`logger.Errorf("couldn't create UUID for client ID %s", err)`
TUN-1648: ConnectionID is now a UUID 2019-03-28 17:58:23 +00:00			`return "", err`
			`}`
			`return u.String(), nil`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`}`

AUTH-2596 added new logger package and replaced logrus 2020-04-29 20:51:32 +00:00			`func logClientOptions(c *cli.Context, logger logger.Service) {`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`flags := make(map[string]interface{})`
			`for _, flag := range c.LocalFlagNames() {`
			`flags[flag] = c.Generic(flag)`
			`}`
TUN-1389: Non-scalar flags in a cloudflared config.yml don't get logged 2019-03-08 08:36:24 +00:00
			`sliceFlags := []string{"header", "tag", "proxy-dns-upstream", "upstream", "edge"}`
			`for _, sliceFlag := range sliceFlags {`
			`if len(c.StringSlice(sliceFlag)) > 0 {`
			`flags[sliceFlag] = strings.Join(c.StringSlice(sliceFlag), ", ")`
			`}`
			`}`

TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`if len(flags) > 0 {`
AUTH-2596 added new logger package and replaced logrus 2020-04-29 20:51:32 +00:00			`logger.Infof("Environment variables %v", flags)`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`}`

			`envs := make(map[string]string)`
			`// Find env variables for Argo Tunnel`
			`for _, env := range os.Environ() {`
			`// All Argo Tunnel env variables start with TUNNEL_`
			`if strings.Contains(env, "TUNNEL_") {`
			`vars := strings.Split(env, "=")`
			`if len(vars) == 2 {`
			`envs[vars[0]] = vars[1]`
			`}`
			`}`
			`}`
			`if len(envs) > 0 {`
			`logger.Infof("Environmental variables %v", envs)`
			`}`
			`}`

			`func dnsProxyStandAlone(c *cli.Context) bool {`
			`return c.IsSet("proxy-dns") && (!c.IsSet("hostname") && !c.IsSet("tag") && !c.IsSet("hello-world"))`
			`}`

AUTH-2596 added new logger package and replaced logrus 2020-04-29 20:51:32 +00:00			`func findOriginCert(c *cli.Context, logger logger.Service) (string, error) {`
TUN-2928, TUN-2929, TUN-2930: Add tunnel subcommands to interact with tunnel store service 2020-05-21 20:36:49 +00:00			`originCertPath := c.String("origincert")`
			`if originCertPath == "" {`
TUN-3463: Let users run a named tunnel via config file setting 2020-10-15 20:08:57 +00:00			`logger.Infof("Cannot determine default origin certificate path. No file %s in %v", config.DefaultCredentialFile, config.DefaultConfigSearchDirectories())`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`if isRunningFromTerminal() {`
			`logger.Errorf("You need to specify the origin certificate path with --origincert option, or set TUNNEL_ORIGIN_CERT environment variable. See %s for more information.", argumentsUrl)`
TUN-2928, TUN-2929, TUN-2930: Add tunnel subcommands to interact with tunnel store service 2020-05-21 20:36:49 +00:00			`return "", fmt.Errorf("Client didn't specify origincert path when running from terminal")`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`} else {`
			`logger.Errorf("You need to specify the origin certificate path by specifying the origincert option in the configuration file, or set TUNNEL_ORIGIN_CERT environment variable. See %s for more information.", serviceUrl)`
TUN-2928, TUN-2929, TUN-2930: Add tunnel subcommands to interact with tunnel store service 2020-05-21 20:36:49 +00:00			`return "", fmt.Errorf("Client didn't specify origincert path")`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`}`
			`}`
TUN-2928, TUN-2929, TUN-2930: Add tunnel subcommands to interact with tunnel store service 2020-05-21 20:36:49 +00:00			`var err error`
			`originCertPath, err = homedir.Expand(originCertPath)`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`if err != nil {`
AUTH-2596 added new logger package and replaced logrus 2020-04-29 20:51:32 +00:00			`logger.Errorf("Cannot resolve path %s: %s", originCertPath, err)`
TUN-2928, TUN-2929, TUN-2930: Add tunnel subcommands to interact with tunnel store service 2020-05-21 20:36:49 +00:00			`return "", fmt.Errorf("Cannot resolve path %s", originCertPath)`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`}`
TUN-2928, TUN-2929, TUN-2930: Add tunnel subcommands to interact with tunnel store service 2020-05-21 20:36:49 +00:00			`// Check that the user has acquired a certificate using the login command`
TUN-1099: Bring back changes in 2018.10.1 2018-10-08 19:20:28 +00:00			`ok, err := config.FileExists(originCertPath)`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`if err != nil {`
TUN-2928, TUN-2929, TUN-2930: Add tunnel subcommands to interact with tunnel store service 2020-05-21 20:36:49 +00:00			`logger.Errorf("Cannot check if origin cert exists at path %s", originCertPath)`
			`return "", fmt.Errorf("Cannot check if origin cert exists at path %s", originCertPath)`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`}`
			`if !ok {`
			logger.Errorf(`Cannot find a valid certificate for your origin at the path:

