TUN-5869: Add configuration endpoint in metrics server

Author: DevinCarr

cmd/cloudflared/proxydns/cmd.go

@@ -73,7 +73,7 @@ func Run(c *cli.Context) error {
 		log.Fatal().Err(err).Msg("Failed to open the metrics listener")
 	}
 
-	go metrics.ServeMetrics(metricsListener, nil, nil, "", log)
+	go metrics.ServeMetrics(metricsListener, nil, nil, "", nil, log)
 
 	listener, err := tunneldns.CreateListener(
 		c.String("address"),

cmd/cloudflared/tunnel/cmd.go

@@ -340,6 +340,11 @@ func StartServer(
 		return err
 	}
 
+	orchestrator, err := orchestration.NewOrchestrator(ctx, dynamicConfig, tunnelConfig.Tags, tunnelConfig.Log)
+	if err != nil {
+		return err
+	}
+
 	metricsListener, err := listeners.Listen("tcp", c.String("metrics"))
 	if err != nil {
 		log.Err(err).Msg("Error opening metrics server listener")
@@ -351,14 +356,9 @@ func StartServer(
 		defer wg.Done()
 		readinessServer := metrics.NewReadyServer(log)
 		observer.RegisterSink(readinessServer)
-		errC <- metrics.ServeMetrics(metricsListener, ctx.Done(), readinessServer, quickTunnelURL, log)
+		errC <- metrics.ServeMetrics(metricsListener, ctx.Done(), readinessServer, quickTunnelURL, orchestrator, log)
 	}()
 
-	orchestrator, err := orchestration.NewOrchestrator(ctx, dynamicConfig, tunnelConfig.Tags, tunnelConfig.Log)
-	if err != nil {
-		return err
-	}
-
 	reconnectCh := make(chan supervisor.ReconnectSignal, 1)
 	if c.IsSet("stdin-control") {
 		log.Info().Msg("Enabling control through stdin")

config/configuration.go

@@ -411,7 +411,7 @@ type CustomDuration struct {
 	time.Duration
 }
 
-func (s *CustomDuration) MarshalJSON() ([]byte, error) {
+func (s CustomDuration) MarshalJSON() ([]byte, error) {
 	return json.Marshal(s.Duration.Seconds())
 }
 

ingress/config.go

@@ -11,14 +11,16 @@ import (
 	"github.com/cloudflare/cloudflared/tlsconfig"
 )
 
-const (
-	defaultConnectTimeout       = 30 * time.Second
-	defaultTLSTimeout           = 10 * time.Second
-	defaultTCPKeepAlive         = 30 * time.Second
-	defaultKeepAliveConnections = 100
-	defaultKeepAliveTimeout     = 90 * time.Second
-	defaultProxyAddress         = "127.0.0.1"
+var (
+	defaultConnectTimeout   = config.CustomDuration{Duration: 30 * time.Second}
+	defaultTLSTimeout       = config.CustomDuration{Duration: 10 * time.Second}
+	defaultTCPKeepAlive     = config.CustomDuration{Duration: 30 * time.Second}
+	defaultKeepAliveTimeout = config.CustomDuration{Duration: 90 * time.Second}
+)
 
+const (
+	defaultProxyAddress           = "127.0.0.1"
+	defaultKeepAliveConnections   = 100
 	SSHServerFlag                 = "ssh-server"
 	Socks5Flag                    = "socks5"
 	ProxyConnectTimeoutFlag       = "proxy-connect-timeout"
@@ -68,12 +70,12 @@ func (rc *RemoteConfig) UnmarshalJSON(b []byte) error {
 }
 
