TUN-3855: Add ability to override target of 'access ssh' command to a different host for testing
This commit is contained in:
parent
8b794390e5
commit
9c298e4851
|
@ -4,6 +4,7 @@
|
||||||
package carrier
|
package carrier
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/tls"
|
||||||
"io"
|
"io"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
@ -20,8 +21,10 @@ import (
|
||||||
const LogFieldOriginURL = "originURL"
|
const LogFieldOriginURL = "originURL"
|
||||||
|
|
||||||
type StartOptions struct {
|
type StartOptions struct {
|
||||||
OriginURL string
|
OriginURL string
|
||||||
Headers http.Header
|
Headers http.Header
|
||||||
|
Host string
|
||||||
|
TLSClientConfig *tls.Config
|
||||||
}
|
}
|
||||||
|
|
||||||
// Connection wraps up all the needed functions to forward over the tunnel
|
// Connection wraps up all the needed functions to forward over the tunnel
|
||||||
|
|
|
@ -82,11 +82,17 @@ func createWebsocketStream(options *StartOptions, log *zerolog.Logger) (*cfwebso
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
req.Header = options.Headers
|
req.Header = options.Headers
|
||||||
|
if options.Host != "" {
|
||||||
|
req.Host = options.Host
|
||||||
|
}
|
||||||
|
|
||||||
dump, err := httputil.DumpRequest(req, false)
|
dump, err := httputil.DumpRequest(req, false)
|
||||||
log.Debug().Msgf("Websocket request: %s", string(dump))
|
log.Debug().Msgf("Websocket request: %s", string(dump))
|
||||||
|
|
||||||
wsConn, resp, err := cfwebsocket.ClientConnect(req, nil)
|
dialer := &websocket.Dialer{
|
||||||
|
TLSClientConfig: options.TLSClientConfig,
|
||||||
|
}
|
||||||
|
wsConn, resp, err := cfwebsocket.ClientConnect(req, dialer)
|
||||||
defer closeRespBody(resp)
|
defer closeRespBody(resp)
|
||||||
|
|
||||||
if err != nil && IsAccessResponse(resp) {
|
if err != nil && IsAccessResponse(resp) {
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
package access
|
package access
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/tls"
|
||||||
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
@ -84,6 +86,26 @@ func ssh(c *cli.Context) error {
|
||||||
options := &carrier.StartOptions{
|
options := &carrier.StartOptions{
|
||||||
OriginURL: originURL,
|
OriginURL: originURL,
|
||||||
Headers: headers,
|
Headers: headers,
|
||||||
|
Host: hostname,
|
||||||
|
}
|
||||||
|
|
||||||
|
if connectTo := c.String(sshConnectTo); connectTo != "" {
|
||||||
|
parts := strings.Split(connectTo, ":")
|
||||||
|
switch len(parts) {
|
||||||
|
case 1:
|
||||||
|
options.OriginURL = fmt.Sprintf("https://%s", parts[0])
|
||||||
|
case 2:
|
||||||
|
options.OriginURL = fmt.Sprintf("https://%s:%s", parts[0], parts[1])
|
||||||
|
case 3:
|
||||||
|
options.OriginURL = fmt.Sprintf("https://%s:%s", parts[2], parts[1])
|
||||||
|
options.TLSClientConfig = &tls.Config{
|
||||||
|
InsecureSkipVerify: true,
|
||||||
|
ServerName: parts[0],
|
||||||
|
}
|
||||||
|
log.Warn().Msgf("Using insecure SSL connection because SNI overridden to %s", parts[0])
|
||||||
|
default:
|
||||||
|
return fmt.Errorf("invalid connection override: %s", connectTo)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// we could add a cmd line variable for this bool if we want the SOCK5 server to be on the client side
|
// we could add a cmd line variable for this bool if we want the SOCK5 server to be on the client side
|
||||||
|
|
|
@ -33,6 +33,7 @@ const (
|
||||||
sshTokenIDFlag = "service-token-id"
|
sshTokenIDFlag = "service-token-id"
|
||||||
sshTokenSecretFlag = "service-token-secret"
|
sshTokenSecretFlag = "service-token-secret"
|
||||||
sshGenCertFlag = "short-lived-cert"
|
sshGenCertFlag = "short-lived-cert"
|
||||||
|
sshConnectTo = "connect-to"
|
||||||
sshConfigTemplate = `
|
sshConfigTemplate = `
|
||||||
Add to your {{.Home}}/.ssh/config:
|
Add to your {{.Home}}/.ssh/config:
|
||||||
|
|
||||||
|
@ -54,7 +55,7 @@ Host cfpipe-{{.Hostname}}
|
||||||
const sentryDSN = "https://56a9c9fa5c364ab28f34b14f35ea0f1b@sentry.io/189878"
|
const sentryDSN = "https://56a9c9fa5c364ab28f34b14f35ea0f1b@sentry.io/189878"
|
||||||
|
|
||||||
var (
|
var (
|
||||||
shutdownC chan struct{}
|
shutdownC chan struct{}
|
||||||
)
|
)
|
||||||
|
|
||||||
// Init will initialize and store vars from the main program
|
// Init will initialize and store vars from the main program
|
||||||
|
@ -164,6 +165,11 @@ func Commands() []*cli.Command {
|
||||||
Aliases: []string{"loglevel"}, //added to match the tunnel side
|
Aliases: []string{"loglevel"}, //added to match the tunnel side
|
||||||
Usage: "Application logging level {fatal, error, info, debug}. ",
|
Usage: "Application logging level {fatal, error, info, debug}. ",
|
||||||
},
|
},
|
||||||
|
&cli.StringFlag{
|
||||||
|
Name: sshConnectTo,
|
||||||
|
Hidden: true,
|
||||||
|
Usage: "Connect to alternate location for testing, value is host, host:port, or sni:port:host",
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue