paralus · niravparikh05 · Sep 21, 2023 · Aug 21, 2023 · Sep 21, 2023
@@ -1,4 +1,4 @@
-FROM golang:1.17 as build
+FROM golang:1.20 as build
 LABEL description="Build container"
 
 WORKDIR /build

@@ -0,0 +1,8 @@
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+#FROM gcr.io/distroless/static:latest
+## use base:debug for shell access
+FROM gcr.io/distroless/static:latest
+WORKDIR /
+COPY relay.upx relay
+ENTRYPOINT ["/relay"]
@@ -1,6 +1,6 @@
 IMG ?= relay:latest
 TS := $(shell /bin/date "+%Y%m%d%H%M%S")
-DEV_USER ?= dev
+DEV_USER ?= paralusio
 DEV_TAG := docker.io/${DEV_USER}/relay:$(TS)
 
 .PHONY: tidy

@@ -1,6 +1,6 @@
 module github.com/paralus/relay
 
-go 1.17
+go 1.20
 
 require (
 	github.com/cenkalti/backoff v2.2.1+incompatible
@@ -12,7 +12,7 @@ require (
 	github.com/inconshreveable/go-vhost v0.0.0-20160627193104-06d84117953b
 	github.com/jinzhu/inflection v1.0.0
 	github.com/julienschmidt/httprouter v1.3.0
-	github.com/paralus/paralus v0.2.2
+	github.com/paralus/paralus v0.2.5-0.20230921060456-1b7a9a1fa32e
 	github.com/rs/xid v1.3.0
 	github.com/segmentio/encoding v0.3.4
 	github.com/spf13/pflag v1.0.5

@@ -36,7 +36,7 @@ func terminate(cancel context.CancelFunc) {
 	os.Exit(1)
 }
 
-//os signal handler
+// os signal handler
 func signalHandler(sig os.Signal, cancel context.CancelFunc) {
 	if sig == syscall.SIGINT || sig == syscall.SIGKILL || sig == syscall.SIGTERM || sig == syscall.SIGQUIT {
 		log.Error(

@@ -195,7 +195,7 @@ type unixHandlerOptions struct {
 	sni      string
 }
 
-//UnixKubeHandler unix handler
+// UnixKubeHandler unix handler
 func UnixKubeHandler(sockPath, key, username, sni string) (http.Handler, error) {
 
 	hkey := getRTCacheKey(username + key)
@@ -242,7 +242,7 @@ func peerDialContext(relayIP string) func(ctx context.Context, network, addr str
 	}
 }
 
-//makePeerUpgradeTransport ...
+// makePeerUpgradeTransport ...
 func makePeerUpgradeTransport(relayIP string, tlscfg *tls.Config) (k8proxy.UpgradeRequestRoundTripper, error) {
 	rt := utilnet.SetOldTransportDefaults(&http.Transport{
 		DialContext:         peerDialContext(relayIP),
@@ -263,7 +263,7 @@ func makePeerUpgradeTransport(relayIP string, tlscfg *tls.Config) (k8proxy.Upgra
 	return k8proxy.NewUpgradeRequestRoundTripper(rt, upgrader), nil
 }
 
-//PeerKubeHandler peer proxying handler
+// PeerKubeHandler peer proxying handler
 func PeerKubeHandler(tlscfg *tls.Config, relayIP string) (http.Handler, error) {
 	hkey := getRTCacheKey(tlscfg.ServerName)
 	if val, ok := relayPeerRoundTripper.Get(hkey); ok {

@@ -125,7 +125,7 @@ func getServiceAccountSecret(ctx context.Context, c k8sclient.Client, name, name
 	return nil, fmt.Errorf("service account %s/%s does not have secrets of type ServiceAccountToken", namespace, name)
 }
 
-//DeleteServiceAccount from cluster and cache
+// DeleteServiceAccount from cluster and cache
 func DeleteServiceAccount(key, paralusAuthzSA, paralusAuthzRole, paralusAuthzRoleBind string, delCache bool) {
 	svclogger.Debug(
 		"DeleteServiceAccount",

