TUN-4063: Cleanup dependencies between packages.

- Move packages the provide generic functionality (such as config) from `cmd` subtree to top level.
- Remove all dependencies on `cmd` subtree from top level packages.
- Consolidate all code dealing with token generation and transfer to a single cohesive package.

.gitignore

@@ -1,21 +1,17 @@
-.GOPATH/
-bin/
-tmp/
-guide/public
-/.GOPATH
+/tmp
 /bin
 .idea
 .build
 .vscode
 \#*\#
 cscope.*
-cloudflared
-cloudflared.pkg
-cloudflared.exe
-cloudflared.msi
-cloudflared-x86-64*
-!cmd/cloudflared/
+/cloudflared
+/cloudflared.pkg
+/cloudflared.exe
+/cloudflared.msi
+/cloudflared-x86-64*
+/packaging
 .DS_Store
 *-session.log
 ssh_server_tests/.env
-.cover
+/.cover

carrier/carrier.go

@@ -11,8 +11,8 @@ import (
 	"os"
 	"strings"
 
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/token"
 	"github.com/cloudflare/cloudflared/h2mux"
+	"github.com/cloudflare/cloudflared/token"
 
 	"github.com/pkg/errors"
 	"github.com/rs/zerolog"

carrier/websocket.go

@@ -7,9 +7,9 @@ import (
 	"net/http"
 	"net/http/httputil"
 
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/token"
 	"github.com/cloudflare/cloudflared/ingress"
 	"github.com/cloudflare/cloudflared/socks"
+	"github.com/cloudflare/cloudflared/token"
 	cfwebsocket "github.com/cloudflare/cloudflared/websocket"
 
 	"github.com/gorilla/websocket"

cmd/cloudflared/access/carrier.go

@@ -7,7 +7,7 @@ import (
 	"strings"
 
 	"github.com/cloudflare/cloudflared/carrier"
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/cloudflare/cloudflared/config"
 	"github.com/cloudflare/cloudflared/h2mux"
 	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/validation"

cmd/cloudflared/access/cmd.go

@@ -2,20 +2,21 @@ package access
 
 import (
 	"fmt"
+	"io"
 	"net/http"
 	"net/url"
 	"os"
+	"os/exec"
 	"strings"
 	"text/template"
 	"time"
 
 	"github.com/cloudflare/cloudflared/carrier"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/cliutil"
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/shell"
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/token"
 	"github.com/cloudflare/cloudflared/h2mux"
 	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/sshgen"
+	"github.com/cloudflare/cloudflared/token"
 	"github.com/cloudflare/cloudflared/validation"
 
 	"github.com/getsentry/raven-go"
@@ -271,7 +272,7 @@ func curl(c *cli.Context) error {
 	if err != nil || tok == "" {
 		if allowRequest {
 			log.Info().Msg("You don't have an Access token set. Please run access token <access application> to fetch one.")
-			return shell.Run("curl", cmdArgs...)
+			return run("curl", cmdArgs...)
 		}
 		tok, err = token.FetchToken(appURL, log)
 		if err != nil {
@@ -282,7 +283,29 @@ func curl(c *cli.Context) error {
 
 	cmdArgs = append(cmdArgs, "-H")
 	cmdArgs = append(cmdArgs, fmt.Sprintf("%s: %s", h2mux.CFAccessTokenHeader, tok))
-	return shell.Run("curl", cmdArgs...)
+	return run("curl", cmdArgs...)
+}
+
+
+// run kicks off a shell task and pipe the results to the respective std pipes
+func run(cmd string, args ...string) error {
+	c := exec.Command(cmd, args...)
+	stderr, err := c.StderrPipe()
+	if err != nil {
+		return err
+	}
+	go func() {
+		io.Copy(os.Stderr, stderr)
+	}()
+
+	stdout, err := c.StdoutPipe()
+	if err != nil {
+		return err
+	}
+	go func() {
+		io.Copy(os.Stdout, stdout)
+	}()
+	return c.Run()
 }
 
 // token dumps provided token to stdout

cmd/cloudflared/app_forward_service.go

@@ -2,7 +2,7 @@ package main
 
 import (
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/access"
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/cloudflare/cloudflared/config"
 
 	"github.com/rs/zerolog"
 )

cmd/cloudflared/app_resolver_service.go

@@ -1,7 +1,7 @@
 package main
 
 import (
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/cloudflare/cloudflared/config"
 	"github.com/cloudflare/cloudflared/tunneldns"
 
 	"github.com/rs/zerolog"

cmd/cloudflared/app_service.go

@@ -1,7 +1,7 @@
 package main
 
 import (
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/cloudflare/cloudflared/config"
 	"github.com/cloudflare/cloudflared/overwatch"
 
