lordwelch/breakglass
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

breakglass: use httpclient.For() for host-specific fallback

Browse Source
This commit is contained in:
Michael Stapelberg 2023-01-15 17:06:07 +01:00
parent 1b4a9122b5
commit 503c6819b2
3 changed files with 11 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
cmd/breakglass/breakglass.go
View File

@ -46,46 +46,19 @@ func (bg *bg) startBreakglass() error {
return err return err
} }
schema := "http" updateHttpClient, foundMatchingCertificate, updateBaseURL, err := httpclient.For(bg.cfg)
certPath, _, err := tlsflag.CertificatePathsFor(bg.cfg.Hostname)
if err != nil { if err != nil {
return err return err
} }
if certPath != "" {
schema = "https"
}
if bg.cfg.Update.HTTPPort == "" {
bg.cfg.Update.HTTPPort = "80"
}
if bg.cfg.Update.HTTPSPort == "" {
bg.cfg.Update.HTTPSPort = "443"
}
update, err := bg.cfg.Update.WithFallbackToHostSpecific(bg.cfg.Update.Hostname)
if err != nil {
return err
}
updateBaseUrl, err := updateflag.BaseURL(update.HTTPPort, schema, update.Hostname, update.HTTPPassword)
if err != nil {
return err
}
updateHttpClient, foundMatchingCertificate, err := tlsflag.GetTLSHttpClient(updateBaseUrl)
if err != nil {
return fmt.Errorf("getting http client by tls flag: %v", err)
}
updateHttpClient.Jar = jar updateHttpClient.Jar = jar
remoteScheme, err := httpclient.GetRemoteScheme(updateBaseUrl) remoteScheme, err := httpclient.GetRemoteScheme(updateBaseURL)
if remoteScheme == "https" && !tlsflag.Insecure() { if remoteScheme == "https" && !tlsflag.Insecure() {
updateBaseUrl.Scheme = "https" updateBaseURL.Scheme = "https"
updateflag.SetUpdate(updateBaseUrl.String()) updateflag.SetUpdate(updateBaseURL.String())
} }
if updateBaseUrl.Scheme != "https" && foundMatchingCertificate { if updateBaseURL.Scheme != "https" && foundMatchingCertificate {
fmt.Printf("\n") fmt.Printf("\n")
fmt.Printf("!!!WARNING!!! Possible SSL-Stripping detected!\n") fmt.Printf("!!!WARNING!!! Possible SSL-Stripping detected!\n")
fmt.Printf("Found certificate for hostname in your client configuration but the host does not offer https!\n") fmt.Printf("Found certificate for hostname in your client configuration but the host does not offer https!\n")
@ -100,7 +73,7 @@ func (bg *bg) startBreakglass() error {
return err return err
} }
form, err := updateHttpClient.Get(updateBaseUrl.String() + "status?path=/user/breakglass") form, err := updateHttpClient.Get(updateBaseURL.String() + "status?path=/user/breakglass")
if err != nil { if err != nil {
return err return err
} }
@ -133,7 +106,7 @@ func (bg *bg) startBreakglass() error {
} }
log.Printf("restarting breakglass") log.Printf("restarting breakglass")
resp, err := updateHttpClient.Post(updateBaseUrl.String()+"restart?path=/user/breakglass&xsrftoken="+xsrfToken, "", nil) resp, err := updateHttpClient.Post(updateBaseURL.String()+"restart?path=/user/breakglass&xsrftoken="+xsrfToken, "", nil)
if err != nil { if err != nil {
return err return err
} }
@ -268,28 +241,8 @@ func breakglass() error {
if err != nil { if err != nil {
if os.IsNotExist(err) { if os.IsNotExist(err) {
// best-effort compatibility for old setups // best-effort compatibility for old setups
hostname := instance
port, err := config.HostnameSpecific(hostname).ReadFile("http-port.txt")
if err != nil && !os.IsNotExist(err) {
return err
}
if port == "" {
port = "80"
}
_, updateHostname := updateflag.GetUpdateTarget(hostname)
pw, err := config.HostnameSpecific(updateHostname).ReadFile("http-password.txt")
if err != nil {
return err
}
cfg = &config.Struct{ cfg = &config.Struct{
Hostname: updateHostname, Hostname: instance,
Update: &config.UpdateStruct{
Hostname: updateHostname,
HTTPPort: port,
HTTPPassword: pw,
},
} }
} else { } else {
return err return err
@ -305,13 +258,6 @@ func breakglass() error {
cfg.Update.Hostname = cfg.Hostname cfg.Update.Hostname = cfg.Hostname
} }
hostname := cfg.Update.Hostname hostname := cfg.Update.Hostname
if cfg.Update.HTTPPassword == "" {
pwb, err := config.HostnameSpecific(hostname).ReadFile("http-password.txt")
if err != nil {
return err
}
cfg.Update.HTTPPassword = pwb
}
log.Printf("checking breakglass status on gokrazy instance %q", bg.cfg.Hostname) log.Printf("checking breakglass status on gokrazy instance %q", bg.cfg.Hostname)
if err := bg.startBreakglass(); err != nil { if err := bg.startBreakglass(); err != nil {

