Skip to content
Permalink
Browse files

Add token-from flag so that secret files can be used

This change allows Kubernetes secrets or files on disk to be used
for the token. Tested locally in Go on MacOS by creating a file
and using --token-from at both ends of the tunnel.

Beware of adding any new-lines to the file, echo -n is best for
creating a new file without any additional newline text.

Signed-off-by: Alex Ellis <alexellis2@gmail.com>
  • Loading branch information...
alexellis committed Jun 8, 2019
1 parent f74bfdc commit c23f6993892a1b4e398e8acf61e3dc7bfcb7c6ed
Showing with 52 additions and 6 deletions.
  1. +30 −3 cmd/client.go
  2. +22 −3 cmd/server.go
@@ -1,6 +1,8 @@
package cmd

import (
"fmt"
"io/ioutil"
"log"
"strings"

@@ -13,7 +15,9 @@ func init() {
inletsCmd.AddCommand(clientCmd)
clientCmd.Flags().StringP("remote", "r", "127.0.0.1:8000", "server address i.e. 127.0.0.1:8000")
clientCmd.Flags().StringP("upstream", "u", "", "upstream server i.e. http://127.0.0.1:3000")
clientCmd.Flags().StringP("token", "t", "", "token for authentication")
clientCmd.Flags().StringP("token", "t", "", "authentication token")
clientCmd.Flags().StringP("token-from", "f", "", "read the authentication token from a file")
clientCmd.Flags().Bool("print-token", true, "prints the token in server mode")
}

type UpstreamParser interface {
@@ -77,9 +81,32 @@ func runClient(cmd *cobra.Command, _ []string) error {
return errors.Wrap(err, "failed to get 'remote' value.")
}

token, err := cmd.Flags().GetString("token")
tokenFile, err := cmd.Flags().GetString("token-from")
if err != nil {
return errors.Wrap(err, "failed to get 'token' value.")
return errors.Wrap(err, "failed to get 'token-from' value.")
}
var token string
if len(tokenFile) > 0 {
fileData, err := ioutil.ReadFile(tokenFile)
if err != nil {
return errors.Wrap(err, fmt.Sprintf("unable to load file: %s", tokenFile))
}
token = string(fileData)
} else {
tokenVal, err := cmd.Flags().GetString("token")
if err != nil {
return errors.Wrap(err, "failed to get 'token' value.")
}
token = tokenVal
}

printToken, err := cmd.Flags().GetBool("print-token")
if err != nil {
return errors.Wrap(err, "failed to get 'print-token' value.")
}

if len(token) > 0 && printToken {
log.Printf("Token: %q", token)
}

inletsClient := client.Client{
@@ -1,6 +1,8 @@
package cmd

import (
"fmt"
"io/ioutil"
"log"

"github.com/alexellis/inlets/pkg/server"
@@ -13,6 +15,7 @@ func init() {
serverCmd.Flags().IntP("port", "p", 8000, "port for server")
serverCmd.Flags().StringP("token", "t", "", "token for authentication")
serverCmd.Flags().Bool("print-token", true, "prints the token in server mode")
serverCmd.Flags().StringP("token-from", "f", "", "read the authentication token from a file")
}

// serverCmd represents the server sub command.
@@ -28,9 +31,25 @@ Note: You can pass the --token argument followed by a token value to both the se

// runServer does the actual work of reading the arguments passed to the server sub command.
func runServer(cmd *cobra.Command, _ []string) error {
token, err := cmd.Flags().GetString("token")

tokenFile, err := cmd.Flags().GetString("token-from")
if err != nil {
return errors.Wrap(err, "failed to get 'token' value.")
return errors.Wrap(err, "failed to get 'token-from' value.")
}

var token string
if len(tokenFile) > 0 {
fileData, err := ioutil.ReadFile(tokenFile)
if err != nil {
return errors.Wrap(err, fmt.Sprintf("unable to load file: %s", tokenFile))
}
token = string(fileData)
} else {
tokenVal, err := cmd.Flags().GetString("token")
if err != nil {
return errors.Wrap(err, "failed to get 'token' value.")
}
token = tokenVal
}

printToken, err := cmd.Flags().GetBool("print-token")
@@ -39,7 +58,7 @@ func runServer(cmd *cobra.Command, _ []string) error {
}

if len(token) > 0 && printToken {
log.Printf("Server token: %s", token)
log.Printf("Server token: %q", token)
}

port, err := cmd.Flags().GetInt("port")

0 comments on commit c23f699

Please sign in to comment.
You can’t perform that action at this time.