 func originRequestFromSingeRule(c *cli.Context) OriginRequestConfig {
-	var connectTimeout time.Duration = defaultConnectTimeout
-	var tlsTimeout time.Duration = defaultTLSTimeout
-	var tcpKeepAlive time.Duration = defaultTCPKeepAlive
+	var connectTimeout config.CustomDuration = defaultConnectTimeout
+	var tlsTimeout config.CustomDuration = defaultTLSTimeout
+	var tcpKeepAlive config.CustomDuration = defaultTCPKeepAlive
 	var noHappyEyeballs bool
 	var keepAliveConnections int = defaultKeepAliveConnections
-	var keepAliveTimeout time.Duration = defaultKeepAliveTimeout
+	var keepAliveTimeout config.CustomDuration = defaultKeepAliveTimeout
 	var httpHostHeader string
 	var originServerName string
 	var caPool string
@@ -84,13 +86,13 @@ func originRequestFromSingeRule(c *cli.Context) OriginRequestConfig {
 	var proxyPort uint
 	var proxyType string
 	if flag := ProxyConnectTimeoutFlag; c.IsSet(flag) {
-		connectTimeout = c.Duration(flag)
+		connectTimeout = config.CustomDuration{Duration: c.Duration(flag)}
 	}
 	if flag := ProxyTLSTimeoutFlag; c.IsSet(flag) {
-		tlsTimeout = c.Duration(flag)
+		tlsTimeout = config.CustomDuration{Duration: c.Duration(flag)}
 	}
 	if flag := ProxyTCPKeepAliveFlag; c.IsSet(flag) {
-		tcpKeepAlive = c.Duration(flag)
+		tcpKeepAlive = config.CustomDuration{Duration: c.Duration(flag)}
 	}
 	if flag := ProxyNoHappyEyeballsFlag; c.IsSet(flag) {
 		noHappyEyeballs = c.Bool(flag)
@@ -99,7 +101,7 @@ func originRequestFromSingeRule(c *cli.Context) OriginRequestConfig {
 		keepAliveConnections = c.Int(flag)
 	}
 	if flag := ProxyKeepAliveTimeoutFlag; c.IsSet(flag) {
-		keepAliveTimeout = c.Duration(flag)
+		keepAliveTimeout = config.CustomDuration{Duration: c.Duration(flag)}
 	}
 	if flag := HTTPHostHeaderFlag; c.IsSet(flag) {
 		httpHostHeader = c.String(flag)
@@ -158,13 +160,13 @@ func originRequestFromConfig(c config.OriginRequestConfig) OriginRequestConfig {
 		ProxyAddress:         defaultProxyAddress,
 	}
 	if c.ConnectTimeout != nil {
-		out.ConnectTimeout = c.ConnectTimeout.Duration
+		out.ConnectTimeout = *c.ConnectTimeout
 	}
 	if c.TLSTimeout != nil {
-		out.TLSTimeout = c.TLSTimeout.Duration
+		out.TLSTimeout = *c.TLSTimeout
 	}
 	if c.TCPKeepAlive != nil {
-		out.TCPKeepAlive = c.TCPKeepAlive.Duration
+		out.TCPKeepAlive = *c.TCPKeepAlive
 	}
 	if c.NoHappyEyeballs != nil {
 		out.NoHappyEyeballs = *c.NoHappyEyeballs
@@ -173,7 +175,7 @@ func originRequestFromConfig(c config.OriginRequestConfig) OriginRequestConfig {
 		out.KeepAliveConnections = *c.KeepAliveConnections
 	}
 	if c.KeepAliveTimeout != nil {
-		out.KeepAliveTimeout = c.KeepAliveTimeout.Duration
+		out.KeepAliveTimeout = *c.KeepAliveTimeout
 	}
 	if c.HTTPHostHeader != nil {
 		out.HTTPHostHeader = *c.HTTPHostHeader
@@ -218,52 +220,52 @@ func originRequestFromConfig(c config.OriginRequestConfig) OriginRequestConfig {
 // Note: To specify a time.Duration in go-yaml, use e.g. "3s" or "24h".
 type OriginRequestConfig struct {
 	// HTTP proxy timeout for establishing a new connection
-	ConnectTimeout time.Duration `yaml:"connectTimeout"`
+	ConnectTimeout config.CustomDuration `yaml:"connectTimeout" json:"connectTimeout"`
 	// HTTP proxy timeout for completing a TLS handshake
-	TLSTimeout time.Duration `yaml:"tlsTimeout"`
+	TLSTimeout config.CustomDuration `yaml:"tlsTimeout" json:"tlsTimeout"`
 	// HTTP proxy TCP keepalive duration
-	TCPKeepAlive time.Duration `yaml:"tcpKeepAlive"`
+	TCPKeepAlive config.CustomDuration `yaml:"tcpKeepAlive" json:"tcpKeepAlive"`
 	// HTTP proxy should disable "happy eyeballs" for IPv4/v6 fallback
-	NoHappyEyeballs bool `yaml:"noHappyEyeballs"`
+	NoHappyEyeballs bool `yaml:"noHappyEyeballs" json:"noHappyEyeballs"`
 	// HTTP proxy timeout for closing an idle connection
-	KeepAliveTimeout time.Duration `yaml:"keepAliveTimeout"`
+	KeepAliveTimeout config.CustomDuration `yaml:"keepAliveTimeout" json:"keepAliveTimeout"`
 	// HTTP proxy maximum keepalive connection pool size
-	KeepAliveConnections int `yaml:"keepAliveConnections"`
+	KeepAliveConnections int `yaml:"keepAliveConnections" json:"keepAliveConnections"`
 	// Sets the HTTP Host header for the local webserver.
-	HTTPHostHeader string `yaml:"httpHostHeader"`
+	HTTPHostHeader string `yaml:"httpHostHeader" json:"httpHostHeader"`
 	// Hostname on the origin server certificate.
-	OriginServerName string `yaml:"originServerName"`
+	OriginServerName string `yaml:"originServerName" json:"originServerName"`
 	// Path to the CA for the certificate of your origin.
 	// This option should be used only if your certificate is not signed by Cloudflare.
-	CAPool string `yaml:"caPool"`
+	CAPool string `yaml:"caPool" json:"caPool"`
 	// Disables TLS verification of the certificate presented by your origin.
 	// Will allow any certificate from the origin to be accepted.
 	// Note: The connection from your machine to Cloudflare's Edge is still encrypted.
-	NoTLSVerify bool `yaml:"noTLSVerify"`
+	NoTLSVerify bool `yaml:"noTLSVerify" json:"noTLSVerify"`
 	// Disables chunked transfer encoding.
 	// Useful if you are running a WSGI server.
-	DisableChunkedEncoding bool `yaml:"disableChunkedEncoding"`
+	DisableChunkedEncoding bool `yaml:"disableChunkedEncoding" json:"disableChunkedEncoding"`
 	// Runs as jump host
-	BastionMode bool `yaml:"bastionMode"`
+	BastionMode bool `yaml:"bastionMode" json:"bastionMode"`
 	// Listen address for the proxy.
-	ProxyAddress string `yaml:"proxyAddress"`
+	ProxyAddress string `yaml:"proxyAddress" json:"proxyAddress"`
 	// Listen port for the proxy.
-	ProxyPort uint `yaml:"proxyPort"`
+	ProxyPort uint `yaml:"proxyPort" json:"proxyPort"`
 	// What sort of proxy should be started
-	ProxyType string `yaml:"proxyType"`
+	ProxyType string `yaml:"proxyType" json:"proxyType"`
 	// IP rules for the proxy service
-	IPRules []ipaccess.Rule `yaml:"ipRules"`
+	IPRules []ipaccess.Rule `yaml:"ipRules" json:"ipRules"`
 }
 