 	"github.com/rs/zerolog"

cmd/cloudflared/buildinfo/build_info.go

@@ -2,6 +2,7 @@ package buildinfo
 
 import (
 	"github.com/rs/zerolog"
+	"fmt"
 	"runtime"
 )
 
@@ -25,3 +26,7 @@ func (bi *BuildInfo) Log(log *zerolog.Logger) {
 	log.Info().Msgf("Version %s", bi.CloudflaredVersion)
 	log.Info().Msgf("GOOS: %s, GOVersion: %s, GoArch: %s", bi.GoOS, bi.GoVersion, bi.GoArch)
 }
+
+func (bi *BuildInfo) OSArch() string {
+	return fmt.Sprintf("%s_%s", bi.GoOS, bi.GoArch)
+}

cmd/cloudflared/linux_service.go

@@ -8,8 +8,8 @@ import (
 	"path/filepath"
 
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/cliutil"
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/tunnel"
+	"github.com/cloudflare/cloudflared/config"
 	"github.com/cloudflare/cloudflared/logger"
 
 	"github.com/rs/zerolog"

cmd/cloudflared/main.go

@@ -8,13 +8,13 @@ import (
 
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/access"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/cliutil"
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/cloudflare/cloudflared/config"
+	"github.com/cloudflare/cloudflared/cmd/cloudflared/proxydns"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/tunnel"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/updater"
 	"github.com/cloudflare/cloudflared/logger"
 	"github.com/cloudflare/cloudflared/metrics"
 	"github.com/cloudflare/cloudflared/overwatch"
-	"github.com/cloudflare/cloudflared/tunneldns"
 	"github.com/cloudflare/cloudflared/watcher"
 
 	"github.com/getsentry/raven-go"
@@ -130,7 +130,7 @@ To determine if an update happened in a script, check for error code 11.`,
 		},
 	}
 	cmds = append(cmds, tunnel.Commands()...)
-	cmds = append(cmds, tunneldns.Command(false))
+	cmds = append(cmds, proxydns.Command(false))
 	cmds = append(cmds, access.Commands()...)
 	return cmds
 }

cmd/cloudflared/proxydns/cmd.go

@@ -0,0 +1,115 @@
+package proxydns
+
+import (
+	"net"
+	"os"
+	"os/signal"
+	"syscall"
+
+	"github.com/urfave/cli/v2"
+
+	"github.com/cloudflare/cloudflared/cmd/cloudflared/cliutil"
+	"github.com/cloudflare/cloudflared/logger"
+	"github.com/cloudflare/cloudflared/metrics"
+	"github.com/cloudflare/cloudflared/tunneldns"
+)
+
+func Command(hidden bool) *cli.Command {
+	return &cli.Command{
+		Name:   "proxy-dns",
+		Action: cliutil.ErrorHandler(Run),
+		Usage:  "Run a DNS over HTTPS proxy server.",
+		Flags: []cli.Flag{
+			&cli.StringFlag{
+				Name:    "metrics",
+				Value:   "localhost:",
+				Usage:   "Listen address for metrics reporting.",
+				EnvVars: []string{"TUNNEL_METRICS"},
+			},
+			&cli.StringFlag{
+				Name:    "address",
+				Usage:   "Listen address for the DNS over HTTPS proxy server.",
+				Value:   "localhost",
+				EnvVars: []string{"TUNNEL_DNS_ADDRESS"},
+			},
+			// Note TUN-3758 , we use Int because UInt is not supported with altsrc
+			&cli.IntFlag{
+				Name:    "port",
+				Usage:   "Listen on given port for the DNS over HTTPS proxy server.",
+				Value:   53,
+				EnvVars: []string{"TUNNEL_DNS_PORT"},
+			},
+			&cli.StringSliceFlag{
+				Name:    "upstream",
+				Usage:   "Upstream endpoint URL, you can specify multiple endpoints for redundancy.",
+				Value:   cli.NewStringSlice("https://1.1.1.1/dns-query", "https://1.0.0.1/dns-query"),
+				EnvVars: []string{"TUNNEL_DNS_UPSTREAM"},
+			},
+			&cli.StringSliceFlag{
+				Name:    "bootstrap",
+				Usage:   "bootstrap endpoint URL, you can specify multiple endpoints for redundancy.",
+				Value:   cli.NewStringSlice("https://162.159.36.1/dns-query", "https://162.159.46.1/dns-query", "https://[2606:4700:4700::1111]/dns-query", "https://[2606:4700:4700::1001]/dns-query"),
+				EnvVars: []string{"TUNNEL_DNS_BOOTSTRAP"},
+			},
+			&cli.IntFlag{
+				Name:    "max-upstream-conns",
+				Usage:   "Maximum concurrent connections to upstream. Setting to 0 means unlimited.",
+				Value:   tunneldns.MaxUpstreamConnsDefault,
+				EnvVars: []string{"TUNNEL_DNS_MAX_UPSTREAM_CONNS"},
+			},
+		},
+		ArgsUsage: " ", // can't be the empty string or we get the default output
+		Hidden:    hidden,
+	}
+}
+
+// Run implements a foreground runner
+func Run(c *cli.Context) error {
+	log := logger.CreateLoggerFromContext(c, logger.EnableTerminalLog)
+
+	metricsListener, err := net.Listen("tcp", c.String("metrics"))
+	if err != nil {
+		log.Fatal().Err(err).Msg("Failed to open the metrics listener")
+	}
+
+	go metrics.ServeMetrics(metricsListener, nil, nil, log)
+
+	listener, err := tunneldns.CreateListener(
+		c.String("address"),
+		// Note TUN-3758 , we use Int because UInt is not supported with altsrc
+		uint16(c.Int("port")),
+		c.StringSlice("upstream"),
+		c.StringSlice("bootstrap"),
+		c.Int("max-upstream-conns"),
+		log,
+	)
+
+	if err != nil {
+		log.Err(err).Msg("Failed to create the listeners")
+		return err
+	}
+
+	// Try to start the server
+	readySignal := make(chan struct{})
+	err = listener.Start(readySignal)
+	if err != nil {
+		log.Err(err).Msg("Failed to start the listeners")
+		return listener.Stop()
+	}
+	<-readySignal
+
+	// Wait for signal
+	signals := make(chan os.Signal, 10)
+	signal.Notify(signals, syscall.SIGTERM, syscall.SIGINT)
+	defer signal.Stop(signals)
+	<-signals
+
+	// Shut down server
+	err = listener.Stop()
+	if err != nil {
+		log.Err(err).Msg("failed to stop")
+	}
+	return err
+}
+
+