@@ -773,7 +773,7 @@ func cdRelayServerBootStrap(ctx context.Context, log *relaylogger.RelayLog) {
 	ticker.Stop()
 }
 
-//RunRelayServer entry to the relay server
+// RunRelayServer entry to the relay server
 func RunRelayServer(ctx context.Context, logLvl int) {
 	rctx, cancel := context.WithCancel(ctx)
 	defer cancel()
@@ -812,7 +812,7 @@ restartServer:
 	}
 }
 
-//RunCDRelayServer entry to the relay server
+// RunCDRelayServer entry to the relay server
 func RunCDRelayServer(ctx context.Context, logLvl int) {
 	rctx, cancel := context.WithCancel(ctx)
 	defer cancel()

@@ -64,43 +64,43 @@ func (l *RelayLog) relaylog(level int, msg string, kvs ...interface{}) {
 
 }
 
-//Enabled log enabled
+// Enabled log enabled
 func (_ *RelayLog) Enabled() bool {
 	return true
 }
 
-//Critical log critical
+// Critical log critical
 func (l *RelayLog) Critical(msg string, kvs ...interface{}) {
 	l.relaylog(0, msg, kvs...)
 }
 
-//Error log error level
+// Error log error level
 func (l *RelayLog) Error(err error, msg string, kvs ...interface{}) {
 	kvs = append(kvs, "error", err)
 	l.relaylog(1, msg, kvs...)
 }
 
-//Warn log warning level
+// Warn log warning level
 func (l *RelayLog) Warn(msg string, kvs ...interface{}) {
 	l.relaylog(2, msg, kvs...)
 }
 
-//Info log info level
+// Info log info level
 func (l *RelayLog) Info(msg string, kvs ...interface{}) {
 	l.relaylog(3, msg, kvs...)
 }
 
-//Debug log debug level
+// Debug log debug level
 func (l *RelayLog) Debug(msg string, kvs ...interface{}) {
 	l.relaylog(4, msg, kvs...)
 }
 
-//V ..
+// V ..
 func (l *RelayLog) V(_ int) *RelayLog {
 	return l
 }
 
-//WithName set log name
+// WithName set log name
 func (l *RelayLog) WithName(name string) *RelayLog {
 	var objName string
 	if l.name == "" {
@@ -116,7 +116,7 @@ func (l *RelayLog) WithName(name string) *RelayLog {
 	}
 }
 
-//WithValues log  key values
+// WithValues log  key values
 func (l *RelayLog) WithValues(kvs ...interface{}) *RelayLog {
 	newMap := make(map[string]interface{}, len(l.keyValues)+len(kvs)/2)
 	for k, v := range l.keyValues {
@@ -132,15 +132,15 @@ func (l *RelayLog) WithValues(kvs ...interface{}) *RelayLog {
 	}
 }
 
-//NewLogger create new logger
+// NewLogger create new logger
 func NewLogger(level int) *RelayLog {
 	if runLevel < level {
 		runLevel = level
 	}
 	return &RelayLog{level: level}
 }
 
-//SetRunTimeLogLevel set a run time log level
+// SetRunTimeLogLevel set a run time log level
 func SetRunTimeLogLevel(level int) {
 	fmt.Println("log level changed from ", runLevel, " to ", level)
 	runLevel = level

@@ -171,7 +171,6 @@ func (t *transformer) getParams(url string) httprouter.Params {
 
 func (t *transformer) Transform(lm *LogMsg, am *AuditMsg) error {
 
-	//_log.Infow("transforming", "logMessage", *lm)
 	cluster, err := t.getCluster(lm.ServerName)
 	if err != nil {
 		_log.Infow("unable to lookup cluster", "error", err)
@@ -184,9 +183,12 @@ func (t *transformer) Transform(lm *LogMsg, am *AuditMsg) error {
 		return err
 	}
 
