TUN-3978: Unhide teamnet commands and improve their help

This commit is contained in:
Nuno Diegues 2021-02-26 09:50:19 +00:00
parent 27507ab192
commit f1ca2de515
4 changed files with 38 additions and 28 deletions

View File

@ -8,7 +8,8 @@
### New Features ### New Features
- none - [Cloudflare One Routing](https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel) specific commands
now show up in the `cloudflared tunnel route --help` output.
### Improvements ### Improvements

View File

@ -457,14 +457,23 @@ func buildRouteCommand() *cli.Command {
return &cli.Command{ return &cli.Command{
Name: "route", Name: "route",
Action: cliutil.ErrorHandler(routeCommand), Action: cliutil.ErrorHandler(routeCommand),
Usage: "Define what hostname or load balancer can route to this tunnel", Usage: "Define which traffic routed from Cloudflare edge to this tunnel: requests to a DNS hostname, to a Cloudflare Load Balancer, or traffic originating from Cloudflare WARP clients",
UsageText: "cloudflared tunnel [tunnel command options] route [subcommand options] dns|lb TUNNEL HOSTNAME [LB-POOL]", UsageText: "cloudflared tunnel [tunnel command options] route [subcommand options] [dns TUNNEL HOSTNAME]|[lb TUNNEL HOSTNAME LB-POOL]|[ip NETWORK TUNNEL]",
Description: `The route defines what hostname or load balancer will proxy requests to this tunnel. Description: `The route command defines how Cloudflare will proxy requests to this tunnel.
To route a hostname by creating a CNAME to tunnel's address: To route a hostname by creating a DNS CNAME record to a tunnel:
cloudflared tunnel route dns <tunnel ID> <hostname> cloudflared tunnel route dns <tunnel ID or name> <hostname>
To use this tunnel as a load balancer origin, creating pool and load balancer if necessary: You can read more at: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/routing-to-tunnel/dns
cloudflared tunnel route lb <tunnel ID> <load balancer name> <load balancer pool>`,
To use this tunnel as a load balancer origin, creating pool and load balancer if necessary:
cloudflared tunnel route lb <tunnel ID or name> <hostname> <load balancer pool>
You can read more at: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/routing-to-tunnel/lb
For Cloudflare WARP traffic to be routed to your private network, reachable from this tunnel as origins, use:
cloudflared tunnel route ip <network CIDR> <tunnel ID or name>
Further information about managing Cloudflare WARP traffic to your tunnel is available at:
cloudflared tunnel route ip --help
`,
CustomHelpTemplate: commandHelpTemplate(), CustomHelpTemplate: commandHelpTemplate(),
Subcommands: []*cli.Command{ Subcommands: []*cli.Command{
buildRouteIPSubcommand(), buildRouteIPSubcommand(),