cmd/cloudflared/service_template.go

@@ -12,7 +12,7 @@ import (
 
 	"github.com/mitchellh/go-homedir"
 
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/cloudflare/cloudflared/config"
 )
 
 type ServiceTemplate struct {

cmd/cloudflared/shell/shell.go

@@ -1,33 +0,0 @@
-package shell
-
-import (
-	"io"
-	"os"
-	"os/exec"
-)
-
-// OpenBrowser opens the specified URL in the default browser of the user
-func OpenBrowser(url string) error {
-	return getBrowserCmd(url).Start()
-}
-
-// Run will kick off a shell task and pipe the results to the respective std pipes
-func Run(cmd string, args ...string) error {
-	c := exec.Command(cmd, args...)
-	stderr, err := c.StderrPipe()
-	if err != nil {
-		return err
-	}
-	go func() {
-		io.Copy(os.Stderr, stderr)
-	}()
-
-	stdout, err := c.StdoutPipe()
-	if err != nil {
-		return err
-	}
-	go func() {
-		io.Copy(os.Stdout, stdout)
-	}()
-	return c.Run()
-}

cmd/cloudflared/tunnel/cmd.go

@@ -15,9 +15,10 @@ import (
 
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/buildinfo"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/cliutil"
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/cloudflare/cloudflared/cmd/cloudflared/proxydns"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/ui"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/updater"
+	"github.com/cloudflare/cloudflared/config"
 	"github.com/cloudflare/cloudflared/connection"
 	"github.com/cloudflare/cloudflared/ingress"
 	"github.com/cloudflare/cloudflared/logger"
@@ -104,7 +105,7 @@ func Commands() []*cli.Command {
 		buildDeleteCommand(),
 		buildCleanupCommand(),
 		// for compatibility, allow following as tunnel subcommands
-		tunneldns.Command(true),
+		proxydns.Command(true),
 		cliutil.RemovedCommand("db-connect"),
 	}
 

cmd/cloudflared/tunnel/configuration.go

@@ -9,7 +9,7 @@ import (
 	"strings"
 
