Adds the capability for users to use temporary credentials when using ec2. To do this there needed to be provision for the session token to be passed. This has been added both as a CLI parameter and a file (following the same pattern as the Access key and secret key).
When calling getFileOrString for sessionToken the required flag is necessarily set to false owing to the fact that if the user is using long lived creds then the sessionToken is not required.
Although testing shows get-session-token it is anticipated that the majority of users would use assume-role to generate these temporary credentials.
To delete:
inletsctl delete --provider ec2 --id "i-0455b7272cae015e4"
* Join the exit node to the upstream
$ inlets-pro tcp client --url "wss://3.250.217.11:8123" --token "NQFSWj7qRnEnjCkys4dbYML5FiCKQqoATazhj2ukJ6A1v8uczYbQUhtG6A39GvSQ" --upstream localhost --ports 8080 --license-file pro.lic
2021/07/17 15:02:49 Starting TCP client. Version 0.8.5 - 8db64ded51b1455cf4ad027c52bc9cfbeb55c4b3
2021/07/17 15:02:49 Licensed to: Richard Gee contact@openfaas.com, expires: 14 day(s)
2021/07/17 15:02:49 Upstream server: localhost, for ports: 8080
inlets-pro client. Copyright Alex Ellis, OpenFaaS Ltd 2020
INFO[2021/07/17 15:02:50] Connecting to proxy url="wss://3.250.217.11:8123/connect"
INFO[2021/07/17 15:02:50] Connection established.. OK.
Confirmed local site was accessible via the public IP address
* Delete the ec2 using the existing temporary credentials using CLI values, rather than files
* Confirmed in the AWS Console that all instances have been destroyed.
## How are existing users impacted? What migration steps/scripts do we need?
Existing users should notice no impact. This change adds the option to use temporary credentials as well as the existing long lived variant.
## Checklist:
I have:
- [x] updated the documentation and/or roadmap (if required) https://github.com/inlets/docs/pull/18
- [x] read the [CONTRIBUTION](https://github.com/inlets/inlets/blob/master/CONTRIBUTING.md) guide
- [x] signed-off my commits with `git commit -s`
- [ ] added unit tests
Signed-off-by: Richard Gee richard@technologee.co.uk
Description
Adds the capability for users to use temporary credentials when using ec2. To do this there needed to be provision for the session token to be passed. This has been added both as a CLI parameter and a file (following the same pattern as the Access key and secret key).
When calling
getFileOrString
for sessionToken the required flag is necessarily set to false owing to the fact that if the user is using long lived creds then the sessionToken is not required.Although testing shows
get-session-token
it is anticipated that the majority of users would useassume-role
to generate these temporary credentials.Fixes #103
How Has This Been Tested?
Command:
Obtain a license at https://inlets.dev
Store it at $HOME/.inlets/LICENSE or use --help for more options
export LICENSE="$HOME/.inlets/LICENSE"
Give a single value or comma-separated
export PORTS="8000"
Where to route traffic from the inlets server
export UPSTREAM="localhost"
inlets-pro tcp client --url "wss://54.229.67.251:8123" \ --token "eSF0JwpKVfZ4F51ptilX2zWzxUR3FxF7YlcvEzRy8lAdBhf7pgrLzwXTzY8PcMWp" \ --upstream $UPSTREAM \ --ports $PORTS
To delete: inletsctl delete --provider ec2 --id "i-09f4426d8cab1e845"
$ inlets-pro tcp client --url "wss://54.229.67.251:8123" --token "eSF0JwpKVfZ4F51ptilX2zWzxUR3FxF7YlcvEzRy8lAdBhf7pgrLzwXTzY8PcMWp" --upstream localhost --ports 8080 --license-file pro.lic 2021/07/17 14:45:10 Starting TCP client. Version 0.8.5 - 8db64ded51b1455cf4ad027c52bc9cfbeb55c4b3 2021/07/17 14:45:10 Licensed to: Richard Gee contact@openfaas.com, expires: 14 day(s) 2021/07/17 14:45:10 Upstream server: localhost, for ports: 8080 inlets-pro client. Copyright Alex Ellis, OpenFaaS Ltd 2020 INFO[2021/07/17 14:45:11] Connecting to proxy url="wss://54.229.67.251:8123/connect" INFO[2021/07/17 14:45:11] Connection established.. OK.