 func (defaults *OriginRequestConfig) setConnectTimeout(overrides config.OriginRequestConfig) {
 	if val := overrides.ConnectTimeout; val != nil {
-		defaults.ConnectTimeout = val.Duration
+		defaults.ConnectTimeout = *val
 	}
 }
 
 func (defaults *OriginRequestConfig) setTLSTimeout(overrides config.OriginRequestConfig) {
 	if val := overrides.TLSTimeout; val != nil {
-		defaults.TLSTimeout = val.Duration
+		defaults.TLSTimeout = *val
 	}
 }
 
@@ -281,13 +283,13 @@ func (defaults *OriginRequestConfig) setKeepAliveConnections(overrides config.Or
 
 func (defaults *OriginRequestConfig) setKeepAliveTimeout(overrides config.OriginRequestConfig) {
 	if val := overrides.KeepAliveTimeout; val != nil {
-		defaults.KeepAliveTimeout = val.Duration
+		defaults.KeepAliveTimeout = *val
 	}
 }
 
 func (defaults *OriginRequestConfig) setTCPKeepAlive(overrides config.OriginRequestConfig) {
 	if val := overrides.TCPKeepAlive; val != nil {
-		defaults.TCPKeepAlive = val.Duration
+		defaults.TCPKeepAlive = *val
 	}
 }
 