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/buildinfo"
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/cloudflare/cloudflared/config"
 	"github.com/cloudflare/cloudflared/connection"
 	"github.com/cloudflare/cloudflared/edgediscovery"
 	"github.com/cloudflare/cloudflared/h2mux"
@@ -207,7 +207,7 @@ func prepareTunnelConfig(
 			ClientID: clientUUID[:],
 			Features: dedup(features),
 			Version:  version,
-			Arch:     fmt.Sprintf("%s_%s", buildInfo.GoOS, buildInfo.GoArch),
+			Arch:     buildInfo.OSArch(),
 		}
 		ingressRules, err = ingress.ParseIngress(cfg)
 		if err != nil && err != ingress.ErrNoIngressRules {
@@ -272,7 +272,7 @@ func prepareTunnelConfig(
 
 	return &origin.TunnelConfig{
 		ConnectionConfig: connectionConfig,
-		BuildInfo:        buildInfo,
+		OSArch:           buildInfo.OSArch(),
 		ClientID:         clientID,
 		EdgeAddrs:        c.StringSlice("edge"),
 		HAConnections:    c.Int("ha-connections"),

cmd/cloudflared/tunnel/credential_finder.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"path/filepath"
 
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/cloudflare/cloudflared/config"
 
 	"github.com/google/uuid"
 	"github.com/rs/zerolog"

cmd/cloudflared/tunnel/ingress_subcommands.go

@@ -5,7 +5,7 @@ import (
 	"net/url"
 
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/cliutil"
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/cloudflare/cloudflared/config"
 	"github.com/cloudflare/cloudflared/ingress"
 
 	"github.com/pkg/errors"

cmd/cloudflared/tunnel/login.go

@@ -13,9 +13,9 @@ import (
 	"github.com/urfave/cli/v2"
 
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/cliutil"
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/transfer"
+	"github.com/cloudflare/cloudflared/config"
 	"github.com/cloudflare/cloudflared/logger"
+	"github.com/cloudflare/cloudflared/token"
 )
 
 const (
@@ -56,7 +56,7 @@ func login(c *cli.Context) error {
 		return err
 	}
 
-	resourceData, err := transfer.Run(
+	resourceData, err := token.RunTransfer(
 		loginURL,
 		"cert",
 		"callback",

cmd/cloudflared/tunnel/subcommands.go

@@ -13,7 +13,6 @@ import (
 	"text/tabwriter"
 	"time"
 
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/updater"
 	"github.com/google/uuid"
 	"github.com/mitchellh/go-homedir"
 	"github.com/pkg/errors"
@@ -23,7 +22,8 @@ import (
 	"gopkg.in/yaml.v2"
 
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/cliutil"
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/cloudflare/cloudflared/cmd/cloudflared/updater"
+	"github.com/cloudflare/cloudflared/config"
 	"github.com/cloudflare/cloudflared/connection"
 	"github.com/cloudflare/cloudflared/tunnelstore"
 )

cmd/cloudflared/updater/update.go

@@ -8,12 +8,13 @@ import (
 	"runtime"
 	"time"
 
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
-	"github.com/cloudflare/cloudflared/logger"
 	"github.com/facebookgo/grace/gracenet"
 	"github.com/rs/zerolog"
 	"github.com/urfave/cli/v2"
 	"golang.org/x/crypto/ssh/terminal"
+
+	"github.com/cloudflare/cloudflared/config"
+	"github.com/cloudflare/cloudflared/logger"
 )
 
 const (

config/configuration.go

@@ -11,11 +11,11 @@ import (
 
 	"github.com/mitchellh/go-homedir"
 	"github.com/pkg/errors"
+	"github.com/rs/zerolog"
 	"github.com/urfave/cli/v2"
 	"gopkg.in/yaml.v2"
 
 	"github.com/cloudflare/cloudflared/validation"
-	"github.com/rs/zerolog"
 )
 
 var (

ingress/ingress.go

@@ -9,7 +9,7 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/cloudflare/cloudflared/config"
 
 	"github.com/pkg/errors"
 	"github.com/rs/zerolog"

ingress/ingress_test.go

@@ -14,7 +14,7 @@ import (
 	"github.com/urfave/cli/v2"
 	"gopkg.in/yaml.v2"
 
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/cloudflare/cloudflared/config"
 	"github.com/cloudflare/cloudflared/tlsconfig"
 )
 

ingress/origin_request_config.go

@@ -3,9 +3,10 @@ package ingress
 import (
 	"time"
 
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
-	"github.com/cloudflare/cloudflared/tlsconfig"
 	"github.com/urfave/cli/v2"
+
+	"github.com/cloudflare/cloudflared/config"
+	"github.com/cloudflare/cloudflared/tlsconfig"
 )
 
 const (

ingress/origin_request_config_test.go

@@ -5,7 +5,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/cloudflare/cloudflared/config"
 	"github.com/stretchr/testify/require"
 	"github.com/urfave/cli/v2"
 	"gopkg.in/yaml.v2"

origin/pool.go

@@ -1,17 +1,17 @@
-package buffer
+package origin
 
 import (
 	"sync"
 )
 
