Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

attempts to probe advertise address on startup to ensure the SANS is correct #2723

Merged
merged 7 commits into from
Feb 6, 2025
Merged

attempts to probe advertise address on startup to ensure the SANS is correct #2723

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
94ee830
fixes #2723 - check router and controller advertised addresses compar…
dovholuknf Feb 5, 2025
2527896
fixes #2723 - don't verify cert/addresses when loadIdentity=false
dovholuknf Feb 5, 2025
bb04bbe
fixes #2723 - don't check ctrl endpoint using router certs
dovholuknf Feb 6, 2025
af644ec
fixes #2723 - advertiese -> advertise
dovholuknf Feb 6, 2025
bd3be1b
fixes #2722 - cleanup/rework to use xweb
dovholuknf Feb 6, 2025
52520f1
fixes #2722 - actually remove unused code
dovholuknf Feb 6, 2025
834cf09
placating linter
dovholuknf Feb 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions controller/config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -585,6 +585,14 @@ func LoadConfig(path string) (*Config, error) {
return nil, fmt.Errorf("error loading channel options for [ctrl/options] (%v)", err)
}
}
if value != nil {
m := value.(map[interface{}]interface{})
a := strings.TrimPrefix(m["advertiseAddress"].(string), "tls:")
v := controllerConfig.Id.ValidFor(strings.Split(a, ":")[0])
Copy link
Member

@andrewpmartinez andrewpmartinez Feb 6, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this can be removed.

This will fail if the advertised address goes to an xweb server that uses an alternate identity.

Since xweb now verifies its public address is represented by a SAN on its identity, we can rely on that to make sure the xweb config is sane.

There is already code to check that the advertise address is present on an xweb server that 1) shares the same address and 2) has the edge-api.

Copy link
Member Author

@dovholuknf dovholuknf Feb 6, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what about routers or controllers connecting? those aren't xweb, right?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

but - routers/controllers are always specified outside of this config file? I just didn't know (still don't) if this address is used outside of xweb

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This section is only for controllers xweb powered APIs. So it won't affect anything else.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see your point about the ctrl listener using the root identity though. Which is a reasonable check.

