curben
/
cloudflared-mirror
mirror of https://github.com/cloudflare/cloudflared.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

added flag to not accept remote config

This commit is contained in:
Felix Engelmann 2025-07-29 14:36:22 -04:00
parent 1cedefa1c2
commit 9811ac5f34
5 changed files with 75 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cmd/cloudflared/flags/flags.go
View File

@ -123,6 +123,9 @@ const (
// NoAutoUpdate is the command line flag to disable cloudflared from checking for updates // NoAutoUpdate is the command line flag to disable cloudflared from checking for updates
NoAutoUpdate = "no-autoupdate" NoAutoUpdate = "no-autoupdate"
// NoConfigUpdate is the command line flag to disable cloudflared from accepting remote ingress configuration
NoConfigUpdate = "no-configupdate"
// LogLevel is the command line flag for the cloudflared logging level // LogLevel is the command line flag for the cloudflared logging level
LogLevel = "loglevel" LogLevel = "loglevel"

8
cmd/cloudflared/tunnel/cmd.go
View File

@ -77,6 +77,7 @@ var (
"config", "config",
cfdflags.AutoUpdateFreq, cfdflags.AutoUpdateFreq,
cfdflags.NoAutoUpdate, cfdflags.NoAutoUpdate,
cfdflags.NoConfigUpdate,
cfdflags.Metrics, cfdflags.Metrics,
"pidfile", "pidfile",
"url", "url",
@ -921,6 +922,13 @@ func configureCloudflaredFlags(shouldHide bool) []cli.Flag {
Value: false, Value: false,
Hidden: shouldHide, Hidden: shouldHide,
}), }),
altsrc.NewBoolFlag(&cli.BoolFlag{
Name: cfdflags.NoConfigUpdate,
Usage: "Disable accepting new ingress configurations from remote.",
EnvVars: []string{"NO_CONFIGUPDATE"},
Value: false,
Hidden: shouldHide,
}),
altsrc.NewStringFlag(&cli.StringFlag{ altsrc.NewStringFlag(&cli.StringFlag{
Name: cfdflags.Metrics, Name: cfdflags.Metrics,
Value: metrics.GetMetricsDefaultAddress(metrics.Runtime), Value: metrics.GetMetricsDefaultAddress(metrics.Runtime),

1
cmd/cloudflared/tunnel/configuration.go
View File

@ -45,6 +45,7 @@ var (
configFlags = []string{ configFlags = []string{
flags.AutoUpdateFreq, flags.AutoUpdateFreq,
flags.NoAutoUpdate, flags.NoAutoUpdate,
flags.NoConfigUpdate,
flags.Retries, flags.Retries,
flags.Protocol, flags.Protocol,
flags.LogLevel, flags.LogLevel,

33
orchestration/orchestrator.go
View File

@ -99,24 +99,33 @@ func (o *Orchestrator) UpdateConfig(version int32, config []byte) *pogs.UpdateCo
Err: err, Err: err,
} }
} }
if val, ok := o.config.ConfigurationFlags[flags.NoConfigUpdate]; ok && val == "true" {
body, err := json.Marshal(o.config.Ingress)
if err != nil {
o.log.Err(err)
}
o.log.Info().Str("acting config", string(body)).Msg("Update disabled, keeping old config")
} else {
if err := o.updateIngress(newConf.Ingress, newConf.WarpRouting); err != nil {
o.log.Err(err).
Int32("version", version).
Str("config", string(config)).
Msgf("Failed to update ingress")
return &pogs.UpdateConfigurationResponse{
LastAppliedVersion: o.currentVersion,
Err: err,
}
}
if err := o.updateIngress(newConf.Ingress, newConf.WarpRouting); err != nil { o.log.Info().
o.log.Err(err).
Int32("version", version). Int32("version", version).
Str("config", string(config)). Str("config", string(config)).
Msgf("Failed to update ingress") Msg("Updated to new configuration")
return &pogs.UpdateConfigurationResponse{ configVersion.Set(float64(version))
LastAppliedVersion: o.currentVersion,
Err: err,
}
} }
o.currentVersion = version o.currentVersion = version
o.log.Info().
Int32("version", version).
Str("config", string(config)).
Msg("Updated to new configuration")
configVersion.Set(float64(version))
return &pogs.UpdateConfigurationResponse{ return &pogs.UpdateConfigurationResponse{
LastAppliedVersion: o.currentVersion, LastAppliedVersion: o.currentVersion,
} }

42
orchestration/orchestrator_test.go
View File

@ -218,6 +218,48 @@ func TestUpdateConfiguration_FromMigration(t *testing.T) {
require.Len(t, orchestrator.config.Ingress.Rules, 1) require.Len(t, orchestrator.config.Ingress.Rules, 1)
} }
// Validates that a new version 0 will be applied if the configuration is loaded locally.
// This will happen when a locally managed tunnel is migrated to remote configuration and receives its first configuration.
func TestNoUpdateConfiguration(t *testing.T) {
originDialer := ingress.NewOriginDialer(ingress.OriginConfig{
DefaultDialer: testDefaultDialer,
TCPWriteTimeout: 1 * time.Second,
}, &testLogger)
flags := map[string]string{
"no-configupdate":"true",
}
initConfig := &Config{
Ingress: &ingress.Ingress{},
OriginDialerService: originDialer,
ConfigurationFlags: flags,
}
orchestrator, err := NewOrchestrator(t.Context(), initConfig, testTags, []ingress.Rule{}, &testLogger)
require.NoError(t, err)
initOriginProxy, err := orchestrator.GetOriginProxy()
require.NoError(t, err)
require.Implements(t, (*connection.OriginProxy)(nil), initOriginProxy)
configJSONV2 := []byte(`
{
"ingress": [
{
"hostname": "jira.tunnel.org",
"service": "http://192.16.19.1"
},
{
"service": "http_status:404"
}
],
"warp-routing": {
}
}
`)
updateWithValidation(t, orchestrator, 0, configJSONV2)
require.Len(t, orchestrator.config.Ingress.Rules, 1)
}
// Validates that the default ingress rule will be set if there is no rule provided from the remote. // Validates that the default ingress rule will be set if there is no rule provided from the remote.
func TestUpdateConfiguration_WithoutIngressRule(t *testing.T) { func TestUpdateConfiguration_WithoutIngressRule(t *testing.T) {
originDialer := ingress.NewOriginDialer(ingress.OriginConfig{ originDialer := ingress.NewOriginDialer(ingress.OriginConfig{