$ ./inletsctl-darwin delete \ --provider ec2 \
--id "i-09f4426d8cab1e845" \ --access-token-file ./access-key.txt \ --secret-key-file ./secret-key.txt \ --session-token-file ./session-token.txt Using provider: ec2 Deleting host: i-09f4426d8cab1e845 from ec2
$ ./inletsctl-darwin create \ --provider ec2 \ --region eu-west-1 \ --access-token $(cat ./access-key.txt) \ --secret-key $(cat ./secret-key.txt) \ --session-token $(cat ./session-token.txt) Using provider: ec2 Requesting host: hopeful-liskov4 in eu-west-1, from ec2 Host: i-0455b7272cae015e4, status: creating [1/500] Host: i-0455b7272cae015e4, status: creating [2/500] Host: i-0455b7272cae015e4, status: creating [3/500] Host: i-0455b7272cae015e4, status: initialising ... [75/500] Host: i-0455b7272cae015e4, status: initialising [76/500] Host: i-0455b7272cae015e4, status: active inlets PRO TCP (0.8.3) server summary: IP: 3.250.217.11 Auth-token: NQFSWj7qRnEnjCkys4dbYML5FiCKQqoATazhj2ukJ6A1v8uczYbQUhtG6A39GvSQ
Command:
Obtain a license at https://inlets.dev
Store it at $HOME/.inlets/LICENSE or use --help for more options
export LICENSE="$HOME/.inlets/LICENSE"
Give a single value or comma-separated
export PORTS="8000"
Where to route traffic from the inlets server
export UPSTREAM="localhost"
inlets-pro tcp client --url "wss://3.250.217.11:8123" \ --token "NQFSWj7qRnEnjCkys4dbYML5FiCKQqoATazhj2ukJ6A1v8uczYbQUhtG6A39GvSQ" \ --upstream $UPSTREAM \ --ports $PORTS
To delete: inletsctl delete --provider ec2 --id "i-0455b7272cae015e4"
$ inlets-pro tcp client --url "wss://3.250.217.11:8123" --token "NQFSWj7qRnEnjCkys4dbYML5FiCKQqoATazhj2ukJ6A1v8uczYbQUhtG6A39GvSQ" --upstream localhost --ports 8080 --license-file pro.lic 2021/07/17 15:02:49 Starting TCP client. Version 0.8.5 - 8db64ded51b1455cf4ad027c52bc9cfbeb55c4b3 2021/07/17 15:02:49 Licensed to: Richard Gee contact@openfaas.com, expires: 14 day(s) 2021/07/17 15:02:49 Upstream server: localhost, for ports: 8080 inlets-pro client. Copyright Alex Ellis, OpenFaaS Ltd 2020 INFO[2021/07/17 15:02:50] Connecting to proxy url="wss://3.250.217.11:8123/connect" INFO[2021/07/17 15:02:50] Connection established.. OK.
./inletsctl-darwin delete \ --provider ec2 \ --id "i-0455b7272cae015e4" \ --access-token $(cat ./access-key.txt) \ --secret-key $(cat ./secret-key.txt) \ --session-token $(cat ./session-token.txt) Using provider: ec2 Deleting host: i-0455b7272cae015e4 from ec2
$ cat > ./access-key.txt
$ cat > ./secret-key.txt
$ rm ./session-token.txt $ ./inletsctl-darwin create \ --provider ec2 \
--region eu-west-1 \ --access-token $(cat ./access-key.txt) \ --secret-key $(cat ./secret-key.txt)
Using provider: ec2 Requesting host: nostalgic-lamarr8 in eu-west-1, from ec2 Host: i-04464f06789ed6160, status: creating [1/500] Host: i-04464f06789ed6160, status: creating [2/500] Host: i-04464f06789ed6160, status: creating [3/500] Host: i-04464f06789ed6160, status: creating [4/500] Host: i-04464f06789ed6160, status: creating [5/500] Host: i-04464f06789ed6160, status: initialising ... [91/500] Host: i-04464f06789ed6160, status: initialising [92/500] Host: i-04464f06789ed6160, status: active inlets PRO TCP (0.8.3) server summary: IP: 54.246.198.197 Auth-token: AjdBCvOGk8YmIk10ah0b0J5muCeDoLslYU4qZtuoZiap1mzw3hYi3DKRfnxElMtw
Command:
Obtain a license at https://inlets.dev
Store it at $HOME/.inlets/LICENSE or use --help for more options
export LICENSE="$HOME/.inlets/LICENSE"
Give a single value or comma-separated
export PORTS="8000"
Where to route traffic from the inlets server
export UPSTREAM="localhost"
inlets-pro tcp client --url "wss://54.246.198.197:8123" \ --token "AjdBCvOGk8YmIk10ah0b0J5muCeDoLslYU4qZtuoZiap1mzw3hYi3DKRfnxElMtw" \ --upstream $UPSTREAM \ --ports $PORTS
To delete: inletsctl delete --provider ec2 --id "i-04464f06789ed6160"
inlets-pro tcp client --url "wss://54.246.198.197:8123" --token "AjdBCvOGk8YmIk10ah0b0J5muCeDoLslYU4qZtuoZiap1mzw3hYi3DKRfnxElMtw" --upstream localhost --ports 8080 --license-file pro.lic 2021/07/17 15:29:34 Starting TCP client. Version 0.8.5 - 8db64ded51b1455cf4ad027c52bc9cfbeb55c4b3 2021/07/17 15:29:34 Licensed to: Richard Gee contact@openfaas.com, expires: 14 day(s) 2021/07/17 15:29:34 Upstream server: localhost, for ports: 8080 inlets-pro client. Copyright Alex Ellis, OpenFaaS Ltd 2020 INFO[2021/07/17 15:29:34] Connecting to proxy url="wss://54.246.198.197:8123/connect" INFO[2021/07/17 15:29:34] Connection established.. OK.
./inletsctl-darwin delete \ --provider ec2 \
--id "i-04464f06789ed6160" \ --access-token-file ./access-key.txt \
--secret-key-file ./secret-key.txt
Using provider: ec2 Deleting host: i-04464f06789ed6160 from ec2