if v != nil {
pfxlog.Logger().Fatalf("provided value for ctrl/options/advertiseAddress is invalid (%v)", v)
}
}
}
if controllerConfig.Raft != nil && controllerConfig.Raft.AdvertiseAddress == nil {
return nil, errors.New("[ctrl/options/advertiseAddress] is required when raft is enabled")
Expand Down
18 changes: 9 additions & 9 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,18 +55,18 @@ require (
github.com/openziti/agent v1.0.23
github.com/openziti/channel/v3 v3.0.26
github.com/openziti/cobra-to-md v1.0.1
github.com/openziti/edge-api v0.26.38
github.com/openziti/edge-api v0.26.39
github.com/openziti/foundation/v2 v2.0.56
github.com/openziti/identity v1.0.94
github.com/openziti/identity v1.0.96
github.com/openziti/jwks v1.0.6
github.com/openziti/metrics v1.2.65
github.com/openziti/runzmd v1.0.59
github.com/openziti/sdk-golang v0.23.44
github.com/openziti/secretstream v0.1.28
github.com/openziti/storage v0.4.1
github.com/openziti/transport/v2 v2.0.159
github.com/openziti/transport/v2 v2.0.160
github.com/openziti/x509-claims v1.0.3
github.com/openziti/xweb/v2 v2.1.3
github.com/openziti/xweb/v2 v2.2.1
github.com/openziti/ziti-db-explorer v1.1.3
github.com/orcaman/concurrent-map/v2 v2.0.1
github.com/pkg/errors v0.9.1
Expand All @@ -90,9 +90,9 @@ require (
golang.org/x/net v0.34.0
golang.org/x/oauth2 v0.25.0
golang.org/x/sync v0.10.0
golang.org/x/sys v0.29.0
golang.org/x/sys v0.30.0
golang.org/x/text v0.21.0
google.golang.org/protobuf v1.36.4
google.golang.org/protobuf v1.36.5
gopkg.in/AlecAivazis/survey.v1 v1.8.8
gopkg.in/go-jose/go-jose.v2 v2.6.3
gopkg.in/resty.v1 v1.12.0
Expand All @@ -105,7 +105,7 @@ require (
github.com/MichaelMure/go-term-markdown v0.1.4 // indirect
github.com/MichaelMure/go-term-text v0.3.1 // indirect
github.com/alecthomas/chroma v0.10.0 // indirect
github.com/andybalholm/brotli v1.1.0 // indirect
github.com/andybalholm/brotli v1.1.1 // indirect
github.com/antchfx/xpath v1.3.2 // indirect
github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
github.com/armon/go-metrics v0.4.1 // indirect
Expand Down Expand Up @@ -150,7 +150,7 @@ require (
github.com/lufia/plan9stats v0.0.0-20240909124753-873cd0166683 // indirect
github.com/magiconair/properties v1.8.7 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-colorable v0.1.14 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mattn/go-runewidth v0.0.15 // indirect
github.com/mattn/go-tty v0.0.3 // indirect
Expand Down Expand Up @@ -200,7 +200,7 @@ require (
go.uber.org/multierr v1.9.0 // indirect
golang.org/x/image v0.18.0 // indirect
golang.org/x/mod v0.22.0 // indirect
golang.org/x/term v0.28.0 // indirect
golang.org/x/term v0.29.0 // indirect
golang.org/x/tools v0.28.0 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect
Expand Down
37 changes: 25 additions & 12 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,8 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF
github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=
github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
github.com/andybalholm/brotli v1.1.1 h1:PR2pgnyFznKEugtsUo0xLdDop5SKXd5Qf5ysW+7XdTA=
github.com/andybalholm/brotli v1.1.1/go.mod h1:05ib4cKhjx3OQYUY22hTVd34Bc8upXjOLL2rKwwZBoA=
github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
github.com/antchfx/jsonquery v1.3.6 h1:TaSfeAh7n6T11I74bsZ1FswreIfrbJ0X+OyLflx6mx4=
github.com/antchfx/jsonquery v1.3.6/go.mod h1:fGzSGJn9Y826Qd3pC8Wx45avuUwpkePsACQJYy+58BU=
Expand Down Expand Up @@ -499,8 +501,8 @@ github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVc
github.com/mattn/go-colorable v0.1.7/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
Expand All @@ -511,7 +513,6 @@ github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcME
github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/mattn/go-runewidth v0.0.6/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
Expand All @@ -532,6 +533,8 @@ github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyex
github.com/michaelquigley/pfxlog v0.6.1/go.mod h1:z864Y2uU0O4QA5OoclXIOdoX5Tme2zm66FLAJ+R1jZs=
github.com/michaelquigley/pfxlog v0.6.10 h1:IbC/H3MmSDcPlQHF1UZPQU13Dkrs0+ycWRyQd2ihnjw=
github.com/michaelquigley/pfxlog v0.6.10/go.mod h1:gEiNTfKEX6cJHSwRpOuqBpc8oYrlhMiDK/xMk/gV7D0=
github.com/michaelquigley/pfxlog v1.0.0 h1:1DbSQ/u3eEdt533yWd/zmxwtaZx9GQRRb+SD/DgLFag=
github.com/michaelquigley/pfxlog v1.0.0/go.mod h1:67bZY14oqZvB6kFHm8sVkEdu8A469UZaymGofQeJeQQ=