View File

@ -16,24 +16,23 @@ import (
func buildRouteIPSubcommand() *cli.Command { func buildRouteIPSubcommand() *cli.Command {
return &cli.Command{ return &cli.Command{
Name: "ip", Name: "ip",
Category: "Tunnel", Usage: "Configure and query Cloudflare WARP routing to services or private networks available through this tunnel.",
Usage: "Configure and query private routes",
UsageText: "cloudflared tunnel [--config FILEPATH] route COMMAND [arguments...]", UsageText: "cloudflared tunnel [--config FILEPATH] route COMMAND [arguments...]",
Hidden: true, Description: `cloudflared can provision private routes from any IP space to origins in your corporate network.
Description: `cloudflared can provision private routes from your private IP space to origins Users enrolled in your Cloudflare for Teams organization can reach those routes through the
in your corporate network. Users enrolled in your Cloudflare for Teams organization can reach Cloudflare WARP client. You can also build rules to determine who can reach certain routes.`,
those routes through the Cloudflare Warp client. You can also build rules to determine who
can reach certain routes.
`,
Subcommands: []*cli.Command{ Subcommands: []*cli.Command{
{ {
Name: "add", Name: "add",
Action: cliutil.ErrorHandler(addRouteCommand), Action: cliutil.ErrorHandler(addRouteCommand),
Usage: "Add a new Teamnet route to the table", Usage: "Add any new network to the routing table reachable via the tunnel",
UsageText: "cloudflared tunnel [--config FILEPATH] route ip add [CIDR] [TUNNEL] [COMMENT?]", UsageText: "cloudflared tunnel [--config FILEPATH] route ip add [CIDR] [TUNNEL] [COMMENT?]",
Description: `Adds a private route to a CIDR in your private IP space. Requests will Description: `Adds any network route space (represented as a CIDR) to your routing table.
be sent through the Cloudflare Warp client running on a user's machine, proxied That network space becomes reachable for requests egressing from a user's machine
through the specified tunnel, and reach an IP in the given CIDR.`, as long as it is using Cloudflare WARP client and is enrolled in the same account
that is running the tunnel chosen here. Further, those requests will be proxied to
the specified tunnel, and reach an IP in the given CIDR, as long as that IP is
reachable from the tunnel.`,
}, },
{ {
Name: "show", Name: "show",
@ -41,20 +40,21 @@ func buildRouteIPSubcommand() *cli.Command {
Action: cliutil.ErrorHandler(showRoutesCommand), Action: cliutil.ErrorHandler(showRoutesCommand),
Usage: "Show the routing table", Usage: "Show the routing table",
UsageText: "cloudflared tunnel [--config FILEPATH] route ip show [flags]", UsageText: "cloudflared tunnel [--config FILEPATH] route ip show [flags]",
Description: `Shows your organization's private route table. You can use flags to filter the results.`, Description: `Shows your organization private routing table. You can use flags to filter the results.`,
Flags: showRoutesFlags(), Flags: showRoutesFlags(),
}, },
{ {
Name: "delete", Name: "delete",
Action: cliutil.ErrorHandler(deleteRouteCommand), Action: cliutil.ErrorHandler(deleteRouteCommand),
Usage: "Delete a row from your organization's private routing table", Usage: "Delete a row from your organization's private routing table",
UsageText: "cloudflared tunnel [--config FILEPATH] route ip delete [CIDR]", UsageText: "cloudflared tunnel [--config FILEPATH] route ip delete [CIDR]",
Description: `Deletes the row for a given CIDR from your routing table`, Description: `Deletes the row for a given CIDR from your routing table. That portion
of your network will no longer be reachable by the WARP clients.`,
}, },
{ {
Name: "get", Name: "get",
Action: cliutil.ErrorHandler(getRouteByIPCommand), Action: cliutil.ErrorHandler(getRouteByIPCommand),
Usage: "Check which row of the routing table matches a given IP", Usage: "Check which row of the routing table matches a given IP.",
UsageText: "cloudflared tunnel [--config FILEPATH] route ip get [IP]", UsageText: "cloudflared tunnel [--config FILEPATH] route ip get [IP]",
Description: `Checks which row of the routing table will be used to proxy a given IP. Description: `Checks which row of the routing table will be used to proxy a given IP.
This helps check and validate your config.`, This helps check and validate your config.`,

View File

@ -58,7 +58,7 @@ func (p *proxy) Proxy(w connection.ResponseWriter, req *http.Request, sourceConn
p.appendTagHeaders(req) p.appendTagHeaders(req)
if sourceConnectionType == connection.TypeTCP { if sourceConnectionType == connection.TypeTCP {
if p.warpRouting == nil { if p.warpRouting == nil {
err := errors.New(`cloudflared received a request from Warp client, but your configuration has disabled ingress from Warp clients. To enable this, set "warp-routing:\n\t enabled: true" in your config.yaml`) err := errors.New(`cloudflared received a request from WARP client, but your configuration has disabled ingress from WARP clients. To enable this, set "warp-routing:\n\t enabled: true" in your config.yaml`)
p.log.Error().Msg(err.Error()) p.log.Error().Msg(err.Error())
return err return err
} }