TUN-3548, TUN-3547: Bastion mode can be specified as a service, doesn't

require URL.

ingress/ingress.go

@@ -89,7 +89,7 @@ func parseSingleOriginService(c *cli.Context, allowURLFromArgs bool) (OriginServ
 	if c.IsSet("hello-world") {
 		return new(helloWorld), nil
 	}
-	if c.IsSet("url") {
+	if c.IsSet("url") || c.IsSet(config.BastionFlag) {
 		originURL, err := config.ValidateUrl(c, allowURLFromArgs)
 		if err != nil {
 			return nil, errors.Wrap(err, "Error validating origin URL")
@@ -128,6 +128,7 @@ func (ing Ingress) CatchAll() *Rule {
 func validate(ingress []config.UnvalidatedIngressRule, defaults OriginRequestConfig) (Ingress, error) {
 	rules := make([]Rule, len(ingress))
 	for i, r := range ingress {
+		cfg := setConfig(defaults, r.OriginRequest)
 		var service OriginService
 
 		if prefix := "unix:"; strings.HasPrefix(r.Service, prefix) {
@@ -143,6 +144,12 @@ func validate(ingress []config.UnvalidatedIngressRule, defaults OriginRequestCon
 			service = &srv
 		} else if r.Service == "hello_world" || r.Service == "hello-world" || r.Service == "helloworld" {
 			service = new(helloWorld)
+		} else if r.Service == "bastion" || cfg.BastionMode {
+			// Bastion mode will always start a Websocket proxy server, which will
+			// overwrite the localService.URL field when `start` is called. So,
+			// leave the URL field empty for now.
+			cfg.BastionMode = true
+			service = new(localService)
 		} else {
 			// Validate URL services
 			u, err := url.Parse(r.Service)
@@ -178,7 +185,7 @@ func validate(ingress []config.UnvalidatedIngressRule, defaults OriginRequestCon
 			Hostname: r.Hostname,
 			Service:  service,
 			Path:     pathRegex,
-			Config:   setConfig(defaults, r.OriginRequest),
+			Config:   cfg,
 		}
 	}
 	return Ingress{Rules: rules, defaults: defaults}, nil

ingress/ingress_test.go

@@ -35,6 +35,7 @@ func Test_parseIngress(t *testing.T) {
 	fourOhFour := newStatusCode(404)
 	defaultConfig := setConfig(originRequestFromYAML(config.OriginRequestConfig{}), config.OriginRequestConfig{})
 	require.Equal(t, defaultKeepAliveConnections, defaultConfig.KeepAliveConnections)
+	tr := true
 	type args struct {
 		rawYAML string
 	}
@@ -209,6 +210,47 @@ ingress:
 				},
 			},
 		},
+		{
+			name: "URL isn't necessary if using bastion",
+			args: args{rawYAML: `
+ingress:
+- hostname: bastion.foo.com
+  originRequest:
+    bastionMode: true
+- service: http_status:404
+`},
+			want: []Rule{
+				{
+					Hostname: "bastion.foo.com",
+					Service:  &localService{},
+					Config:   setConfig(originRequestFromYAML(config.OriginRequestConfig{}), config.OriginRequestConfig{BastionMode: &tr}),
+				},
+				{
+					Service: &fourOhFour,
+					Config:  defaultConfig,
+				},
+			},
+		},
+		{
+			name: "Bastion service",
+			args: args{rawYAML: `
+ingress:
+- hostname: bastion.foo.com
+  service: bastion
+- service: http_status:404
+`},
+			want: []Rule{
+				{
+					Hostname: "bastion.foo.com",
+					Service:  &localService{},
+					Config:   setConfig(originRequestFromYAML(config.OriginRequestConfig{}), config.OriginRequestConfig{BastionMode: &tr}),
+				},
+				{
+					Service: &fourOhFour,
+					Config:  defaultConfig,
+				},
+			},
+		},
 		{
 			name: "Hostname contains port",
 			args: args{rawYAML: `

ingress/origin_service.go

@@ -96,8 +96,7 @@ func (o *localService) start(wg *sync.WaitGroup, log logger.Service, shutdownC <
 	o.transport = transport
 
 	// Start a proxy if one is needed
-	staticHost := o.staticHost()
+	if staticHost := o.staticHost(); originRequiresProxy(staticHost, cfg) {
-	if originRequiresProxy(staticHost, cfg) {
 		if err := o.startProxy(staticHost, wg, log, shutdownC, errC, cfg); err != nil {
 			return err
 		}