github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4=
github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
github.com/miekg/dns v1.1.63 h1:8M5aAw6OMZfFXTT7K5V0Eu5YiiL8l7nUAkyN6C9YwaY=
Expand Down Expand Up @@ -595,12 +598,14 @@ github.com/openziti/cobra-to-md v1.0.1 h1:WRinNoIRmwWUSJm+pSNXMjOrtU48oxXDZgeCYQ
github.com/openziti/cobra-to-md v1.0.1/go.mod h1:FjCpk/yzHF7/r28oSTNr5P57yN5VolpdAtS/g7KNi2c=
github.com/openziti/dilithium v0.3.5 h1:+envGNzxc3OyVPiuvtxivQmCsOjdZjtOMLpQBeMz7eM=
github.com/openziti/dilithium v0.3.5/go.mod h1:XONq1iK6te/WwNzkgZHfIDHordMPqb0hMwJ8bs9EfSk=
github.com/openziti/edge-api v0.26.38 h1:3xDWC5SFn3qUVR428TIBpRc2lrjVV7Gz0Rx4pQx0JSg=
github.com/openziti/edge-api v0.26.38/go.mod h1:sYHVpm26Jr1u7VooNJzTb2b2nGSlmCHMnbGC8XfWSng=
github.com/openziti/edge-api v0.26.39 h1:4hb1RqjgpaTJorvbWTL6f2QcjJDn4BXDbLwes8DpM2U=
github.com/openziti/edge-api v0.26.39/go.mod h1:sYHVpm26Jr1u7VooNJzTb2b2nGSlmCHMnbGC8XfWSng=
github.com/openziti/foundation/v2 v2.0.56 h1:YXqBmkrN0fYr3TqIlWZSZGluE2QpJxlA29Z6okZyQ5I=
github.com/openziti/foundation/v2 v2.0.56/go.mod h1:f12R1pwEod348qONZr6esZgackX1ScLGDcEyPF2G5/w=
github.com/openziti/identity v1.0.94 h1:nF4etu/5LmOlbT24lpSKq9p+90A9jeyLr5U23LemgD4=
github.com/openziti/identity v1.0.94/go.mod h1:3VGYqa9E26zPPA8lJwE7eUPvRH2Oz8ZAd46cUCWKz/M=
github.com/openziti/identity v1.0.95 h1:1IpYBCgmqmSscnGFHoadHSJPfmViqf7Xl6gvE7fLLmU=
github.com/openziti/identity v1.0.95/go.mod h1:3VGYqa9E26zPPA8lJwE7eUPvRH2Oz8ZAd46cUCWKz/M=
github.com/openziti/identity v1.0.96 h1:TQ3Qe3JIYoEs0prJS5GhVkGjKYnh6/yRNrdYd0HtlvE=
github.com/openziti/identity v1.0.96/go.mod h1:3VGYqa9E26zPPA8lJwE7eUPvRH2Oz8ZAd46cUCWKz/M=
github.com/openziti/jwks v1.0.6 h1:PR+9OVaMO8oHEoVQmHqeUBExWwLWyODEGJQK2DXHaqE=
github.com/openziti/jwks v1.0.6/go.mod h1:t4xxq8vlXGsPn29kiQVnZBBDDnEoOFqtJoHibkJunQQ=
github.com/openziti/metrics v1.2.65 h1:Jhhbds+BUbywfspxcb9oyz9p9LI/oERT9lbeDpnNpmY=
Expand All @@ -615,10 +620,16 @@ github.com/openziti/storage v0.4.1 h1:4NJINon8uQB6f6BLJXxVlmQbtX8IFFBy1MGu8GyTsa
github.com/openziti/storage v0.4.1/go.mod h1:02mnSwL6TzuPtGmU2sKLuJ8HPPHyFSwctXdpdw0guK4=
github.com/openziti/transport/v2 v2.0.159 h1:Ol6vTrXWJdkfRLWYI2hjDTeH2Ji0cYC26UuPnBylALg=
github.com/openziti/transport/v2 v2.0.159/go.mod h1:Hw4TIlDd97D5m8BrlxTZ3bqO01+hwddTDMSOOzz/4cs=
github.com/openziti/transport/v2 v2.0.160 h1:bYBBj8gqZ8DCF6aCJThq2v89h5ILwqTVaFkyfjFmHpk=
github.com/openziti/transport/v2 v2.0.160/go.mod h1:Hw4TIlDd97D5m8BrlxTZ3bqO01+hwddTDMSOOzz/4cs=
github.com/openziti/x509-claims v1.0.3 h1:HNdQ8Nf1agB3lBs1gahcO6zfkeS4S5xoQ2/PkY4HRX0=
github.com/openziti/x509-claims v1.0.3/go.mod h1:Z0WIpBm6c4ecrpRKrou6Gk2wrLWxJO/+tuUwKh8VewE=
github.com/openziti/xweb/v2 v2.1.3 h1:smHMs6BCdSF3LB3KMHvR8YcNYKESJjM9LBfHi958/2E=
github.com/openziti/xweb/v2 v2.1.3/go.mod h1:d9+vBsVCONyb3GCrJPHb2+GfTJ4MMIu0i6S71uE3WHc=
github.com/openziti/xweb/v2 v2.2.0 h1:zlE1u8pazpaV3cqp6Sb5rWwJ1/xMxxXn4lXesSJEaX8=
github.com/openziti/xweb/v2 v2.2.0/go.mod h1:44Jk2F3kdovYXopVWk8BbvnP+156g6f0BhwUWWSBZjs=
github.com/openziti/xweb/v2 v2.2.1 h1:vPHASmyTlWB75GLIEIvWSSs2ZQgZDsr7do0IXeHf6Ww=
github.com/openziti/xweb/v2 v2.2.1/go.mod h1:44Jk2F3kdovYXopVWk8BbvnP+156g6f0BhwUWWSBZjs=
github.com/openziti/ziti-db-explorer v1.1.3 h1:9JER16MJzagtYPdGEhgDcw2p/BXNCVbf9IgA/sMB52w=
github.com/openziti/ziti-db-explorer v1.1.3/go.mod h1:pMIMNJoTRSTbkO2e7cZWiBokA3jMdeiGAILP3QhU+v8=
github.com/orcaman/concurrent-map/v2 v2.0.1 h1:jOJ5Pg2w1oeB6PeDurIYf6k9PQ+aTITr/6lP/L/zp6c=
Expand Down Expand Up @@ -829,6 +840,7 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:
github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
Expand Down Expand Up @@ -1103,16 +1115,15 @@ golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
Expand Down Expand Up @@ -1308,6 +1319,8 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.36.4 h1:6A3ZDJHn/eNqc1i+IdefRzy/9PokBTPvcqMySR7NNIM=
google.golang.org/protobuf v1.36.4/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
gopkg.in/AlecAivazis/survey.v1 v1.8.8 h1:5UtTowJZTz1j7NxVzDGKTz6Lm9IWm8DDF6b7a2wq9VY=
gopkg.in/AlecAivazis/survey.v1 v1.8.8/go.mod h1:CaHjv79TCgAvXMSFJSVgonHXYWxnhzI3eoHtnX5UgUo=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
Expand Down
36 changes: 36 additions & 0 deletions router/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -880,6 +880,42 @@ func LoadConfigWithOptions(path string, loadIdentity bool) (*Config, error) {
return nil, err
}