ingress/config_test.go

@@ -65,7 +65,7 @@ func TestUnmarshalRemoteConfigOverridesGlobal(t *testing.T) {
 	err := json.Unmarshal(rawConfig, &remoteConfig)
 	require.NoError(t, err)
 	require.True(t, remoteConfig.Ingress.Rules[0].Config.NoTLSVerify)
-	require.True(t, remoteConfig.Ingress.defaults.NoHappyEyeballs)
+	require.True(t, remoteConfig.Ingress.Defaults.NoHappyEyeballs)
 }
 
 func TestOriginRequestConfigOverrides(t *testing.T) {
@@ -74,11 +74,11 @@ func TestOriginRequestConfigOverrides(t *testing.T) {
 		// root-level configuration.
 		actual0 := ing.Rules[0].Config
 		expected0 := OriginRequestConfig{
-			ConnectTimeout:         1 * time.Minute,
-			TLSTimeout:             1 * time.Second,
-			TCPKeepAlive:           1 * time.Second,
+			ConnectTimeout:         config.CustomDuration{Duration: 1 * time.Minute},
+			TLSTimeout:             config.CustomDuration{Duration: 1 * time.Second},
+			TCPKeepAlive:           config.CustomDuration{Duration: 1 * time.Second},
 			NoHappyEyeballs:        true,
-			KeepAliveTimeout:       1 * time.Second,
+			KeepAliveTimeout:       config.CustomDuration{Duration: 1 * time.Second},
 			KeepAliveConnections:   1,
 			HTTPHostHeader:         "abc",
 			OriginServerName:       "a1",
@@ -99,11 +99,11 @@ func TestOriginRequestConfigOverrides(t *testing.T) {
 		// Rule 1 overrode all the root-level config.
 		actual1 := ing.Rules[1].Config
 		expected1 := OriginRequestConfig{
-			ConnectTimeout:         2 * time.Minute,
-			TLSTimeout:             2 * time.Second,
-			TCPKeepAlive:           2 * time.Second,
+			ConnectTimeout:         config.CustomDuration{Duration: 2 * time.Minute},
+			TLSTimeout:             config.CustomDuration{Duration: 2 * time.Second},
+			TCPKeepAlive:           config.CustomDuration{Duration: 2 * time.Second},
 			NoHappyEyeballs:        false,
-			KeepAliveTimeout:       2 * time.Second,
+			KeepAliveTimeout:       config.CustomDuration{Duration: 2 * time.Second},
 			KeepAliveConnections:   2,
 			HTTPHostHeader:         "def",
 			OriginServerName:       "b2",
@@ -286,11 +286,11 @@ func TestOriginRequestConfigDefaults(t *testing.T) {
 		// Rule 1 overrode all defaults.
 		actual1 := ing.Rules[1].Config
 		expected1 := OriginRequestConfig{
-			ConnectTimeout:         2 * time.Minute,
-			TLSTimeout:             2 * time.Second,
-			TCPKeepAlive:           2 * time.Second,
+			ConnectTimeout:         config.CustomDuration{Duration: 2 * time.Minute},
+			TLSTimeout:             config.CustomDuration{Duration: 2 * time.Second},
+			TCPKeepAlive:           config.CustomDuration{Duration: 2 * time.Second},
 			NoHappyEyeballs:        false,
-			KeepAliveTimeout:       2 * time.Second,
+			KeepAliveTimeout:       config.CustomDuration{Duration: 2 * time.Second},
 			KeepAliveConnections:   2,
 			HTTPHostHeader:         "def",
 			OriginServerName:       "b2",

ingress/ingress.go

@@ -64,8 +64,8 @@ func matchHost(ruleHost, reqHost string) bool {
 
 // Ingress maps eyeball requests to origins.
 type Ingress struct {
-	Rules    []Rule
-	defaults OriginRequestConfig
+	Rules    []Rule              `json:"ingress"`
+	Defaults OriginRequestConfig `json:"originRequest"`
 }
 