+	_log.Debug("cluster info for logging", "cluster", cluster)
+
 	params := t.getParams(lm.URL)
 
 	am.ClusterName = cluster.Name
+	am.ProjectName = cluster.Project
 	am.OrganizationID = user.OrganizationID
 	am.PartnerID = user.PartnerID
 	am.UserName = user.UserName

@@ -44,6 +44,7 @@ type AuditMsg struct {
 	UserName       string  `json:"un"`
 	OrganizationID string  `json:"o"`
 	PartnerID      string  `json:"p"`
+	ProjectName    string  `json:"pr"`
 	RemoteAddr     string  `json:"ra"`
 	Duration       float64 `json:"d"`
 	ClusterName    string  `json:"cn"`

@@ -19,7 +19,7 @@ import (
 	"golang.org/x/net/http2"
 )
 
-//ClientConfig ..
+// ClientConfig ..
 type ClientConfig struct {
 	//ServiceName name of the service
 	ServiceName string
@@ -42,7 +42,7 @@ type ClientConfig struct {
 	Logger *relaylogger.RelayLog
 }
 
-//Client struct
+// Client struct
 type Client struct {
 	sync.Mutex
 	conn               net.Conn
@@ -75,7 +75,7 @@ func expBackoff(c BackoffConfig) *backoff.ExponentialBackOff {
 	return b
 }
 
-//loadNewRelayNetwork start the relay agent for a given network
+// loadNewRelayNetwork start the relay agent for a given network
 func loadNewRelayNetwork(ctx context.Context, rnc utils.RelayNetworkConfig) error {
 	var spxy proxy.Func
 	var tlsconf *tls.Config
@@ -235,7 +235,7 @@ func (c *Client) runClient(ctx context.Context) {
 	}
 }
 
-//Start relay client
+// Start relay client
 func (c *Client) Start(ctx context.Context) error {
 	cw := make(chan bool)
 
@@ -356,7 +356,7 @@ func (c *Client) processDialoutProxy(conn net.Conn, network, addr string) error
 	return nil
 }
 
-//dialout connect
+// dialout connect
 func (c *Client) connect() (net.Conn, error) {
 	c.Lock()
 	defer c.Unlock()
@@ -374,7 +374,7 @@ func (c *Client) connect() (net.Conn, error) {
 	return conn, nil
 }
 
-//dial
+// dial
 func (c *Client) dial() (net.Conn, error) {
 	var (
 		network   = "tcp"
@@ -582,7 +582,7 @@ func (c *Client) handleHandshake(w http.ResponseWriter, r *http.Request) {
 	w.Write(b)
 }
 
-//setups the proxy func handler
+// setups the proxy func handler
 func clientProxy(svcName string, d *Dialout, logger *relaylogger.RelayLog) proxy.Func {
 	proxyCfg := &utils.ProxyConfig{
 		Protocol:           d.Protocol,
@@ -628,7 +628,7 @@ func clientProxy(svcName string, d *Dialout, logger *relaylogger.RelayLog) proxy
 	}
 }
 
-//StartClient starts relay clients
+// StartClient starts relay clients
 func StartClient(ctx context.Context, log *relaylogger.RelayLog, file string, rnc utils.RelayNetworkConfig, exitChan chan<- bool) {
 	clog = log.WithName("Client")
 

@@ -24,7 +24,7 @@ var (
 	emptyID         [32]byte
 )
 
-//ServerTLSConfigFromBytes prepare a tls config from cert,key,rootCA
+// ServerTLSConfigFromBytes prepare a tls config from cert,key,rootCA
 func ServerTLSConfigFromBytes(certList []utils.SNICertificate, rootCAs []string, nextprotos ...string) (*tls.Config, error) {
 	var err error
 
@@ -76,7 +76,7 @@ func ServerTLSConfigFromBytes(certList []utils.SNICertificate, rootCAs []string,
 	return config, nil
 }
 
