Merge branch 'cloudflare:master' into tunnel-health

.teamcity/package-windows.sh

@@ -3,14 +3,17 @@ echo $VERSION
 
 export TARGET_OS=windows
 # This controls the directory the built artifacts go into
-export ARTIFACT_DIR=built_artifacts/
-mkdir -p $ARTIFACT_DIR
+export BUILT_ARTIFACT_DIR=built_artifacts/
+export FINAL_ARTIFACT_DIR=artifacts/
+mkdir -p $BUILT_ARTIFACT_DIR
+mkdir -p $FINAL_ARTIFACT_DIR
 windowsArchs=("amd64" "386")
 for arch in ${windowsArchs[@]}; do
     export TARGET_ARCH=$arch
     # Copy exe into final directory
-    cp $ARTIFACT_DIR/cloudflared-windows-$arch.exe ./cloudflared.exe
+    cp $BUILT_ARTIFACT_DIR/cloudflared-windows-$arch.exe ./cloudflared.exe
     make cloudflared-msi
     # Copy msi into final directory
-    mv cloudflared-$VERSION-$arch.msi $ARTIFACT_DIR/cloudflared-windows-$arch.msi
+    mv cloudflared-$VERSION-$arch.msi $FINAL_ARTIFACT_DIR/cloudflared-windows-$arch.msi
+    cp $BUILT_ARTIFACT_DIR/cloudflared-windows-$arch.exe $FINAL_ARTIFACT_DIR/cloudflared-windows-$arch.exe 
 done

Makefile

@@ -218,6 +218,10 @@ cloudflared-pkg: cloudflared cloudflared.1
 cloudflared-msi:
 	wixl --define Version=$(VERSION) --define Path=$(EXECUTABLE_PATH) --output cloudflared-$(VERSION)-$(TARGET_ARCH).msi cloudflared.wxs
 
+.PHONY: github-release-dryrun
+github-release-dryrun:
+	python3 github_release.py --path $(PWD)/built_artifacts --release-version $(VERSION) --dry-run
+
 .PHONY: github-release
 github-release:
 	python3 github_release.py --path $(PWD)/built_artifacts --release-version $(VERSION)

RELEASE_NOTES

@@ -1,3 +1,7 @@
+2024.8.2
+- 2024-08-05 TUN-8583: change final directory of artifacts
+- 2024-08-05 TUN-8585: Avoid creating GH client when dry-run is true
+
 2024.7.3
 - 2024-07-31 TUN-8546: Fix final artifacts paths
 

build-packages-fips.sh

@@ -3,7 +3,7 @@ VERSION=$(git describe --tags --always --match "[0-9][0-9][0-9][0-9].*.*")
 echo $VERSION
 
 # This controls the directory the built artifacts go into
-export ARTIFACT_DIR=built_artifacts/
+export ARTIFACT_DIR=artifacts/
 mkdir -p $ARTIFACT_DIR
 
 arch=("amd64")
@@ -23,4 +23,4 @@ make cloudflared-rpm
 mv cloudflared-fips-$RPMVERSION-1.$RPMARCH.rpm $ARTIFACT_DIR/cloudflared-fips-linux-$RPMARCH.rpm
 
 # finally move the linux binary as well.
-mv ./cloudflared $ARTIFACT_DIR/cloudflared-fips-linux-$arch
+mv ./cloudflared $ARTIFACT_DIR/cloudflared-fips-linux-$arch

build-packages.sh

@@ -7,7 +7,7 @@ export GOEXPERIMENT=noboringcrypto
 export CGO_ENABLED=0
 
 # This controls the directory the built artifacts go into
-export ARTIFACT_DIR=built_artifacts/
+export ARTIFACT_DIR=artifacts/
 mkdir -p $ARTIFACT_DIR
 
 linuxArchs=("386" "amd64" "arm" "armhf" "arm64")