if loadIdentity {
var errs []error
for _, c := range cfg.Link.Listeners {
a := c["advertise"]
if a != nil {
// should start with tls:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Should" or "can?" My naive observation has been that the tls: prefix is implied if omitted, and that we don't currently support any alternatives, so there's not currently any ambiguity, but there will be ambiguity in the future if we support another on-the-wire protocol, e.g., dtls.

addy := strings.TrimPrefix(a.(string), "tls:")
addy = strings.Split(addy, ":")[0]
e := cfg.Id.ValidFor(addy)
if e != nil {
errs = append(errs, fmt.Errorf("invalid link.listeners.advertise: %s, error: %v", a.(string), e))
}
}
}

for _, c := range cfg.Listeners {
opts := c.options["options"]
if opts != nil {
optOpts := opts.(map[interface{}]interface{})
o := optOpts["advertise"]
if o != nil {
// should start with tls:
addy := strings.TrimPrefix(o.(string), "tls:")
addy = strings.Split(addy, ":")[0]
e := cfg.Id.ValidFor(addy)
if e != nil {
errs = append(errs, fmt.Errorf("invalid listeners.binding.advertise: %s, error: %v", o.(string), e))
}
}
}
}

if len(errs) > 0 {
pfxlog.Logger().Fatalf("one or more advertise addresses are invalid: %v", errs)
}
}
return cfg, nil
}

