Hello everyone,
i hope you guys can help me, i am currently trying to integrate OpenZiti in one of my Go Apps, however i am not able to use "DialAddr" it simply is not able to find any Service for the used Address. I everyime get the following error:
panic: Get "https://my.intercept.hostname:443": no service for address[tcp:my.intercept.hostname:443]
I tried several things, also connecting directly to the specific ServiceName instead of Address, which worked first try. Is that some ongoing bug or did i something wrong? I hope someone can help me out here
Called Intercept of Service:
{
"name": "EITZTN1-my-intercept-hostname-inter",
"configTypeId": "g7cIWbcGg",
"data": {
"portRanges": [
{
"high": 80,
"low": 80
},
{
"high": 443,
"low": 443
}
],
"addresses": [
"my.intercept.hostname"
],
"protocols": [
"tcp",
"udp"
]
},
"tags": {}
}
My Test Code:
package main
import (
"context"
"fmt"
"io"
"net"
"net/http"
"os"
"github.com/openziti/sdk-golang/ziti"
"github.com/sirupsen/logrus"
)
var zitiContext ziti.Context
func Dial(_ context.Context, _ string, addr string) (net.Conn, error) {
return zitiContext.DialAddr("tcp", addr)
}
func createZitifiedHttpClient(idFile string) http.Client {
cfg, err := ziti.NewConfigFromFile(idFile)
if err != nil {
panic(err)
}
zitiContext, err = ziti.NewContext(cfg)
if err != nil {
panic(err)
}
zitiTransport := http.DefaultTransport.(*http.Transport).Clone()
zitiTransport.DialContext = Dial
return http.Client{Transport: zitiTransport}
}
func main() {
logrus.SetLevel(logrus.DebugLevel)
httpClient := createZitifiedHttpClient(os.Args[1])
resp, e := httpClient.Get(os.Args[2])
if e != nil {
panic(e)
}
body, _ := io.ReadAll(resp.Body)
fmt.Println(string(body))
}
Hi @erikmagkekse, welcome to the community and to OpenZiti (and zrok/BrowZer),
Amazing! I am excited to see what you do and how you use OpenZiti!
Thanks for providing the code you used too! I'll have a look at what you did and let you know what I think, just gimme a bit.
1 Like
Hi @erikmagkekse,
I took your sample and updated it and put it out on a repo for you to look at. You can clone or look at it here discourse-support/discourse_3351 at main · dovholuknf/discourse-support · GitHub
With ziti there are two mechanisms you can use as you know, there's the "by service name" approach where you basically use the service name as the host. In the example shared above i used http://sample
.
When you want to use the intercept mode, things get a bit more complex. First, with an intercept address approach you'll want to ensure you authenticate the context. This will also pull down any and all services (and configs) you have specified to be pulled down. That internal service map will then be used when "mapping" the hostname in the url to the service.
Have a look at the chunk of code here. You'll see it does a few things:
- indicates which config types should be retrieved - often i'll use "all" but in this case i restricted it to just ask for "intervcept.v1" configs:
cfg.ConfigTypes = append(cfg.ConfigTypes, ziti.InterceptV1)
- authenticate to the controller which pulls the services the identity is allowed to interact with:
err = zitiContext.Authenticate()
- generate a new
zitiContexts := ziti.NewSdkCollection()
. This is then captured inside the DialContext below and used when dialing - this is the 'magic' that will map the hostname/port to the service
Everything else is largely the same.
I added both samples to that git repo too, you'll see the function that uses the service name in the url createZitifiedHttpClientServiceName
along with the function that will basically "resolve" a hostname:port combo to a service and then dial it: createZitifiedHttpClient
I'm sure that'll get you going, cheers! Let us know if there's anything missing or any confusion and when you're done let us know what you did! We love to hear how OpenZiti is being used!
1 Like
Oh wow thank you very much! I will check it out the next weeks and see if i will get it implemented
That explains it ofc, no pulled down intercepts means also, no intercepts to match.
I actually expected that the Ziti Go SDK does this by default, maybe something that could be improved a bit in documentation. (If i wasn't blind)