-type Pool struct {
-	// A Pool must not be copied after first use.
+type bufferPool struct {
+	// A bufferPool must not be copied after first use.
 	// https://golang.org/pkg/sync/#Pool
 	buffers sync.Pool
 }
 
-func NewPool(bufferSize int) *Pool {
-	return &Pool{
+func newBufferPool(bufferSize int) *bufferPool {
+	return &bufferPool{
 		buffers: sync.Pool{
 			New: func() interface{} {
 				return make([]byte, bufferSize)
@@ -20,10 +20,10 @@ func NewPool(bufferSize int) *Pool {
 	}
 }
 
-func (p *Pool) Get() []byte {
+func (p *bufferPool) Get() []byte {
 	return p.buffers.Get().([]byte)
 }
 
-func (p *Pool) Put(buf []byte) {
+func (p *bufferPool) Put(buf []byte) {
 	p.buffers.Put(buf)
 }

origin/proxy.go

@@ -9,12 +9,12 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/cloudflare/cloudflared/buffer"
+	"github.com/pkg/errors"
+	"github.com/rs/zerolog"
+
 	"github.com/cloudflare/cloudflared/connection"
 	"github.com/cloudflare/cloudflared/ingress"
 	tunnelpogs "github.com/cloudflare/cloudflared/tunnelrpc/pogs"
-	"github.com/pkg/errors"
-	"github.com/rs/zerolog"
 )
 
 const (
@@ -26,7 +26,7 @@ type proxy struct {
 	warpRouting  *ingress.WarpRoutingService
 	tags         []tunnelpogs.Tag
 	log          *zerolog.Logger
-	bufferPool   *buffer.Pool
+	bufferPool   *bufferPool
 }
 
 func NewOriginProxy(
@@ -40,7 +40,7 @@ func NewOriginProxy(
 		warpRouting:  warpRouting,
 		tags:         tags,
 		log:          log,
-		bufferPool:   buffer.NewPool(512 * 1024),
+		bufferPool:   newBufferPool(512 * 1024),
 	}
 }
 

origin/proxy_test.go

@@ -15,7 +15,7 @@ import (
 
 	"github.com/cloudflare/cloudflared/logger"
 
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/cloudflare/cloudflared/config"
 	"github.com/cloudflare/cloudflared/connection"
 	"github.com/cloudflare/cloudflared/hello"
 	"github.com/cloudflare/cloudflared/ingress"

origin/tunnel.go

@@ -15,7 +15,6 @@ import (
 	"github.com/rs/zerolog"
 	"golang.org/x/sync/errgroup"
 
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/buildinfo"
 	"github.com/cloudflare/cloudflared/connection"
 	"github.com/cloudflare/cloudflared/edgediscovery"
 	"github.com/cloudflare/cloudflared/h2mux"
@@ -40,7 +39,7 @@ const (
 
 type TunnelConfig struct {
 	ConnectionConfig *connection.Config
-	BuildInfo        *buildinfo.BuildInfo
+	OSArch           string
 	ClientID         string
 	CloseConnOnce    *sync.Once // Used to close connectedSignal no more than once
 	EdgeAddrs        []string
@@ -72,7 +71,7 @@ func (c *TunnelConfig) RegistrationOptions(connectionID uint8, OriginLocalIP str
 	return &tunnelpogs.RegistrationOptions{
 		ClientID:             c.ClientID,
 		Version:              c.ReportedVersion,
-		OS:                   fmt.Sprintf("%s_%s", c.BuildInfo.GoOS, c.BuildInfo.GoArch),
+		OS:                   c.OSArch,
 		ExistingTunnelPolicy: policy,
 		PoolName:             c.LBPool,
 		Tags:                 c.Tags,

sshgen/sshgen.go

@@ -15,12 +15,13 @@ import (
 	"net/url"
 	"time"
 
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
-	cfpath "github.com/cloudflare/cloudflared/cmd/cloudflared/path"
 	"github.com/coreos/go-oidc/jose"
 	homedir "github.com/mitchellh/go-homedir"
 	"github.com/pkg/errors"
 	gossh "golang.org/x/crypto/ssh"
+
+	"github.com/cloudflare/cloudflared/config"
+	cfpath "github.com/cloudflare/cloudflared/token"
 )
 
 const (

sshgen/sshgen_test.go

@@ -14,10 +14,11 @@ import (
 	"testing"
 	"time"
 