			`%s`

			`If the path above is wrong, specify the path with the -origincert option.`
			`If you don't have a certificate signed by Cloudflare, run the command:`

			`%s login`
			`, originCertPath, os.Args[0])
TUN-2928, TUN-2929, TUN-2930: Add tunnel subcommands to interact with tunnel store service 2020-05-21 20:36:49 +00:00			`return "", fmt.Errorf("Cannot find a valid certificate at the path %s", originCertPath)`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`}`
TUN-2928, TUN-2929, TUN-2930: Add tunnel subcommands to interact with tunnel store service 2020-05-21 20:36:49 +00:00
			`return originCertPath, nil`
			`}`

AUTH-2596 added new logger package and replaced logrus 2020-04-29 20:51:32 +00:00			`func readOriginCert(originCertPath string, logger logger.Service) ([]byte, error) {`
TUN-2928, TUN-2929, TUN-2930: Add tunnel subcommands to interact with tunnel store service 2020-05-21 20:36:49 +00:00			`logger.Debugf("Reading origin cert from %s", originCertPath)`

TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`// Easier to send the certificate as []byte via RPC than decoding it at this point`
			`originCert, err := ioutil.ReadFile(originCertPath)`
			`if err != nil {`
AUTH-2596 added new logger package and replaced logrus 2020-04-29 20:51:32 +00:00			`logger.Errorf("Cannot read %s to load origin certificate: %s", originCertPath, err)`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`return nil, fmt.Errorf("Cannot read %s to load origin certificate", originCertPath)`
			`}`
			`return originCert, nil`
			`}`

AUTH-2596 added new logger package and replaced logrus 2020-04-29 20:51:32 +00:00			`func getOriginCert(c *cli.Context, logger logger.Service) ([]byte, error) {`
			`if originCertPath, err := findOriginCert(c, logger); err != nil {`
TUN-2928, TUN-2929, TUN-2930: Add tunnel subcommands to interact with tunnel store service 2020-05-21 20:36:49 +00:00			`return nil, err`
			`} else {`
AUTH-2596 added new logger package and replaced logrus 2020-04-29 20:51:32 +00:00			`return readOriginCert(originCertPath, logger)`
TUN-2928, TUN-2929, TUN-2930: Add tunnel subcommands to interact with tunnel store service 2020-05-21 20:36:49 +00:00			`}`
			`}`