cfsetup.yaml

@@ -195,9 +195,23 @@ buster: &buster
       - component-tests/requirements.txt
     pre-cache: *component_test_pre_cache
     post-cache: *component_test_post_cache
+  github-release-dryrun:
+    build_dir: *build_dir
+    builddeps:
+      - *pinned_go
+      - build-essential
+      - python3-dev
+      - libffi-dev
+      - python3-setuptools
+      - python3-pip
+    pre-cache:
+      - pip3 install pynacl==1.4.0
+      - pip3 install pygithub==1.55
+    post-cache:
+      - make github-release-dryrun
   github-release:
     build_dir: *build_dir
-    builddeps: 
+    builddeps:
       - *pinned_go
       - build-essential
       - python3-dev
@@ -209,7 +223,6 @@ buster: &buster
       - pip3 install pygithub==1.55
     post-cache:
       - make github-release
-      - make github-message
   r2-linux-release:
     build_dir: *build_dir
     builddeps:

cmd/cloudflared/access/cmd.go

@@ -26,6 +26,7 @@ import (
 )
 
 const (
+	appURLFlag         = "app"
 	loginQuietFlag     = "quiet"
 	sshHostnameFlag    = "hostname"
 	sshDestinationFlag = "destination"
@@ -83,9 +84,10 @@ func Commands() []*cli.Command {
 			applications from the command line.`,
 			Subcommands: []*cli.Command{
 				{
-					Name:   "login",
-					Action: cliutil.Action(login),
-					Usage:  "login <url of access application>",
+					Name:      "login",
+					Action:    cliutil.Action(login),
+					Usage:     "login <url of access application>",
+					ArgsUsage: "url of Access application",
 					Description: `The login subcommand initiates an authentication flow with your identity provider.
 					The subcommand will launch a browser. For headless systems, a url is provided.
 					Once authenticated with your identity provider, the login command will generate a JSON Web Token (JWT)
@@ -97,6 +99,13 @@ func Commands() []*cli.Command {
 							Aliases: []string{"q"},
 							Usage:   "do not print the jwt to the command line",
 						},
+						&cli.BoolFlag{
+							Name:  "no-verbose",
+							Usage: "print only the jwt to stdout",
+						},
+						&cli.StringFlag{
+							Name: appURLFlag,
+						},
 					},
 				},
 				{
@@ -111,12 +120,12 @@ func Commands() []*cli.Command {
 				{
 					Name:        "token",
 					Action:      cliutil.Action(generateToken),
-					Usage:       "token -app=<url of access application>",
+					Usage:       "token <url of access application>",
 					ArgsUsage:   "url of Access application",
 					Description: `The token subcommand produces a JWT which can be used to authenticate requests.`,
 					Flags: []cli.Flag{
 						&cli.StringFlag{
-							Name: "app",
+							Name: appURLFlag,
 						},
 					},
 				},
@@ -232,9 +241,8 @@ func login(c *cli.Context) error {
 
 	log := logger.CreateLoggerFromContext(c, logger.EnableTerminalLog)
 
-	args := c.Args()
-	appURL, err := parseURL(args.First())
-	if args.Len() < 1 || err != nil {
+	appURL, err := getAppURLFromArgs(c)
+	if err != nil {
 		log.Error().Msg("Please provide the url of the Access application")
 		return err
 	}
@@ -261,7 +269,14 @@ func login(c *cli.Context) error {
 	if c.Bool(loginQuietFlag) {
 		return nil
 	}
-	fmt.Fprintf(os.Stdout, "Successfully fetched your token:\n\n%s\n\n", cfdToken)
+
+	// Chatty by default for backward compat. The new --app flag
+	// is an implicit opt-out of the backwards-compatible chatty output.
+	if c.Bool("no-verbose") || c.IsSet(appURLFlag) {
+		fmt.Fprint(os.Stdout, cfdToken)
+	} else {
+		fmt.Fprintf(os.Stdout, "Successfully fetched your token:\n\n%s\n\n", cfdToken)
+	}
 
 	return nil
 }
@@ -340,6 +355,17 @@ func run(cmd string, args ...string) error {
 	return c.Run()
 }
 