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
-	cfpath "github.com/cloudflare/cloudflared/cmd/cloudflared/path"
 	"github.com/coreos/go-oidc/jose"
 	"github.com/stretchr/testify/assert"
+
+	"github.com/cloudflare/cloudflared/config"
+	cfpath "github.com/cloudflare/cloudflared/token"
 )
 
 const (

token/encrypt.go

@@ -4,12 +4,12 @@
 // You can read more here https://godoc.org/golang.org/x/crypto/nacl/box.
 //
 //		msg := []byte("super safe message.")
-//		alice, err := New("alice_priv_key.pem", "alice_pub_key.pem")
+//		alice, err := NewEncrypter("alice_priv_key.pem", "alice_pub_key.pem")
 //		if err != nil {
 //			log.Fatal(err)
 //		}
 //
-//		bob, err := New("bob_priv_key.pem", "bob_pub_key.pem")
+//		bob, err := NewEncrypter("bob_priv_key.pem", "bob_pub_key.pem")
 //		if err != nil {
 //			log.Fatal(err)
 //		}
@@ -23,7 +23,7 @@
 //			log.Fatal(err)
 //		}
 //		fmt.Println(string(data))
-package encrypter
+package token
 
 import (
 	"bytes"
@@ -44,8 +44,8 @@ type Encrypter struct {
 	publicKey  *[32]byte
 }
 
-// New returns a new encrypter with initialized keypair
-func New(privateKey, publicKey string) (*Encrypter, error) {
+// NewEncrypter returns a new encrypter with initialized keypair
+func NewEncrypter(privateKey, publicKey string) (*Encrypter, error) {
 	e := &Encrypter{}
 	pubKey, key, err := e.fetchOrGenerateKeys(privateKey, publicKey)
 	if err != nil {

token/launch_browser_darwin.go

@@ -1,6 +1,6 @@
 //+build darwin
 
-package shell
+package token
 
 import (
 	"os/exec"

token/launch_browser_other.go

@@ -1,6 +1,6 @@
 //+build !windows,!darwin,!linux,!netbsd,!freebsd,!openbsd
 
-package shell
+package token
 
 import (
 	"os/exec"

token/launch_browser_unix.go

@@ -1,6 +1,6 @@
 //+build linux freebsd openbsd netbsd
 
-package shell
+package token
 
 import (
 	"os/exec"

token/launch_browser_windows.go

@@ -1,6 +1,6 @@
 //+build windows
 
-package shell
+package token
 
 import (
 	"fmt"

token/path.go

@@ -1,4 +1,4 @@
-package path
+package token
 
 import (
 	"fmt"
@@ -7,8 +7,9 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
 	"github.com/mitchellh/go-homedir"
+
+	"github.com/cloudflare/cloudflared/config"
 )
 
 // GenerateAppTokenFilePathFromURL will return a filepath for given Access org token
@@ -21,8 +22,8 @@ func GenerateAppTokenFilePathFromURL(url *url.URL, suffix string) (string, error
 	return filepath.Join(configPath, name), nil
 }
 
-// GenerateOrgTokenFilePathFromURL will return a filepath for given Access application token
-func GenerateOrgTokenFilePathFromURL(authDomain string) (string, error) {
+// generateOrgTokenFilePathFromURL will return a filepath for given Access application token
+func generateOrgTokenFilePathFromURL(authDomain string) (string, error) {
 	configPath, err := getConfigPath()
 	if err != nil {
 		return "", err

token/shell.go

@@ -0,0 +1,7 @@
+package token
+
+// OpenBrowser opens the specified URL in the default browser of the user
+func OpenBrowser(url string) error {
+	return getBrowserCmd(url).Start()
+}
+

token/token.go

@@ -13,9 +13,7 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/path"
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/transfer"
+	"github.com/cloudflare/cloudflared/config"
 	"github.com/cloudflare/cloudflared/origin"
 
 	"github.com/coreos/go-oidc/jose"
@@ -102,7 +100,7 @@ func (l *lock) Acquire() error {
 		os.Exit(0)
 	})
 
-	// Check for a path.lock file
+	// Check for a lock file
 	// if the lock file exists; start polling
 	// if not, create the lock file and go through the normal flow.
 	// See AUTH-1736 for the reason why we do all this
@@ -160,7 +158,7 @@ func getToken(appURL *url.URL, useHostOnly bool, log *zerolog.Logger) (string, e
 		return token, nil
 	}
 