TUN-1559: fix nil dereference in TunnelConfig.CloseConnOnce 2019-02-28 22:56:01 +00:00			`func prepareTunnelConfig(`
			`c *cli.Context,`
TUN-1961: Create EdgeConnectionManager to maintain outbound connections to the edge 2019-06-17 21:18:47 +00:00			`buildInfo *buildinfo.BuildInfo,`
AUTH-2596 added new logger package and replaced logrus 2020-04-29 20:51:32 +00:00			`version string,`
			`logger logger.Service,`
			`transportLogger logger.Service,`
TUN-3007: Implement named tunnel connection registration and unregistration. Removed flag for using quick reconnect, this logic is now always enabled. 2020-06-25 18:25:39 +00:00			`namedTunnel *origin.NamedTunnelConfig,`
TUN-1559: fix nil dereference in TunnelConfig.CloseConnOnce 2019-02-28 22:56:01 +00:00			`) (*origin.TunnelConfig, error) {`
TUN-3400: Use Go HTTP2 library as transport to connect with the edge 2020-09-11 22:02:34 +00:00			`isNamedTunnel := namedTunnel != nil`
			`compatibilityMode := !isNamedTunnel`
TUN-3007: Implement named tunnel connection registration and unregistration. Removed flag for using quick reconnect, this logic is now always enabled. 2020-06-25 18:25:39 +00:00
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`hostname, err := validation.ValidateHostname(c.String("hostname"))`
			`if err != nil {`
AUTH-2596 added new logger package and replaced logrus 2020-04-29 20:51:32 +00:00			`logger.Errorf("Invalid hostname: %s", err)`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`return nil, errors.Wrap(err, "Invalid hostname")`
			`}`
TUN-1637: Free tunnels shouldn't require cert.pem 2019-03-22 17:00:57 +00:00			`isFreeTunnel := hostname == ""`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`clientID := c.String("id")`
			`if !c.IsSet("id") {`
TUN-1648: ConnectionID is now a UUID 2019-03-28 17:58:23 +00:00			`clientID, err = generateRandomClientID(logger)`
			`if err != nil {`
			`return nil, err`
			`}`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`}`

			`tags, err := NewTagSliceFromCLI(c.StringSlice("tag"))`
			`if err != nil {`
AUTH-2596 added new logger package and replaced logrus 2020-04-29 20:51:32 +00:00			`logger.Errorf("Tag parse failure: %s", err)`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`return nil, errors.Wrap(err, "Tag parse failure")`
			`}`

			`tags = append(tags, tunnelpogs.Tag{Name: "ID", Value: clientID})`

TUN-1637: Free tunnels shouldn't require cert.pem 2019-03-22 17:00:57 +00:00			`var originCert []byte`
			`if !isFreeTunnel {`
AUTH-2596 added new logger package and replaced logrus 2020-04-29 20:51:32 +00:00			`originCert, err = getOriginCert(c, logger)`
TUN-1637: Free tunnels shouldn't require cert.pem 2019-03-22 17:00:57 +00:00			`if err != nil {`
			`return nil, errors.Wrap(err, "Error getting origin cert")`
			`}`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`}`

			`tunnelMetrics := origin.NewTunnelMetrics()`
Support unix sockets. 2019-02-14 10:40:54 +00:00
TUN-3464: Newtype to wrap []ingress.Rule 2020-10-15 17:41:50 +00:00			`var ingressRules ingress.Ingress`
TUN-3438: move ingress into own package, read into TunnelConfig 2020-10-09 00:12:29 +00:00			`if namedTunnel != nil {`
			`clientUUID, err := uuid.NewRandom()`
			`if err != nil {`
			`return nil, errors.Wrap(err, "can't generate clientUUID")`
			`}`
			`namedTunnel.Client = tunnelpogs.ClientInfo{`
			`ClientID: clientUUID[:],`
			`Features: []string{origin.FeatureSerializedHeaders},`
			`Version: version,`
			`Arch: fmt.Sprintf("%s_%s", buildInfo.GoOS, buildInfo.GoArch),`
			`}`
TUN-3492: Refactor OriginService, shrink its interface 2020-10-30 21:37:40 +00:00			`ingressRules, err = ingress.ParseIngress(config.GetConfiguration())`
TUN-3441: Multiple-origin routing via ingress rules 2020-10-12 17:54:15 +00:00			`if err != nil && err != ingress.ErrNoIngressRules {`
TUN-3438: move ingress into own package, read into TunnelConfig 2020-10-09 00:12:29 +00:00			`return nil, err`
			`}`
TUN-3464: Newtype to wrap []ingress.Rule 2020-10-15 17:41:50 +00:00			`if !ingressRules.IsEmpty() && c.IsSet("url") {`
TUN-3438: move ingress into own package, read into TunnelConfig 2020-10-09 00:12:29 +00:00			`return nil, ingress.ErrURLIncompatibleWithIngress`
			`}`
			`}`

