From 0eb62bc64f7bac5af57cc1bf47325afdfb452315 Mon Sep 17 00:00:00 2001 From: Paul Lorenz Date: Thu, 9 Jan 2020 12:06:51 -0500 Subject: [PATCH 1/4] Move release notes from ziti-edge to ziti-cmd --- doc/release-notes-0.6.md | 165 +++++++++++++++++++++++++++++++++++++ doc/release-notes-0.7.md | 99 ++++++++++++++++++++++ doc/release-notes-0.8.md | 173 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 437 insertions(+) create mode 100644 doc/release-notes-0.6.md create mode 100644 doc/release-notes-0.7.md create mode 100644 doc/release-notes-0.8.md diff --git a/doc/release-notes-0.6.md b/doc/release-notes-0.6.md new file mode 100644 index 000000000..b575c0dc9 --- /dev/null +++ b/doc/release-notes-0.6.md @@ -0,0 +1,165 @@ + + +This page discusses the changes that you need to be aware of when migrating your Ziti deployment from version 0.5.x to version 0.6.x + +# Theme +Ziti 0.6.0 move the back-end persistence model of Ziti Edge and Ziti Fabric into the same repository based on Bbolt (an in memory data store that is backed by a memory mapped file). The changes remove the requirement for PostgresSQL. + +# UPDB Enrollment JWTs +Enrollments that are for UPDB (username password database) are now consistent with all other enrollment and use JWTs for processing. Prior to this a naked URL was provided. + +## What This Breaks +Any UPDB enrollment processing that relied upon the URL for the enrollment. + + + +Ziti 0.5.x UPDB enrolling entity + +``` +{ + "meta": {}, + "data": { + "id": "612843ae-6ac8-48ac-a737-bfc2d28ab9ea", + "createdAt": "2019-11-21T17:23:00.316631Z", + "updatedAt": "2019-11-21T17:23:00.316631Z", + "_links": { + "self": { + "href": "./identities/612843ae-6ac8-48ac-a737-bfc2d28ab9ea" + } + }, + "tags": {}, + "name": "updb--5badbdc5-e8dd-4877-82df-c06aea7f1197", + "type": { + "id": "577104f2-1e3a-4947-a927-7383baefbc9a", + "name": "User" + }, + "isDefaultAdmin": false, + "isAdmin": false, + "authenticators": {}, + "enrollment": { + "updb": { + "username": "asdf", + "url": "https://demo.ziti.netfoundry.io:1080/enroll?method=updb&token=911e6562-0c83-11ea-a81a-000d3a1b4b17&username=asdf" + } + }, + "permissions": [] + } +} +``` + +Ziti 0.6.x UPDB enrolling entity (note the changes in the enrollment.updb object): + +``` +{ + "meta": {}, + "data": { + "id": "39f11c10-0693-41ed-9bec-8011e2721562", + "createdAt": "2019-11-21T17:28:18.2855234Z", + "updatedAt": "2019-11-21T17:28:18.2855234Z", + "_links": { + "self": { + "href": "./identities/39f11c10-0693-41ed-9bec-8011e2721562" + } + }, + "tags": {}, + "name": "updb--b55f5372-3993-40f5-b534-126e0dd2f1be", + "type": { + "entity": "identity-types", + "id": "577104f2-1e3a-4947-a927-7383baefbc9a", + "name": "User", + "_links": { + "self": { + "href": "./identity-types/577104f2-1e3a-4947-a927-7383baefbc9a" + } + } + }, + "isDefaultAdmin": false, + "isAdmin": false, + "authenticators": {}, + "enrollment": { + "updb": { + "expiresAt": "2019-11-21T17:33:18.2855234Z", + "issuedAt": "2019-11-21T17:28:18.2855234Z", + "jwt": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbSI6InVwZGIiLCJleHAiOjE1NzQzNTc1OTgsImlzcyI6Imh0dHBzOi8vbG9jYWxob3N0OjEyODAiLCJqdGkiOiJiYzBlY2NlOC05ZGY0LTQzZDYtYTVhMC0wMjI1MzY2YmM4M2EiLCJzdWIiOiIzOWYxMWMxMC0wNjkzLTQxZWQtOWJlYy04MDExZTI3MjE1NjIifQ.PUcnACCdwqfWRGRzF8lG6xDTgHKAwKV6eTw8tHFuNBXaUNbqExBwUQEW0-cCHsV-nLEyhxyjhXmVCkIDgz-ukKfS0xStiDrJQbiq8m0auodkArmJSsYzElXkKdv37FHu0t-CGoXptdLyuo9eCnzzmci3ev18zMR5HjYMCQEclELV6OEICNr_0EwhAGJa1yX6ODYrLMZ3SdEd6fj-ZGX7j9owTs6iEsqCB_TORfnGGg6lEINE5GlYsyp7JUxolS6H4lPeN5h2mxk2_OkJY8GX3ydv75LsIZ-jjL3xC5XncCESrefgDabib1fudJ4038D0EzqTcOREPAqmjWhnDhTulQ", + "token": "bc0ecce8-9df4-43d6-a5a0-0225366bc83a" + } + }, + "permissions": [] + } +} +``` + + + +## What