Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate Pomerium-Desktop config by reading pomerium core config #5087

Open
aponert opened this issue Apr 26, 2024 · 1 comment
Open

Generate Pomerium-Desktop config by reading pomerium core config #5087

aponert opened this issue Apr 26, 2024 · 1 comment
Labels
Proposal

Comments

@aponert
Copy link

aponert commented Apr 26, 2024
edited

If you have many TCP routes configured, it can become a quite tedious task to transfer all the routes to the Pomerium Desktop app. It would be really helpful, if the pomerium core binary could create the json-Config for the desktop app, by parsing the config.yaml, extracting all tcp routes and make an importable config for Pomerium Desktop.

Since not all field you would like to fill in in Pomerium Desktop are also config options for pomerium core, you would have to enrich the core config with fields like name, tag or local_addr_port, which then gets used to generate the desktop config. This tends to be no problem since pomerium core ignores all "unknown" configuration fields it does not know.

It's really straightforward to write such a tool for yourself since you can read yaml into object representations of nearly any language you like and then read what you want and emit a json at last. But it would come in very handy, if pomerium core could generate that config itself. Thought ahead, you might also include the option in the Desktop App to give pomeriums hostname to the app and let the app fetch the config itself directly from pomerium core.

Here a little - and by far not complete or comprehensive - python script I wrote for my personal use case.

import yaml
import json
import uuid

# Construct Pomerium Desktop Config
pomerium_desktop_config = {
    "@type": "type.googleapis.com/pomerium.cli.Records",
    "records": [

    ]
}

# load pomerium config file
with open('config.yaml', 'r') as stream:
    pomeriumConfig = yaml.safe_load(stream)

# loop through all tcp routes
for route in pomeriumConfig['routes']:
    if route['from'].startswith('tcp+'):
        # Read route details here
        confItem = {
            'id': uuid.uuid4().__str__(),
            'conn': {
                # name is no officially supported yaml directive in pomeriums config.yaml.
                # but since pomerium ignores unknown directives it can be used as a hint for
                # the generated desktop config
                'name': route['name'],
                'remoteAddr': route['from'],
                # same applies to the local listen address.
                'listenAddr': route['local_listen_addr'],
                'disableTlsVerification': False,
                # must be extended to also support ascii encoded certs
                "clientCertFromStore": {
                    "subjectFilter": "CN=commonName"
                }
            }
        }
        pomerium_desktop_config['records'].append(confItem)

# Generating config file for pomerium desktop
json_object = json.dumps(pomerium_desktop_config, indent=2)
with open("config.json", "w") as outfile:
    outfile.write(json_object)
@desimone
Copy link
Contributor

desimone commented May 1, 2024

Thank you for the issue @aponert . We have something very similar in mind on our roadmap which we are planning. Will share details and link back as soon as we are able. Thanks again for sharing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Proposal
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aponert @desimone