-	appTokenPath, err := path.GenerateAppTokenFilePathFromURL(appURL, keyName)
+	appTokenPath, err := GenerateAppTokenFilePathFromURL(appURL, keyName)
 	if err != nil {
 		return "", errors.Wrap(err, "failed to generate app token file path")
 	}
@@ -184,7 +182,7 @@ func getToken(appURL *url.URL, useHostOnly bool, log *zerolog.Logger) (string, e
 	} else {
 		orgToken, err := GetOrgTokenIfExists(authDomain)
 		if err != nil {
-			orgTokenPath, err = path.GenerateOrgTokenFilePathFromURL(authDomain)
+			orgTokenPath, err = generateOrgTokenFilePathFromURL(authDomain)
 			if err != nil {
 				return "", errors.Wrap(err, "failed to generate org token file path")
 			}
@@ -220,7 +218,7 @@ func getTokensFromEdge(appURL *url.URL, appTokenPath, orgTokenPath string, useHo
 	// this weird parameter is the resource name (token) and the key/value
 	// we want to send to the transfer service. the key is token and the value
 	// is blank (basically just the id generated in the transfer service)
-	resourceData, err := transfer.Run(appURL, keyName, keyName, "", true, useHostOnly, log)
+	resourceData, err := RunTransfer(appURL, keyName, keyName, "", true, useHostOnly, log)
 	if err != nil {
 		return "", errors.Wrap(err, "failed to run transfer service")
 	}
@@ -316,7 +314,7 @@ func exchangeOrgToken(appURL *url.URL, orgToken string) (string, error) {
 }
 
 func GetOrgTokenIfExists(authDomain string) (string, error) {
-	path, err := path.GenerateOrgTokenFilePathFromURL(authDomain)
+	path, err := generateOrgTokenFilePathFromURL(authDomain)
 	if err != nil {
 		return "", err
 	}
@@ -338,7 +336,7 @@ func GetOrgTokenIfExists(authDomain string) (string, error) {
 }
 
 func GetAppTokenIfExists(url *url.URL) (string, error) {
-	path, err := path.GenerateAppTokenFilePathFromURL(url, keyName)
+	path, err := GenerateAppTokenFilePathFromURL(url, keyName)
 	if err != nil {
 		return "", err
 	}
@@ -376,7 +374,7 @@ func getTokenIfExists(path string) (*jose.JWT, error) {
 
 // RemoveTokenIfExists removes the a token from local storage if it exists
 func RemoveTokenIfExists(url *url.URL) error {
-	path, err := path.GenerateAppTokenFilePathFromURL(url, keyName)
+	path, err := GenerateAppTokenFilePathFromURL(url, keyName)
 	if err != nil {
 		return err
 	}

token/token_test.go

@@ -1,3 +1,5 @@
+//+build linux
+
 package token
 
 import (

token/transfer.go

@@ -1,4 +1,4 @@
-package transfer
+package token
 
 import (
 	"bytes"
@@ -10,8 +10,6 @@ import (
 	"os"
 	"time"
 
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/encrypter"
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/shell"
 	"github.com/pkg/errors"
 	"github.com/rs/zerolog"
 )
@@ -21,14 +19,14 @@ const (
 	clientTimeout = time.Second * 60
 )
 
-// Run does the transfer "dance" with the end result downloading the supported resource.
+// RunTransfer does the transfer "dance" with the end result downloading the supported resource.
 // The expanded description is run is encapsulation of shared business logic needed
 // to request a resource (token/cert/etc) from the transfer service (loginhelper).
 // The "dance" we refer to is building a HTTP request, opening that in a browser waiting for
 // the user to complete an action, while it long polls in the background waiting for an
 // action to be completed to download the resource.
-func Run(transferURL *url.URL, resourceName, key, value string, shouldEncrypt bool, useHostOnly bool, log *zerolog.Logger) ([]byte, error) {
-	encrypterClient, err := encrypter.New("cloudflared_priv.pem", "cloudflared_pub.pem")
+func RunTransfer(transferURL *url.URL, resourceName, key, value string, shouldEncrypt bool, useHostOnly bool, log *zerolog.Logger) ([]byte, error) {
+	encrypterClient, err := NewEncrypter("cloudflared_priv.pem", "cloudflared_pub.pem")
 	if err != nil {
 		return nil, err
 	}
@@ -38,7 +36,7 @@ func Run(transferURL *url.URL, resourceName, key, value string, shouldEncrypt bo
 	}
 
 	// See AUTH-1423 for why we use stderr (the way git wraps ssh)
-	err = shell.OpenBrowser(requestURL)
+	err = OpenBrowser(requestURL)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Please open the following URL and log in with your Cloudflare account:\n\n%s\n\nLeave cloudflared running to download the %s automatically.\n", requestURL, resourceName)
 	} else {

tunneldns/tunnel.go

@@ -2,22 +2,14 @@ package tunneldns
 
 import (
 	"net"
-	"os"
-	"os/signal"
 	"strconv"
 	"sync"
-	"syscall"
-
-	"github.com/cloudflare/cloudflared/cmd/cloudflared/cliutil"
-	"github.com/cloudflare/cloudflared/logger"
-	"github.com/cloudflare/cloudflared/metrics"
 