2
go.mod
View File

@ -4,7 +4,7 @@ go 1.19
require ( require (
github.com/gokrazy/gokrazy v0.0.0-20211024151958-b718dd90ae71 github.com/gokrazy/gokrazy v0.0.0-20211024151958-b718dd90ae71
github.com/gokrazy/internal v0.0.0-20230115123531-063b533a8f8a github.com/gokrazy/internal v0.0.0-20230115154105-e09e239138b9
github.com/google/renameio/v2 v2.0.0 github.com/google/renameio/v2 v2.0.0
github.com/google/shlex v0.0.0-20181106134648-c34317bd91bf github.com/google/shlex v0.0.0-20181106134648-c34317bd91bf
github.com/kr/pty v1.1.8 github.com/kr/pty v1.1.8

4
go.sum
View File

@ -7,8 +7,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
github.com/gokrazy/gokrazy v0.0.0-20211024151958-b718dd90ae71 h1:NHLkr4NYMY9gZGTI+jzIo38ZffMHkPbBzMcUDkyHs0g= github.com/gokrazy/gokrazy v0.0.0-20211024151958-b718dd90ae71 h1:NHLkr4NYMY9gZGTI+jzIo38ZffMHkPbBzMcUDkyHs0g=
github.com/gokrazy/gokrazy v0.0.0-20211024151958-b718dd90ae71/go.mod h1:eq2ROPhZJtxxEi21P8cbNqP8pwRBSpW/4LGKwNiQg2Y= github.com/gokrazy/gokrazy v0.0.0-20211024151958-b718dd90ae71/go.mod h1:eq2ROPhZJtxxEi21P8cbNqP8pwRBSpW/4LGKwNiQg2Y=
github.com/gokrazy/internal v0.0.0-20210621162516-1b3b5687a06d/go.mod h1:Gqv1x1DNrObmBvVvblpZbvZizZ0dU5PwiwYHipmtY9Y= github.com/gokrazy/internal v0.0.0-20210621162516-1b3b5687a06d/go.mod h1:Gqv1x1DNrObmBvVvblpZbvZizZ0dU5PwiwYHipmtY9Y=
github.com/gokrazy/internal v0.0.0-20230115123531-063b533a8f8a h1:f8nC+tW9jR3dG4Bl593d8G8076YDF/sV0ZNMoC4xE9E= github.com/gokrazy/internal v0.0.0-20230115154105-e09e239138b9 h1:yt8pWahXJHTxYEoLla8pjE4HJyFJcoq2rV6IpluqMzg=
github.com/gokrazy/internal v0.0.0-20230115123531-063b533a8f8a/go.mod h1:ddHcxXZ/VVQOSAWcRBbkYY58+QOw4L145ye6phyDmRA= github.com/gokrazy/internal v0.0.0-20230115154105-e09e239138b9/go.mod h1:ddHcxXZ/VVQOSAWcRBbkYY58+QOw4L145ye6phyDmRA=
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
github.com/google/gopacket v1.1.16/go.mod h1:UCLx9mCmAwsVbn6qQl1WIEt2SO7Nd2fD0th1TBAsqBw= github.com/google/gopacket v1.1.16/go.mod h1:UCLx9mCmAwsVbn6qQl1WIEt2SO7Nd2fD0th1TBAsqBw=