To Do +Use the new JWT format to: + +verify the signature of the JWT to match the iss URL's TSL presented certificates +construct the enrollment url from the JWTs properties in the following format: + +``` + + "/enroll?token=" + +``` + +# Multiple Invalid Value Error Handling +Errors where there is the potential to report about multiple invalid field values for a given field used to report as a separate error for each value. Now there will be one error, but the values field will hold the invalid values. + +## Old Format +``` +{ + "error": { + "args": { + "urlVars": { + "id": "097018b6-108e-42b3-869b-deb9e1814594" + } + }, + "cause": { + "errors": [ + { + "message": "entity not found for id [06ecf930-3a9f-4a6c-98b5-8f0be1bde9e2]", + "field": "ids[0]", + "value": "06ecf930-3a9f-4a6c-98b5-8f0be1bde9e2" + } + ] + }, + "causeMessage": "There were multiple field errors: the value '06ecf930-3a9f-4a6c-9...' for 'ids[0]' is invalid: entity not found for id [06ecf930-3a9f-4a6c-98b5-8f0be1bde9e2]", + "code": "INVALID_FIELD", + "message": "The field contains an invalid value", + "requestId": "48ea4bce-f233-410e-a062-5dbceee20223" + }, + "meta": { + "apiEnrolmentVersion": "0.0.1", + "apiVersion": "0.0.1" + } +} +``` + +## New Format +``` +{ + "error": { + "args": { + "urlVars": { + "id": "5b15c442-5590-4c58-8bc7-0da788e0cfcf" + } + }, + "cause": { + "message": "clusters(s) not found", + "field": "clusters", + "value": [ + "68f8739f-cf52-4d51-9553-dfe7cf9c6a03" + ] + }, + "causeMessage": "the value '[68f8739f-cf52-4d51-9553-dfe7cf9c6a03]' for 'clusters' is invalid: clusters(s) not found", + "code": "INVALID_FIELD", + "message": "The field contains an invalid value", + "requestId": "ab6553e8-e9b1-408c-9fed-11cc627cfd84" + }, + "meta": { + "apiEnrolmentVersion": "0.0.1", + "apiVersion": "0.0.1" + } +} +``` + + \ No newline at end of file diff --git a/doc/release-notes-0.7.md b/doc/release-notes-0.7.md new file mode 100644 index 000000000..e1982cc2f --- /dev/null +++ b/doc/release-notes-0.7.md @@ -0,0 +1,99 @@ + + +This page discusses the changes that you need to be aware of when migrating your Ziti deployment from version 0.6.x to version 0.7.x + +# Theme + * Ziti 0.7.0 replaces clusters with role attribute based policies + * Ziti 0.7.0 takes steps towards consistent terminology for sessions + +# Edge Router Policy +In 0.6.0 access to edge routers was controlled by clusters and services. + + * Every edge router was assigned to a cluster + * Services belonged to 1 or more clusters + * Dial/bind request would results would include a list of edge routers which were + * in clusters linked to the dialed/bound service and + * were online when the request was made + +Release 0.7.0 replaces this model with something new. It has the following goals: + + * Allow grouping edge routers and other entities dynamically using role attributes rather than hard-coded lists + * Allow restricting access to edge router by identity in addition to by service + +It includes the following new concepts: + + * Role attributes + * Role attributes are just a set of strings associated to a model entity + * The semantics of the role attributes are determined by the system administrator + * Ex: an edge router might have the role attributes `["us-east", "new-york", "omnicorp"]` + * These tags might indicate that this edge router is located on the east coast of the USA, specifically in New York and should be dedicated to use by a customer named OmniCorp + * Currently role attributes are supported on edge routers and identities + * Roles + * Roles specify a set of entities + * Roles may include role attributes as well as entity ids + * A role will match all entities which either: + * Have **_all_** role attributes in the role OR + * Have an ID which is listed explicitly + * Role attributes are prefixed with `@`. Role elements not prefixed with `@` are assumed to be ids + * There is a special role attribute `@all` which will match all entities + * A role may have only role attributes or only ids or may have both + +## Role Example + * Edge router with id 1 has role attributes `["us-east", "New York City"]` + * Edge router with id 2 has role attributes `["us-east", "Albany"]` + * Edge router with id 3 has role attributes `["us-west", "Los Angeles"]` + * An edge router role of `["@us-east", "@New York City", "3"]` would evaluate as follows + * Edge router 1 would match because it has all listed role attributes + * Edge router 2 would not match, because it doesn't have all listed role attributes + * Edge router 3 would match because its ID is listed explicitly + +## Model Changes +### Role Attributes +Edge routers and identities now have roleAttributes fields. Edge routers no longer have an associated cluster. + +### Edge Router Policies +0.7.0 introduces a new model construct, the Edge Router Policy. This entity allows restricting which edge routers identities are allowed to use. An edge router policy has three attributes: + + * Name + * Identity Roles + * Edge Router Roles + +An identity can be a member of multiple policies and will have access to the union of all edge routers linked to from those policies. + +There is a new `/edge-router-policies` endpoint which can be used for creating/updating/deleting/querying edge router policies. Edge router policies PUT/POST/PATCH all take the following properties: + + * name + * edgeRouterRoles + * identityRoles + * tags + +### Service Edge Router Roles +Services now have a new edgeRouterRoles field. If set, this specifies which edge routers may be used for a service. This replaces the old cluster functionality. + +### Edge Router Access +When a service is dialed or bound, which edge routers will be returned? + + * If the service edgeRouterRoles are NOT set, then it will be the set of edge routers to which the dialing/binding identity has access + * If the service edgeRouterRoles ARE set, then it will be the intersection of the edge routers to which the service has access and the set of edge routers to which the identity has access + +### Cluster Removal and Migration +The `/clusters` endpoint has been removed. The bbolt schema version has been bumped to 2. If starting a fresh controller no action will be taken. However, if coming from an existing 0.6 or earlier bbolt database, the following will be done: + + 1. An edge router policy will be created with `@all` for both identityRoles and edgeRouterRoles, allowing access to all edge routers from all identities. This will allow the current identities to continue using the system. Otherwise, no identities would be able to connect to any edge routers. + 2. Each edge router will get a role attribute of `cluster-` for the cluster it belonged to + 3. If a service belongs to 1 or more clusters it will get a role attribute corresponding to the first cluster. Any edge routers assigned to additional clusters will be added to edge router roles field by ID. + 1. Noe: If we were to add additional role clusters for the other clusts we'd get the intersection, not the union and would end up with access to 0 edge routers + +# Session changes +Terminology related to sessions is being made consistent between the edge and fabric. + +There are two types of sessions: + + 1. Sessions between edge clients the edge controller, which