 // NewSingleOrigin constructs an Ingress set with only one rule, constructed from
@@ -86,7 +86,7 @@ func NewSingleOrigin(c *cli.Context, allowURLFromArgs bool) (Ingress, error) {
 				Config:  setConfig(defaults, config.OriginRequestConfig{}),
 			},
 		},
-		defaults: defaults,
+		Defaults: defaults,
 	}
 	return ing, err
 }
@@ -180,7 +180,7 @@ func validateIngress(ingress []config.UnvalidatedIngressRule, defaults OriginReq
 			}
 			srv := newStatusCode(status)
 			service = &srv
-		} else if r.Service == "hello_world" || r.Service == "hello-world" || r.Service == "helloworld" {
+		} else if r.Service == HelloWorldService || r.Service == "hello-world" || r.Service == "helloworld" {
 			service = new(helloWorld)
 		} else if r.Service == ServiceSocksProxy {
 			rules := make([]ipaccess.Rule, len(r.OriginRequest.IPRules))
@@ -230,23 +230,24 @@ func validateIngress(ingress []config.UnvalidatedIngressRule, defaults OriginReq
 			return Ingress{}, err
 		}
 
-		var pathRegex *regexp.Regexp
+		var pathRegexp *Regexp
 		if r.Path != "" {
 			var err error
-			pathRegex, err = regexp.Compile(r.Path)
+			regex, err := regexp.Compile(r.Path)
 			if err != nil {
 				return Ingress{}, errors.Wrapf(err, "Rule #%d has an invalid regex", i+1)
 			}
+			pathRegexp = &Regexp{Regexp: regex}
 		}
 
 		rules[i] = Rule{
 			Hostname: r.Hostname,
 			Service:  service,
-			Path:     pathRegex,
+			Path:     pathRegexp,
 			Config:   cfg,
 		}
 	}
-	return Ingress{Rules: rules, defaults: defaults}, nil
+	return Ingress{Rules: rules, Defaults: defaults}, nil
 }
 
 func validateHostname(r config.UnvalidatedIngressRule, ruleIndex, totalRules int) error {

ingress/ingress_test.go

@@ -482,12 +482,12 @@ func TestSingleOriginSetsConfig(t *testing.T) {
 	ingress, err := NewSingleOrigin(cliCtx, allowURLFromArgs)
 	require.NoError(t, err)
 
-	assert.Equal(t, time.Second, ingress.Rules[0].Config.ConnectTimeout)
-	assert.Equal(t, time.Second, ingress.Rules[0].Config.TLSTimeout)
-	assert.Equal(t, time.Second, ingress.Rules[0].Config.TCPKeepAlive)
+	assert.Equal(t, config.CustomDuration{Duration: time.Second}, ingress.Rules[0].Config.ConnectTimeout)
+	assert.Equal(t, config.CustomDuration{Duration: time.Second}, ingress.Rules[0].Config.TLSTimeout)
+	assert.Equal(t, config.CustomDuration{Duration: time.Second}, ingress.Rules[0].Config.TCPKeepAlive)
 	assert.True(t, ingress.Rules[0].Config.NoHappyEyeballs)
 	assert.Equal(t, 10, ingress.Rules[0].Config.KeepAliveConnections)
-	assert.Equal(t, time.Second, ingress.Rules[0].Config.KeepAliveTimeout)
+	assert.Equal(t, config.CustomDuration{Duration: time.Second}, ingress.Rules[0].Config.KeepAliveTimeout)
 	assert.Equal(t, "example.com:8080", ingress.Rules[0].Config.HTTPHostHeader)
 	assert.Equal(t, "example.com", ingress.Rules[0].Config.OriginServerName)
 	assert.Equal(t, "/etc/certs/ca.pem", ingress.Rules[0].Config.CAPool)
@@ -508,7 +508,7 @@ func TestFindMatchingRule(t *testing.T) {
 			},
 			{
 				Hostname: "tunnel-b.example.com",
-				Path:     mustParsePath(t, "/health"),
+				Path:     MustParsePath(t, "/health"),
 			},
 			{
 				Hostname: "*",
@@ -591,10 +591,10 @@ func TestIsHTTPService(t *testing.T) {
 	}
 }
 
-func mustParsePath(t *testing.T, path string) *regexp.Regexp {
+func MustParsePath(t *testing.T, path string) *Regexp {
 	regexp, err := regexp.Compile(path)
 	assert.NoError(t, err)
-	return regexp
+	return &Regexp{Regexp: regexp}
 }
 
 func MustParseURL(t *testing.T, rawURL string) *url.URL {