TUN-2640: Users can configure per-origin config. Unify single-rule CLI flow with multi-rule config file code. 2020-10-15 21:41:03 +00:00			`// Convert single-origin configuration into multi-origin configuration.`
TUN-3464: Newtype to wrap []ingress.Rule 2020-10-15 17:41:50 +00:00			`if ingressRules.IsEmpty() {`
TUN-2640: Users can configure per-origin config. Unify single-rule CLI flow with multi-rule config file code. 2020-10-15 21:41:03 +00:00			`ingressRules, err = ingress.NewSingleOrigin(c, compatibilityMode, logger)`
TUN-3438: move ingress into own package, read into TunnelConfig 2020-10-09 00:12:29 +00:00			`if err != nil {`
TUN-2640: Users can configure per-origin config. Unify single-rule CLI flow with multi-rule config file code. 2020-10-15 21:41:03 +00:00			`return nil, err`
AUTH-2369: RDP Bastion prototype 2020-05-04 20:15:17 +00:00			`}`
TUN-1099: Bring back changes in 2018.10.1 2018-10-08 19:20:28 +00:00			`}`

TUN-3400: Use Go HTTP2 library as transport to connect with the edge 2020-09-11 22:02:34 +00:00			`toEdgeTLSConfig, err := tlsconfig.CreateTunnelConfig(c, isNamedTunnel)`
TUN-1196: Allow TLS config client CA and root CA to be constructed from multiple certificates 2018-11-15 15:43:50 +00:00			`if err != nil {`
AUTH-2596 added new logger package and replaced logrus 2020-04-29 20:51:32 +00:00			`logger.Errorf("unable to create TLS config to connect with edge: %s", err)`
TUN-1196: Allow TLS config client CA and root CA to be constructed from multiple certificates 2018-11-15 15:43:50 +00:00			`return nil, errors.Wrap(err, "unable to create TLS config to connect with edge")`
			`}`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`return &origin.TunnelConfig{`
TUN-3007: Implement named tunnel connection registration and unregistration. Removed flag for using quick reconnect, this logic is now always enabled. 2020-06-25 18:25:39 +00:00			`BuildInfo: buildInfo,`
			`ClientID: clientID,`
			`CompressionQuality: c.Uint64("compression-quality"),`
			`EdgeAddrs: c.StringSlice("edge"),`
			`GracePeriod: c.Duration("grace-period"),`
			`HAConnections: c.Int("ha-connections"),`
			`HeartbeatInterval: c.Duration("heartbeat-interval"),`
			`Hostname: hostname,`
			`IncidentLookup: origin.NewIncidentLookup(),`
			`IsAutoupdated: c.Bool("is-autoupdated"),`
			`IsFreeTunnel: isFreeTunnel,`
			`LBPool: c.String("lb-pool"),`
			`Logger: logger,`
			`TransportLogger: transportLogger,`
			`MaxHeartbeats: c.Uint64("heartbeat-count"),`
			`Metrics: tunnelMetrics,`
			`MetricsUpdateFreq: c.Duration("metrics-update-freq"),`
			`OriginCert: originCert,`
			`ReportedVersion: version,`
			`Retries: c.Uint("retries"),`
			`RunFromTerminal: isRunningFromTerminal(),`
			`Tags: tags,`
			`TlsConfig: toEdgeTLSConfig,`
			`NamedTunnel: namedTunnel,`
			`ReplaceExisting: c.Bool("force"),`
TUN-3438: move ingress into own package, read into TunnelConfig 2020-10-09 00:12:29 +00:00			`IngressRules: ingressRules,`
TUN-3007: Implement named tunnel connection registration and unregistration. Removed flag for using quick reconnect, this logic is now always enabled. 2020-06-25 18:25:39 +00:00			`// turn off use of reconnect token and auth refresh when using named tunnels`
TUN-3233: List tunnels support filtering by deleted, name, existed at and id 2020-08-05 10:49:53 +00:00			`UseReconnectToken: compatibilityMode && c.Bool("use-reconnect-token"),`
TUN-528: Move cloudflared into a separate repo 2018-05-01 23:45:06 +00:00			`}, nil`
			`}`

TUN-1099: Bring back changes in 2018.10.1 2018-10-08 19:20:28 +00:00			`func isRunningFromTerminal() bool {`
			`return terminal.IsTerminal(int(os.Stdout.Fd()))`
			`}`