 	"github.com/coredns/coredns/core/dnsserver"
 	"github.com/coredns/coredns/plugin"
 	"github.com/coredns/coredns/plugin/cache"
 	"github.com/pkg/errors"
 	"github.com/rs/zerolog"
-	"github.com/urfave/cli/v2"
 )
 
 const (
@@ -33,104 +25,6 @@ type Listener struct {
 	log    *zerolog.Logger
 }
 
-func Command(hidden bool) *cli.Command {
-	return &cli.Command{
-		Name:   "proxy-dns",
-		Action: cliutil.ErrorHandler(Run),
-		Usage:  "Run a DNS over HTTPS proxy server.",
-		Flags: []cli.Flag{
-			&cli.StringFlag{
-				Name:    "metrics",
-				Value:   "localhost:",
-				Usage:   "Listen address for metrics reporting.",
-				EnvVars: []string{"TUNNEL_METRICS"},
-			},
-			&cli.StringFlag{
-				Name:    "address",
-				Usage:   "Listen address for the DNS over HTTPS proxy server.",
-				Value:   "localhost",
-				EnvVars: []string{"TUNNEL_DNS_ADDRESS"},
-			},
-			// Note TUN-3758 , we use Int because UInt is not supported with altsrc
-			&cli.IntFlag{
-				Name:    "port",
-				Usage:   "Listen on given port for the DNS over HTTPS proxy server.",
-				Value:   53,
-				EnvVars: []string{"TUNNEL_DNS_PORT"},
-			},
-			&cli.StringSliceFlag{
-				Name:    "upstream",
-				Usage:   "Upstream endpoint URL, you can specify multiple endpoints for redundancy.",
-				Value:   cli.NewStringSlice("https://1.1.1.1/dns-query", "https://1.0.0.1/dns-query"),
-				EnvVars: []string{"TUNNEL_DNS_UPSTREAM"},
-			},
-			&cli.StringSliceFlag{
-				Name:    "bootstrap",
-				Usage:   "bootstrap endpoint URL, you can specify multiple endpoints for redundancy.",
-				Value:   cli.NewStringSlice("https://162.159.36.1/dns-query", "https://162.159.46.1/dns-query", "https://[2606:4700:4700::1111]/dns-query", "https://[2606:4700:4700::1001]/dns-query"),
-				EnvVars: []string{"TUNNEL_DNS_BOOTSTRAP"},
-			},
-			&cli.IntFlag{
-				Name:    "max-upstream-conns",
-				Usage:   "Maximum concurrent connections to upstream. Setting to 0 means unlimited.",
-				Value:   MaxUpstreamConnsDefault,
-				EnvVars: []string{"TUNNEL_DNS_MAX_UPSTREAM_CONNS"},
-			},
-		},
-		ArgsUsage: " ", // can't be the empty string or we get the default output
-		Hidden:    hidden,
-	}
-}
-
-// Run implements a foreground runner
-func Run(c *cli.Context) error {
-	log := logger.CreateLoggerFromContext(c, logger.EnableTerminalLog)
-
-	metricsListener, err := net.Listen("tcp", c.String("metrics"))
-	if err != nil {
-		log.Fatal().Err(err).Msg("Failed to open the metrics listener")
-	}
-
-	go metrics.ServeMetrics(metricsListener, nil, nil, log)
-
-	listener, err := CreateListener(
-		c.String("address"),
-		// Note TUN-3758 , we use Int because UInt is not supported with altsrc
-		uint16(c.Int("port")),
-		c.StringSlice("upstream"),
-		c.StringSlice("bootstrap"),
-		c.Int("max-upstream-conns"),
-		log,
-	)
-
-	if err != nil {
-		log.Err(err).Msg("Failed to create the listeners")
-		return err
-	}
-
-	// Try to start the server
-	readySignal := make(chan struct{})
-	err = listener.Start(readySignal)
-	if err != nil {
-		log.Err(err).Msg("Failed to start the listeners")
-		return listener.Stop()
-	}
-	<-readySignal
-
-	// Wait for signal
-	signals := make(chan os.Signal, 10)
-	signal.Notify(signals, syscall.SIGTERM, syscall.SIGINT)
-	defer signal.Stop(signals)
-	<-signals
-
-	// Shut down server
-	err = listener.Stop()
-	if err != nil {
-		log.Err(err).Msg("failed to stop")
-	}
-	return err
-}
-
 // Create a CoreDNS server plugin from configuration
 func createConfig(address string, port uint16, p plugin.Handler) *dnsserver.Config {
 	c := &dnsserver.Config{