-//ClientTLSConfigFromBytes sets tls config
+// ClientTLSConfigFromBytes sets tls config
 func ClientTLSConfigFromBytes(tlsCrt []byte, tlsKey []byte, rootPEM []byte, addr string) (*tls.Config, error) {
 	cert, err := tls.X509KeyPair(tlsCrt, tlsKey)
 	if err != nil {
@@ -110,7 +110,7 @@ func ClientTLSConfigFromBytes(tlsCrt []byte, tlsKey []byte, rootPEM []byte, addr
 	}, nil
 }
 
-//ClientTLSConfig sets tls config
+// ClientTLSConfig sets tls config
 func ClientTLSConfig(tlsCrt string, tlsKey string, rootCA string, addr string) (*tls.Config, error) {
 
 	cert, err := tls.LoadX509KeyPair(tlsCrt, tlsKey)
@@ -149,7 +149,7 @@ func ClientTLSConfig(tlsCrt string, tlsKey string, rootCA string, addr string) (
 	}, nil
 }
 
-//GetRemoteCertID extract peer ID
+// GetRemoteCertID extract peer ID
 func GetRemoteCertID(conn *tls.Conn) (string, error) {
 	// Try a TLS connection over the given connection. We explicitly perform
 	// the handshake, since we want to maintain the invariant that, if this

@@ -50,7 +50,7 @@ func (p *dialinPool) URL(key string) string {
 	return fmt.Sprint("https://", key)
 }
 
-//GetClientConn get connector
+// GetClientConn get connector
 func (p *dialinPool) GetClientConn(req *http.Request, addr string) (*http2.ClientConn, error) {
 	p.mu.RLock()
 	defer p.mu.RUnlock()
@@ -156,7 +156,7 @@ func (p *dialinPool) AddConn(conn net.Conn, identifier string, sni string, remot
 	return key, nil
 }
 
-//GetDialinConnectorKey get connector key
+// GetDialinConnectorKey get connector key
 func (p *dialinPool) GetDialinConnectorCount(sni string) (int, error) {
 	p.mu.RLock()
 	defer p.mu.RUnlock()
@@ -189,7 +189,7 @@ func (p *dialinPool) getConnKey(sni string, item *dialinConnector, count int) (s
 	return "", fmt.Errorf("Empty dialin pool.dialinConnectors for sni %s ", sni)
 }
 
-//GetDialinConnectorKey get connector key
+// GetDialinConnectorKey get connector key
 func (p *dialinPool) GetDialinConnectorKey(sni string) (string, error) {
 	p.mu.Lock()
 	defer p.mu.Unlock()
@@ -335,7 +335,7 @@ func (p *dialinPool) addr(identifier string) string {
 	return identifier
 }
 
-//StartDialinPoolMgr starting dialin connection manager
+// StartDialinPoolMgr starting dialin connection manager
 func StartDialinPoolMgr(ctx context.Context, log *relaylogger.RelayLog, exitChan chan<- bool) {
 	_dplog = log.WithName("DialinPool")
 
@@ -351,7 +351,7 @@ func StartDialinPoolMgr(ctx context.Context, log *relaylogger.RelayLog, exitChan
 	}
 }
 
-//GetDialinMetrics get connector key
+// GetDialinMetrics get connector key
 func (p *dialinPool) GetDialinMetrics(w http.ResponseWriter) {
 	var clusterCnt, connCnt int
 	clusterCnt, connCnt = 0, 0

@@ -17,7 +17,7 @@ import (
 
 var peerlog *relaylogger.RelayLog
 
-//StartPeeringMgr will start the peering RPCs
+// StartPeeringMgr will start the peering RPCs
 func StartPeeringMgr(ctx context.Context, log *relaylogger.RelayLog, exitChan chan<- bool, config *ServerConfig) {
 	var tlsConfig *tls.Config
 	var err error