Expand Down
2 changes: 2 additions & 0 deletions router/xgress_edge/certchecker_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -372,7 +372,7 @@
})
}

var _ identity.Identity = &SimpleTestIdentity{}

Check failure on line 375 in router/xgress_edge/certchecker_test.go

View workflow job for this annotation

GitHub Actions / lint 

cannot use &SimpleTestIdentity{} (value of type *SimpleTestIdentity) as "github.com/openziti/identity".Identity value in variable declaration: *SimpleTestIdentity does not implement "github.com/openziti/identity".Identity (missing method CheckServerCertSansForConflicts)

Check failure on line 375 in router/xgress_edge/certchecker_test.go

View workflow job for this annotation

GitHub Actions / Fablab Smoketest 

cannot use &SimpleTestIdentity{} (value of type *SimpleTestIdentity) as "github.com/openziti/identity".Identity value in variable declaration: *SimpleTestIdentity does not implement "github.com/openziti/identity".Identity (missing method CheckServerCertSansForConflicts)

Check failure on line 375 in router/xgress_edge/certchecker_test.go

View workflow job for this annotation

GitHub Actions / Run Unit and Integration Tests 

cannot use &SimpleTestIdentity{} (value of type *SimpleTestIdentity) as "github.com/openziti/identity".Identity value in variable declaration: *SimpleTestIdentity does not implement "github.com/openziti/identity".Identity (missing method CheckServerCertSansForConflicts)

type SimpleTestIdentity struct {
TlsCert *tls.Certificate
Expand Down Expand Up @@ -407,6 +407,8 @@
return s.CertPool
}

func (s *SimpleTestIdentity) ValidFor(_ string) error { return nil }

func (s *SimpleTestIdentity) ServerTLSConfig() *tls.Config {
var certs []tls.Certificate

Expand Down Expand Up @@ -517,7 +519,7 @@
closeNotify := make(chan struct{})

id := &identity.TokenId{
Identity: testIdentity,

Check failure on line 522 in router/xgress_edge/certchecker_test.go

View workflow job for this annotation

GitHub Actions / lint 

cannot use testIdentity (variable of type *SimpleTestIdentity) as "github.com/openziti/identity".Identity value in struct literal: *SimpleTestIdentity does not implement "github.com/openziti/identity".Identity (missing method CheckServerCertSansForConflicts) (typecheck)

Check failure on line 522 in router/xgress_edge/certchecker_test.go

View workflow job for this annotation

GitHub Actions / Fablab Smoketest 

cannot use testIdentity (variable of type *SimpleTestIdentity) as "github.com/openziti/identity".Identity value in struct literal: *SimpleTestIdentity does not implement "github.com/openziti/identity".Identity (missing method CheckServerCertSansForConflicts)

Check failure on line 522 in router/xgress_edge/certchecker_test.go

View workflow job for this annotation

GitHub Actions / Run Unit and Integration Tests 

cannot use testIdentity (variable of type *SimpleTestIdentity) as "github.com/openziti/identity".Identity value in struct literal: *SimpleTestIdentity does not implement "github.com/openziti/identity".Identity (missing method CheckServerCertSansForConflicts)
Token: eid.New(),
Data: nil,
}
Expand Down
26 changes: 13 additions & 13 deletions zititest/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,16 +10,16 @@ require (
github.com/go-openapi/runtime v0.28.0
github.com/google/go-cmp v0.6.0
github.com/google/uuid v1.6.0
github.com/michaelquigley/pfxlog v0.6.10
github.com/michaelquigley/pfxlog v1.0.0
github.com/openziti/agent v1.0.23
github.com/openziti/channel/v3 v3.0.26
github.com/openziti/edge-api v0.26.38
github.com/openziti/edge-api v0.26.39
github.com/openziti/fablab v0.5.83
github.com/openziti/foundation/v2 v2.0.56
github.com/openziti/identity v1.0.94
github.com/openziti/identity v1.0.96
github.com/openziti/sdk-golang v0.23.44
github.com/openziti/storage v0.4.1
github.com/openziti/transport/v2 v2.0.159
github.com/openziti/transport/v2 v2.0.160
github.com/openziti/ziti v0.28.3
github.com/orcaman/concurrent-map/v2 v2.0.1
github.com/pkg/errors v0.9.1
Expand All @@ -29,7 +29,7 @@ require (
github.com/stretchr/testify v1.10.0
go.etcd.io/bbolt v1.3.11
golang.org/x/net v0.34.0
google.golang.org/protobuf v1.36.2
google.golang.org/protobuf v1.36.5
gopkg.in/yaml.v2 v2.4.0
)

