getting a basic tunnel backend plumbed up (#170)

cmd/zrok/sharePrivate.go

@@ -7,6 +7,7 @@ import (
 	httptransport "github.com/go-openapi/runtime/client"
 	"github.com/openziti/zrok/endpoints"
 	"github.com/openziti/zrok/endpoints/proxyBackend"
+	"github.com/openziti/zrok/endpoints/tunnelBackend"
 	"github.com/openziti/zrok/endpoints/webBackend"
 	"github.com/openziti/zrok/model"
 	"github.com/openziti/zrok/rest_client_zrok"
@@ -43,7 +44,7 @@ func newSharePrivateCommand() *sharePrivateCommand {
 	}
 	command := &sharePrivateCommand{cmd: cmd}
 	cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (<username:password>,...")
-	cmd.Flags().StringVar(&command.backendMode, "backend-mode", "proxy", "The backend mode {proxy, web}")
+	cmd.Flags().StringVar(&command.backendMode, "backend-mode", "proxy", "The backend mode {proxy, web, tunnel}")
 	cmd.Flags().BoolVar(&command.headless, "headless", false, "Disable TUI and run headless")
 	cmd.Flags().BoolVar(&command.insecure, "insecure", false, "Enable insecure TLS certificate validation for <target>")
 	cmd.Run = command.run
@@ -67,8 +68,11 @@ func (cmd *sharePrivateCommand) run(_ *cobra.Command, args []string) {
 	case "web":
 		target = args[0]
 
+	case "tunnel":
+		target = args[0]
+
 	default:
-		tui.Error(fmt.Sprintf("invalid backend mode '%v'; expected {proxy, web}", cmd.backendMode), nil)
+		tui.Error(fmt.Sprintf("invalid backend mode '%v'; expected {proxy, web, tunnel}", cmd.backendMode), nil)
 	}
 
 	zrd, err := zrokdir.Load()
@@ -99,6 +103,8 @@ func (cmd *sharePrivateCommand) run(_ *cobra.Command, args []string) {
 		panic(err)
 	}
 
+	logrus.Infof("here")
+
 	auth := httptransport.APIKeyAuth("X-TOKEN", "header", zrd.Env.Token)
 	req := share.NewShareParams()
 	req.Body = &rest_model_zrok.ShareRequest{
@@ -169,6 +175,19 @@ func (cmd *sharePrivateCommand) run(_ *cobra.Command, args []string) {
 			panic(err)
 		}
 
+	case "tunnel":
+		cfg := &tunnelBackend.Config{
+			IdentityPath:    zif,
+			EndpointAddress: target,
+			ShrToken:        resp.Payload.ShrToken,
+		}
+		if err := cmd.tunnelBackendMode(cfg); err != nil {
+			if !panicInstead {
+				tui.Error("unable to create tunnel backend", err)
+			}
+			panic(err)
+		}
+
 	default:
 		tui.Error("invalid backend mode", nil)
 	}
@@ -237,6 +256,21 @@ func (cmd *sharePrivateCommand) webBackendMode(cfg *webBackend.Config) (endpoint
 	return be, nil
 }
 
+func (cmd *sharePrivateCommand) tunnelBackendMode(cfg *tunnelBackend.Config) error {
+	be, err := tunnelBackend.New(cfg)
+	if err != nil {
+		return errors.Wrap(err, "error creating tunnel backend")
+	}
+
+	go func() {
+		if err := be.Run(); err != nil {
+			logrus.Errorf("error running tunnel backend: %v", err)
+		}
+	}()
+
+	return nil
+}
+
 func (cmd *sharePrivateCommand) destroy(id string, shrToken string, zrok *rest_client_zrok.Zrok, auth runtime.ClientAuthInfoWriter) {
 	logrus.Debugf("shutting down '%v'", shrToken)
 	req := share.NewUnshareParams()

controller/share.go

@@ -18,6 +18,8 @@ func newShareHandler() *shareHandler {
 }
 
 func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zrok.Principal) middleware.Responder {
+	logrus.Info("handling")
+
 	trx, err := str.Begin()
 	if err != nil {
 		logrus.Errorf("error starting transaction: %v", err)
@@ -93,6 +95,7 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
 		}
 
 	case "private":
+		logrus.Info("doing private")
 		shrZId, frontendEndpoints, err = newPrivateResourceAllocator().allocate(envZId, shrToken, params, edge)
 		if err != nil {
 			logrus.Error(err)

endpoints/tunnelBackend/tunnel.go

@@ -1,6 +1,14 @@
 package tunnelBackend
 
-import "github.com/openziti/sdk-golang/ziti/edge"
+import (
+	"github.com/openziti/sdk-golang/ziti"
+	"github.com/openziti/sdk-golang/ziti/config"
+	"github.com/openziti/sdk-golang/ziti/edge"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"net"
+	"time"
+)
 
 type Config struct {
 	IdentityPath    string
@@ -13,4 +21,42 @@ type Backend struct {
 	listener edge.Listener
 }
 
-func New
+func New(cfg *Config) (*Backend, error) {
+	options := ziti.ListenOptions{
+		ConnectTimeout: 5 * time.Minute,
+		MaxConnections: 64,
+	}
+	zcfg, err := config.NewFromFile(cfg.IdentityPath)
+	if err != nil {
+		return nil, errors.Wrap(err, "error loading config")
+	}
+	listener, err := ziti.NewContextWithConfig(zcfg).ListenWithOptions(cfg.ShrToken, &options)
+	if err == nil {
+		return nil, errors.Wrap(err, "error listening")
+	}
+	b := &Backend{
+		cfg:      cfg,
+		listener: listener,
+	}
+	return b, nil
+}
+
+func (b *Backend) Run() error {
+	logrus.Info("started")
+	defer logrus.Info("exited")
+
+	for {
+		if conn, err := b.listener.Accept(); err == nil {
+			go b.handle(conn)
+		} else {
+			return err
+		}
+	}
+}
+
+func (b *Backend) handle(conn net.Conn) {
+	logrus.Infof("handling '%v'", conn.RemoteAddr())
+	if err := conn.Close(); err != nil {
+		logrus.Errorf("error closing: %v", err)
+	}
+}

specs/zrok.yml

@@ -771,7 +771,7 @@ definitions:
           type: string
       backendMode:
         type: string
-        enum: ["proxy", "web", "dav"]
+        enum: ["proxy", "web", "tunnel"]
       backendProxyEndpoint:
         type: string
       authScheme: