Agent UI 1

.github/workflows/ci-build.yml

@@ -29,19 +29,29 @@ jobs:
       - name: setup-node
         uses: actions/setup-node@v4
         with:
-          node-version: 18.x
+          node-version: 20.x
 
       - name: install ui node modules
         shell: bash
         run: npm install
         working-directory: ui
 
-      - name: build node ui
+      - name: build ui
         shell: bash
         run: npm run build
         working-directory: ui
         env:
           CI: "true"
+
+      - name: install agent ui node modules
+        shell: bash
+        run: npm install
+        working-directory: agent/agentUi
+
+      - name: build agent ui
+        shell: bash
+        run: npm run build
+        working-directory: agent/agentUi
 
       - name: go install
         shell: bash

CHANGELOG.md

@@ -6,8 +6,12 @@ MAJOR RELEASE: zrok reaches version 1.0.0!
 
 FEATURE: New "zrok Agent", a background manager process for your zrok environments, which allows you to easily manage and work with multiple `zrok share` and `zrok access` processes. New `--subordinate` flag added to `zrok share [public|private|reserved]` and `zrok access private` to operate in a mode that allows an Agent to manage shares and accesses (https://github.com/openziti/zrok/issues/463)
 
+FEATURE: New "zrok Agent UI" a web-based user interface for the zrok Agent, which allows creating and releasing shares and accesses through a web browser. This is just an initial chunk of the new Agent UI, and is considered a "minimum viable" version of this interface (https://github.com/openziti/zrok/issues/221)
+
 FEATURE: `zrok share [public|private|reserved]` and `zrok access private` now auto-detect if the zrok Agent is running in an environment and will automatically service share and access requests through the Agent, rather than in-process if the Agent is running. If the Agent is not running, operation remains as it was in `v0.4.x` and the share or access is handled in-process. New `--force-agent` and `--force-local` flags exist to skip Agent detection and manually select an operating mode (https://github.com/openziti/zrok/issues/751)
 
+FEATURE `zrok access private` supports a new `--auto` mode, which can automatically find an available open address/port to bind the frontend listener on. Also includes `--auto-address`, `--auto-start-port`, and `--auto-end-port` features with sensible defaults. Supported by both the agent and local operating modes (https://github.com/openziti/zrok/issues/780)
+
 ## v0.4.45
 
 FIX: Update indirect dependency `github.com/golang-jwt/jwt/v4` to version `v4.5.1` (https://github.com/openziti/zrok/issues/794)

agent/access.go

@@ -1,26 +1,23 @@
 package agent
 
 import (
-	"bytes"
-	"encoding/json"
-	"errors"
 	"github.com/michaelquigley/pfxlog"
 	"github.com/openziti/zrok/agent/proctree"
-	"github.com/sirupsen/logrus"
-	"strings"
+	"github.com/openziti/zrok/cmd/zrok/subordinate"
 )
 
 type access struct {
 	frontendToken   string
 	token           string
 	bindAddress     string
+	autoMode        bool
+	autoAddress     string
+	autoStartPort   uint16
+	autoEndPort     uint16
 	responseHeaders []string
 
-	process      *proctree.Child
-	readBuffer   bytes.Buffer
-	booted       bool
-	bootComplete chan struct{}
-	bootErr      error
+	process *proctree.Child
+	sub     *subordinate.MessageHandler
 
 	agent *Agent
 }
@@ -31,46 +28,3 @@ func (a *access) monitor() {
 	}
 	a.agent.rmAccess <- a
 }
-
-func (a *access) tail(data []byte) {
-	defer func() {
-		if r := recover(); r != nil {
-			logrus.Errorf("recovering: %v", r)
-		}
-	}()
-	a.readBuffer.Write(data)
-	if line, err := a.readBuffer.ReadString('\n'); err == nil {
-		line = strings.Trim(line, "\n")
-		if !a.booted {
-			in := make(map[string]interface{})
-			if err := json.Unmarshal([]byte(line), &in); err == nil {
-				if v, found := in["frontend_token"]; found {
-					if str, ok := v.(string); ok {
-						a.frontendToken = str
-					}
-				}
-				if v, found := in["bind_address"]; found {
-					if str, ok := v.(string); ok {
-						a.bindAddress = str
-					}
-				}
-				a.booted = true
-			} else {
-				a.bootErr = errors.New(line)
-			}
-			close(a.bootComplete)
-
-		} else {
-			if strings.HasPrefix(line, "{") {
-				in := make(map[string]interface{})
-				if err := json.Unmarshal([]byte(line), &in); err == nil {
-					pfxlog.ChannelLogger(a.token).Info(in)
-				}
-			} else {
-				pfxlog.ChannelLogger(a.token).Info(strings.Trim(line, "\n"))
-			}
-		}
-	} else {
-		a.readBuffer.WriteString(line)
-	}
-}

agent/accessPrivate.go

@@ -3,8 +3,10 @@ package agent
 import (
 	"context"
 	"errors"
+	"fmt"
 	"github.com/openziti/zrok/agent/agentGrpc"
 	"github.com/openziti/zrok/agent/proctree"
+	"github.com/openziti/zrok/cmd/zrok/subordinate"
 	"github.com/openziti/zrok/environment"
 	"github.com/sirupsen/logrus"
 	"os"
@@ -21,28 +23,71 @@ func (i *agentGrpcImpl) AccessPrivate(_ context.Context, req *agentGrpc.AccessPr
 	}
 
 	accCmd := []string{os.Args[0], "access", "private", "--subordinate", "-b", req.BindAddress, req.Token}
+	if req.AutoMode {
+		accCmd = append(accCmd, "--auto", "--auto-address", req.AutoAddress, "--auto-start-port", fmt.Sprintf("%v", req.AutoStartPort))
+		accCmd = append(accCmd, "--auto-end-port", fmt.Sprintf("%v", req.AutoEndPort))
+	}
+	logrus.Info(accCmd)
+
 	acc := &access{
 		token:           req.Token,
 		bindAddress:     req.BindAddress,
+		autoMode:        req.AutoMode,
+		autoAddress:     req.AutoAddress,
+		autoStartPort:   uint16(req.AutoStartPort),
+		autoEndPort:     uint16(req.AutoEndPort),
 		responseHeaders: req.ResponseHeaders,
-		bootComplete:    make(chan struct{}),
+		sub:             subordinate.NewMessageHandler(),
 		agent:           i.agent,
 	}
+	acc.sub.MessageHandler = func(msg subordinate.Message) {
+		logrus.Info(msg)
+	}
+	var bootErr error
+	acc.sub.BootHandler = func(msgType string, msg subordinate.Message) {
+		switch msgType {
+		case subordinate.BootMessage:
+			if v, found := msg["frontend_token"]; found {
+				if str, ok := v.(string); ok {
+					acc.frontendToken = str
+				}
+			}
+			if v, found := msg["bind_address"]; found {
+				if sr, ok := v.(string); ok {
+					acc.bindAddress = sr
+				}
+			}
+
+		case subordinate.ErrorMessage:
+			if v, found := msg[subordinate.ErrorMessage]; found {
+				if str, ok := v.(string); ok {
+					bootErr = errors.New(str)
+				}
+			}
+		}
+	}
+	acc.sub.MalformedHandler = func(msg subordinate.Message) {
+		logrus.Error(msg)
+	}
 
 	logrus.Infof("executing '%v'", accCmd)
 
-	acc.process, err = proctree.StartChild(acc.tail, accCmd...)
+	acc.process, err = proctree.StartChild(acc.sub.Tail, accCmd...)
 	if err != nil {
 		return nil, err
 	}
 
-	go acc.monitor()
-	<-acc.bootComplete
+	<-acc.sub.BootComplete
 
-	if acc.bootErr == nil {
+	if bootErr == nil {
+		go acc.monitor()
 		i.agent.addAccess <- acc
 		return &agentGrpc.AccessPrivateResponse{FrontendToken: acc.frontendToken}, nil
-	}
 
-	return nil, acc.bootErr
+	} else {
+		if err := proctree.WaitChild(acc.process); err != nil {
+			logrus.Errorf("error joining: %v", err)
+		}
+		return nil, fmt.Errorf("unable to start access: %v", bootErr)
+	}
 }

agent/agent.go

@@ -1,33 +1,42 @@
 package agent
 
 import (
+	"context"
+	"github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
 	"github.com/openziti/zrok/agent/agentGrpc"
+	"github.com/openziti/zrok/agent/agentUi"
 	"github.com/openziti/zrok/agent/proctree"
 	"github.com/openziti/zrok/environment/env_core"
 	"github.com/openziti/zrok/sdk/golang/sdk"
+	"github.com/openziti/zrok/util"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/insecure"
 	"net"
+	"net/http"
 	"os"
 )
 
 type Agent struct {
-	root        env_core.Root
-	agentSocket string
-	shares      map[string]*share
-	addShare    chan *share
-	rmShare     chan *share
-	accesses    map[string]*access
-	addAccess   chan *access
-	rmAccess    chan *access
+	cfg          *AgentConfig
+	httpEndpoint string
+	root         env_core.Root
+	agentSocket  string
+	shares       map[string]*share
+	addShare     chan *share
+	rmShare      chan *share
+	accesses     map[string]*access
+	addAccess    chan *access
+	rmAccess     chan *access
 }
 
-func NewAgent(root env_core.Root) (*Agent, error) {
+func NewAgent(cfg *AgentConfig, root env_core.Root) (*Agent, error) {
 	if !root.IsEnabled() {
 		return nil, errors.Errorf("unable to load environment; did you 'zrok enable'?")
 	}
 	return &Agent{
+		cfg:       cfg,
 		root:      root,
 		shares:    make(map[string]*share),
 		addShare:  make(chan *share),
@@ -44,7 +53,6 @@ func (a *Agent) Run() error {
 	if err := proctree.Init("zrok Agent"); err != nil {
 		return err
 	}
-	go a.manager()
 
 	agentSocket, err := a.root.AgentSocket()
 	if err != nil {
@@ -56,6 +64,9 @@ func (a *Agent) Run() error {
 	}
 	a.agentSocket = agentSocket
 
+	go a.manager()
+	go a.gateway(a.cfg)
+
 	srv := grpc.NewServer()
 	agentGrpc.RegisterAgentServer(srv, &agentGrpcImpl{agent: a})
 	if err := srv.Serve(l); err != nil {
@@ -81,6 +92,36 @@ func (a *Agent) Shutdown() {
 	}
 }
 
+func (a *Agent) Config() *AgentConfig {
+	return a.cfg
+}
+
+func (a *Agent) gateway(cfg *AgentConfig) {
+	logrus.Info("started")
+	defer logrus.Warn("exited")
+
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	mux := runtime.NewServeMux()
+	opts := []grpc.DialOption{grpc.WithTransportCredentials(insecure.NewCredentials())}
+	endpoint := "unix:" + a.agentSocket
+	logrus.Debugf("endpoint: '%v'", endpoint)
+	if err := agentGrpc.RegisterAgentHandlerFromEndpoint(ctx, mux, "unix:"+a.agentSocket, opts); err != nil {
+		logrus.Fatalf("unable to register gateway: %v", err)
+	}
+
+	listener, err := util.AutoListener("tcp", cfg.ConsoleAddress, cfg.ConsoleStartPort, cfg.ConsoleEndPort)
+	if err != nil {
+		logrus.Fatalf("unable to create a listener: %v", err)
+	}
+	a.httpEndpoint = listener.Addr().String()
+
+	if err := http.Serve(listener, agentUi.Middleware(mux)); err != nil {
+		logrus.Error(err)
+	}
+}
+
 func (a *Agent) manager() {
 	logrus.Info("started")
 	defer logrus.Warn("exited")