Expand All @@ -39,7 +39,7 @@ require (
github.com/MichaelMure/go-term-markdown v0.1.4 // indirect
github.com/MichaelMure/go-term-text v0.3.1 // indirect
github.com/alecthomas/chroma v0.10.0 // indirect
github.com/andybalholm/brotli v1.1.0 // indirect
github.com/andybalholm/brotli v1.1.1 // indirect
github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect
github.com/armon/go-metrics v0.4.1 // indirect
Expand Down Expand Up @@ -80,7 +80,7 @@ require (
github.com/go-openapi/strfmt v0.23.0 // indirect
github.com/go-openapi/swag v0.23.0 // indirect
github.com/go-openapi/validate v0.24.0 // indirect
github.com/go-resty/resty/v2 v2.16.3 // indirect
github.com/go-resty/resty/v2 v2.16.5 // indirect
github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/gomarkdown/markdown v0.0.0-20230922112808-5421fefb8386 // indirect
Expand Down Expand Up @@ -120,15 +120,15 @@ require (
github.com/lufia/plan9stats v0.0.0-20240909124753-873cd0166683 // indirect
github.com/magiconair/properties v1.8.7 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-colorable v0.1.14 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mattn/go-runewidth v0.0.15 // indirect
github.com/mattn/go-tty v0.0.3 // indirect
github.com/mdlayher/netlink v1.7.2 // indirect
github.com/mdlayher/socket v0.4.1 // indirect
github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
github.com/michaelquigley/figlet v0.0.0-20191015203154-054d06db54b4 // indirect
github.com/miekg/dns v1.1.62 // indirect
github.com/miekg/dns v1.1.63 // indirect
github.com/miekg/pkcs11 v1.1.1 // indirect
github.com/mitchellh/go-ps v1.0.0 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
Expand All @@ -148,7 +148,7 @@ require (
github.com/openziti/runzmd v1.0.59 // indirect
github.com/openziti/secretstream v0.1.28 // indirect
github.com/openziti/x509-claims v1.0.3 // indirect
github.com/openziti/xweb/v2 v2.1.3 // indirect
github.com/openziti/xweb/v2 v2.2.0 // indirect
github.com/openziti/ziti-db-explorer v1.1.3 // indirect
github.com/parallaxsecond/parsec-client-go v0.0.0-20221025095442-f0a77d263cf9 // indirect
github.com/pelletier/go-toml/v2 v2.2.2 // indirect
Expand All @@ -171,7 +171,7 @@ require (
github.com/speps/go-hashids v2.0.0+incompatible // indirect
github.com/spf13/afero v1.11.0 // indirect
github.com/spf13/cast v1.6.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/spf13/pflag v1.0.6 // indirect
github.com/spf13/viper v1.19.0 // indirect
github.com/subosito/gotenv v1.6.0 // indirect
github.com/teris-io/shortid v0.0.0-20201117134242-e59966efd125 // indirect
Expand All @@ -198,8 +198,8 @@ require (
golang.org/x/mod v0.22.0 // indirect
golang.org/x/oauth2 v0.25.0 // indirect
golang.org/x/sync v0.10.0 // indirect
golang.org/x/sys v0.29.0 // indirect
golang.org/x/term v0.28.0 // indirect
golang.org/x/sys v0.30.0 // indirect
golang.org/x/term v0.29.0 // indirect
golang.org/x/text v0.21.0 // indirect
golang.org/x/tools v0.28.0 // indirect
gopkg.in/AlecAivazis/survey.v1 v1.8.8 // indirect
Expand Down
Loading
Loading