+func getAppURLFromArgs(c *cli.Context) (*url.URL, error) {
+	var appURLStr string
+	args := c.Args()
+	if args.Len() < 1 {
+		appURLStr = c.String(appURLFlag)
+	} else {
+		appURLStr = args.First()
+	}
+	return parseURL(appURLStr)
+}
+
 // token dumps provided token to stdout
 func generateToken(c *cli.Context) error {
 	err := sentry.Init(sentry.ClientOptions{
@@ -349,8 +375,8 @@ func generateToken(c *cli.Context) error {
 	if err != nil {
 		return err
 	}
-	appURL, err := parseURL(c.String("app"))
-	if err != nil || c.NumFlags() < 1 {
+	appURL, err := getAppURLFromArgs(c)
+	if err != nil {
 		fmt.Fprintln(os.Stderr, "Please provide a url.")
 		return err
 	}

github_release.py

@@ -17,7 +17,7 @@ import re
 from github import Github, GithubException, UnknownObjectException
 
 FORMAT = "%(levelname)s - %(asctime)s: %(message)s"
-logging.basicConfig(format=FORMAT)
+logging.basicConfig(format=FORMAT, level=logging.INFO)
 
 CLOUDFLARED_REPO = os.environ.get("GITHUB_REPO", "cloudflare/cloudflared")
 GITHUB_CONFLICT_CODE = "already_exists"
@@ -214,24 +214,33 @@ def main():
     """ Attempts to upload Asset to Github Release. Creates Release if it doesn't exist """
     try:
         args = parse_args()
-        client = Github(args.api_key)
-        repo = client.get_repo(CLOUDFLARED_REPO)
-        release = get_or_create_release(repo, args.release_version, args.dry_run)
 
         if args.dry_run:
-            logging.info("Skipping asset upload because of dry-run")
+            if os.path.isdir(args.path):
+                onlyfiles = [f for f in listdir(args.path) if isfile(join(args.path, f))]
+                for filename in onlyfiles:
+                    binary_path = os.path.join(args.path, filename)
+                    logging.info("binary: " + binary_path)
+            elif os.path.isfile(args.path):
+                logging.info("binary: " + binary_path)
+            else:
+                logging.error("dryrun failed")
             return
-
-        if os.path.isdir(args.path):
-            onlyfiles = [f for f in listdir(args.path) if isfile(join(args.path, f))]
-            for filename in onlyfiles:
-                binary_path = os.path.join(args.path, filename)
-                upload_asset(release, binary_path, filename, args.release_version, args.kv_account_id, args.namespace_id,
-                args.kv_api_token)
-                move_asset(binary_path, filename)
         else:
-            upload_asset(release, args.path, args.name, args.release_version, args.kv_account_id, args.namespace_id,
-                args.kv_api_token)
+            client = Github(args.api_key)
+            repo = client.get_repo(CLOUDFLARED_REPO)
+            release = get_or_create_release(repo, args.release_version, args.dry_run)
+
+            if os.path.isdir(args.path):
+                onlyfiles = [f for f in listdir(args.path) if isfile(join(args.path, f))]
+                for filename in onlyfiles:
+                    binary_path = os.path.join(args.path, filename)
+                    upload_asset(release, binary_path, filename, args.release_version, args.kv_account_id, args.namespace_id,
+                    args.kv_api_token)
+                    move_asset(binary_path, filename)
+            else:
+                upload_asset(release, args.path, args.name, args.release_version, args.kv_account_id, args.namespace_id,
+                    args.kv_api_token)
 
     except Exception as e:
         logging.exception(e)

management/middleware_test.go

@@ -52,13 +52,11 @@ func testRequest(t *testing.T, ts *httptest.Server, method, path string, body io
 	req, err := http.NewRequest(method, ts.URL+path, body)
 	if err != nil {
 		t.Fatal(err)
-		return nil, nil
 	}
 
 	resp, err := ts.Client().Do(req)
 	if err != nil {
 		t.Fatal(err)
-		return nil, nil
 	}
 	var claims managementErrorResponse
 	err = json.NewDecoder(resp.Body).Decode(&claims)