allowed clients to manage controller state as well as dial and bind services + 1. These were referred to as sessions in the edge and have no fabric equivalent + 1. Sessions which establish routing and allow data flow to/from/within the edge and fabric + 1. These were referred to as network sessions in the edge and sessions in the fabric + +Going forward, what was called a session in the edge will now be referred to as an API session. What was called a network session will be now just be called session in both the edge and fabric. + +As a first step, in 0.7.0 API sessions will be available at both the `/sessions` and `/api-sessions` endpoints. Use of the `/sessions` endpoint is deprecated. In later releases the `/sessions` endpoint will be used for sessions instead of API sessions. diff --git a/doc/release-notes-0.8.md b/doc/release-notes-0.8.md new file mode 100644 index 000000000..692eb32e9 --- /dev/null +++ b/doc/release-notes-0.8.md @@ -0,0 +1,173 @@ + + +This page discusses the changes that you need to be aware of when migrating your Ziti deployment from version 0.7.x to version 0.8.x + +# Theme + * Ziti 0.8.0 replaces appwans with role attribute based service policies + * Ziti 0.8.0 consolidates dial and bind permissions into service policies + +# Service Policy +In 0.7.0 and prior access to services was controlled by appwans. + + * Appwans had lists of identities and services + * Identities and services could be associated with 0-n appwans + * Services had explicit lists of identities that could bind the service + * In order to dial a service, the identity had to be an admin or be in at least one appwan with that service + * In order to bind a serivice, the identity had to be able to dial the service and be in the list of identities allowed to bind the service + +Release 0.8.0 replaces this model with something new. It has the following goals: + + * Allow grouping identities and services dynamically using role attributes rather than hard-coded lists + * Consolidate dial and bind permissions into the same model + +The following concepts were introduced in 0.7 for edge router policies. They are now used for service policies as well. + + * Role attributes + * Role attributes are just a set of strings associated to a model entity + * The semantics of the role attributes are determined by the system administrator + * Ex: an edge router might have the role attributes `["us-east", "new-york", "omnicorp"]` + * These tags might indicate that this edge router is located on the east coast of the USA, specifically in New York and should be dedicated to use by a customer named OmniCorp + * Currently role attributes are supported on edge routers and identities + * Roles + * Roles specify a set of entities + * Roles may include role attributes as well as entity ids + * A role will match all entities which either: + * Have **_all_** role attributes in the role OR + * Have an ID which is listed explicitly + * Role attributes are prefixed with `@`. Role elements not prefixed with `@` are assumed to be ids + * There is a special role attribute `@all` which will match all entities + * A role may have only role attributes or only ids or may have both + +## Role Example + * Service with id 1 has role attributes `["sales", "New York City"]` + * Service with id 2 has role attributes `["sales", "Albany"]` + * Service with id 3 has role attributes `["support", "Los Angeles"]` + * A service role of `["@sales", "@New York City", "3"]` would evaluate as follows + * Service 1 would match because it has all listed role attributes + * Service 2 would not match, because it doesn't have all listed role attributes + * Service 3 would match because its ID is listed explicitly + +## Model Changes +### Session Names + 1. api sessions had two endpoints in 0.7, `/api-sessions` and `/sessions` which was deprecated. `/sessions` is now no longer valid for api sessions + 2. sessions used the `/network-sessions` endpoint. In this release, `/network-sessions` has been deprecated and `/sessions` should be used instead. + 3. `/current-session` is now `/current-api-session` + +### Session Format + 1. When creating a session, the returned JSON has the same base format as when listing sessions, so it now includes the service and api-session information. The only difference is that the session token is also returned from session create, but not when listing sessions. + 1. The gateways attribute of session has been renamed to edgeRouters. + +### Role Attributes +Services now have a roleAttributes field. Identities already had a roleAttributes field, for used with edge router policies. + +### Service Policies +0.8.0 introduces a new model construct, the Service Policy. This entity allows restricting which services identities are allowed to dial or bind. A service policy has four attributes: + + * Name + * Policy Type ("Bind" or "Dial") + * Identity Roles + * Service Roles + +An identity can be a member of multiple policies and will have access to the union of all services linked to from those policies. + +There is a new `/service-policies` endpoint which can be used for creating/updating/deleting/querying service policies. Service policies PUT/POST/PATCH all take the following properties: + + * name + * type + * valid values are "Bind" and "Dial" + * identityRoles + * serviceRoles + * tags + +There are also new association endpoints allowing the listing of services and identities associated with service policies and vice-versa. + + * /service-policies//services + * /service-policies//identities + * /identities//service-policies + * /services//service-policies + +### Service Access + * An admin may dial or bind any service + * A non-admin identity may dial any service it has access to via service policies of type "Dial" + * A non-admin identity may bind any service it has access to via service policies of type "Bind" + +When listing services, the controller used to provide a hostable flag with each service to indicate if the service could be bound in addition to being dialed. Now, the service will have a permissions block which will indicate if the service may be dialed, bound or both. + +Ex: +```json + { + "meta": {}, + "data": { + "id": "1012d4d7-3ab3-4722-8fa3-ae9f4da3c8ba", + "createdAt": "2020-01-04T02:34:00.788444359Z", + "updatedAt": "2020-01-04T02:34:00.788444359Z", + "_links": { + "edge-routers": { + "href": "./services/1012d4d7-3ab3-4722-8fa3-ae9f4da3c8ba/edge-routers" + }, + "self": { + "href": "./services/1012d4d7-3ab3-4722-8fa3-ae9f4da3c8ba" + }, + "service-policies": { + "href": "./services/1012d4d7-3ab3-4722-8fa3-ae9f4da3c8ba/identities" + } + }, + "tags": {}, + "name": "cac9593c-0494-4800-9f70-c258ff28a702", + "dns": { + "hostname": "0bf71754-ed5b-4b2d-9adf-a542f1284275", + "port": 0 + }, + "endpointAddress": "4662d564-3fc3-4f10-b8cd-ee0e3629ad24", + "egressRouter": "aedab92f-2ddf-445a-9194-73d428322a34", + "edgeRouterRoles": null, + "roleAttributes": [ + "2c68789a-fe71-4d25-a483-43e54ee4fd98" + ], + "permissions": [ + "Bind" + ] + } + } +``` + +### Appwan Removal and Migration +The `/app-wans` endpoint has been removed. The bbolt schema version has been bumped to 3. If starting a fresh controller no action will be taken. However, if coming from an existing 0.7 or earlier bbolt database, the following will be done: + + 1. For each existing appwan, a service policy with type "Dial" will be created + 1. The new service policy will have the same name as the appwan it replaces + 1. The new service policy will have the same identities and services as the appwan it replaces + 1. Identities and services will be specified explicitly by ID rather as opposed to by creating new role attributes + +NOTE: Service hosting identities will not be migrated into equivalent Bind service policies, as binds are not yet used in any production scenarios. + +# Go SDK changes +Several types have been renamed to conform to standard nomenclature + + * Session is now ApiSession + * NetworkSession is now Session + * The SessionId field is now ApiSessionId + * The Gateways field is now EdgeRouters + * Gateway is now EdgeRouter + * On the Service type the Hostable flag has been removed and replaced with a Permissions string array + * It may be nil, empty or contain either or both of "Dial" and "Bind" + * On the Context type + * GetNetworkSession is now GetSession + * GetNetworkHostSession is now GetBindSession + +# ziti command line changes + 1. The `ziti edge controller create/delete gateway` commands have been removed. Use `ziti edge controller create/delete edge-router` instead. + 2. There are new `ziti edge controller create/delete service-policy` commands + +# Ziti Proxy changes +ziti-proxy has been incorporated into the ziti-tunnel command. Where previously one would have run + +``` +ZITI_SDK_CONFIG=./config.json ziti-proxy run +``` + +now one should use + +``` +ziti-tunnel proxy -i ./config.json +``` From 574a081ddc06b7c17793003f3136931e2fa160ca Mon Sep 17 00:00:00 2001 From: Paul Lorenz Date: Thu, 9 Jan 2020 15:19:44 -0500 Subject: [PATCH 2/4] Fix list service-policies. Update quickstart files --- quickstart/local/add-example-services.sh | 39 ----------------------- quickstart/local/prep-ziti.sh | 2 +- quickstart/local/test-ziti.sh | 2 +- ziti/cmd/ziti/cmd/edge_controller/list.go | 2 +- 4 files changed, 3 insertions(+), 42 deletions(-) delete mode 100755 quickstart/local/add-example-services.sh diff --git a/quickstart/local/add-example-services.sh b/quickstart/local/add-example-services.sh deleted file mode 100755 index 286ad57df..000000000 --- a/quickstart/local/add-example-services.sh +++ /dev/null @@ -1,39 +0,0 @@ -ziti edge controller login -u "admin" -p "admin" "${edge_controller_uri}" -c ${ZITI_HOME}/pki/local-root-ca/certs/local-root-ca.cert -svc="wttr.in" -app_wan="appwan-${svc}" - -ziti edge controller delete app-wan "${app_wan}" -ziti edge controller delete service "${svc}" -ziti edge controller delete identity "mydevice" - -ziti edge controller create identity device mydevice - -svc="www.wttr.in" -svc_name="svc_${svc}" -svc_port=80 -cluster=$(ziti edge controller list clusters | awk '{$1=$1};1' | cut -d " " -f4) -egress_router=local-fabric-router-red - -ziti edge controller login -u "admin" -p "admin" "https://localhost:1280" -c ${ZITI_HOME}/pki/local-root-ca/certs/local-root-ca.cert -ziti edge controller create service "${svc_name}" "${svc}" "${svc_port}" "${egress_router}" "tcp://${svc}:${svc_port}" -c "${cluster}" -ziti edge controller create app-wan "clint-appwan" -s "${svc_name}" - -svc="eth0.me" -svc_name="svc_${svc}" -svc_port=80 -egress_router=local-fabric-router-blue -ziti edge controller create service "${svc_name}" "${svc}" "${svc_port}" "${egress_router}" "tcp://${svc}:${svc_port}" -c "${cluster}" - - -svc="www.wttr.in" -svc_name="svctls_${svc}" -svc_port=443 -egress_router=local-fabric-router-red -ziti edge controller create service "${svc_name}" "${svc}" "${svc_port}" "${egress_router}" "tcp://${svc}:${svc_port}" -c "${cluster}" - -svc="ssh" -svc_name="svctls_${svc}" -svc_port="22" -egress_router=local-fabric-router-blue -ziti edge controller create service "${svc_name}" "192.168.100.100" "${svc_port}" "${egress_router}" "tcp://localhost:${svc_port}" -c "${cluster}" - diff --git a/quickstart/local/prep-ziti.sh b/quickstart/local/prep-ziti.sh index 4793b3b9d..589d349c0 100644 --- a/quickstart/local/prep-ziti.sh +++ b/quickstart/local/prep-ziti.sh @@ -13,7 +13,7 @@ sleep 2 ziti edge controller login "${ZITI_EDGE_API_HOSTNAME}" -u "${ZITI_USER}" -p "${ZITI_PWD}" -c "${ZITI_PKI}/${ZITI_EDGE_ROOTCA_NAME}/certs/${ZITI_EDGE_INTERMEDIATE_NAME}.cert" -ziti edge controller create cluster "${ZITI_CLUSTER_NAME}" +ziti edge controller create edge-router-policy all --edge-router-roles @all --identity-roles @all ziti-fabric create router "${ZITI_PKI}/${ZITI_CONTROLLER_INTERMEDIATE_NAME}/certs/${ZITI_ROUTER_BR_HOSTNAME}-client.cert" ziti-fabric create router "${ZITI_PKI}/${ZITI_CONTROLLER_INTERMEDIATE_NAME}/certs/${ZITI_ROUTER_BLUE_HOSTNAME}-client.cert" diff --git a/quickstart/local/test-ziti.sh b/quickstart/local/test-ziti.sh index 3e55eb405..6adf4de9e 100644 --- a/quickstart/local/test-ziti.sh +++ b/quickstart/local/test-ziti.sh @@ -2,7 +2,7 @@ ziti edge controller create service netcat7256 localhost 7256 "${ZITI_ROUTER_BR_ ziti edge controller create identity device "test_identity" -o "${ZITI_HOME}/test_identity".jwt -ziti edge controller create app-wan appwan01 -s netcat7256 -i "test_identity" +ziti edge controller create service-policy dial-all Dial --service-roles @all --identity-roles @all ziti-enroller --jwt "${ZITI_HOME}/test_identity".jwt -o "${ZITI_HOME}/test_identity".json diff --git a/ziti/cmd/ziti/cmd/edge_controller/list.go b/ziti/cmd/ziti/cmd/edge_controller/list.go index 9eeec623f..36decfc3c 100644 --- a/ziti/cmd/ziti/cmd/edge_controller/list.go +++ b/ziti/cmd/ziti/cmd/edge_controller/list.go @@ -271,7 +271,7 @@ func outputServices(o *commonOptions, children []*gabs.Container) error { } func runListServicePolices(o *commonOptions) error { - children, err := listEntitiesOfTypeWithOptionalFilter("service-polices", o) + children, err := listEntitiesOfTypeWithOptionalFilter("service-policies", o) if err != nil { return err } From fbdfa28a567ae31aea075e1def52a2b859c47a5e Mon Sep 17 00:00:00 2001 From: Paul Lorenz Date: Thu, 9 Jan 2020 15:27:19 -0500 Subject: [PATCH 3/4] Pull in latest ziti-edge --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index e4d7ed9a8..8da87e249 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 github.com/keybase/go-ps v0.0.0-20190827175125-91aafc93ba19 github.com/michaelquigley/pfxlog v0.0.0-20190813191113-2be43bd0dccc - github.com/netfoundry/ziti-edge v0.0.0-20200108200858-55eaa157b9ea + github.com/netfoundry/ziti-edge v0.0.0-20200109190215-a0024ae956ef github.com/netfoundry/ziti-fabric v0.0.0-20200108200335-8a3b0b19d2e6 github.com/netfoundry/ziti-foundation v0.0.0-20200108154541-e614e4e75acd github.com/netfoundry/ziti-sdk-golang v0.0.0-20200108160734-8bc089148c01 diff --git a/go.sum b/go.sum index 4dd26ccb3..6f1fad1de 100644 --- a/go.sum +++ b/go.sum @@ -218,8 +218,8 @@ github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrk github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/netfoundry/ziti-edge v0.0.0-20200108200858-55eaa157b9ea h1:wHY5XU7IIcZ6QI03HdTi9dT82+UC49XRhs7Kzv5vQOg= -github.com/netfoundry/ziti-edge v0.0.0-20200108200858-55eaa157b9ea/go.mod h1:Z56jhag4epkWmt1SarB78ZIZaZWAZomZMxeSac26KnU= +github.com/netfoundry/ziti-edge v0.0.0-20200109190215-a0024ae956ef h1:u1AAguvXj1cnsSq3qexSijcC+hfV/ShkYncONKct6wk= +github.com/netfoundry/ziti-edge v0.0.0-20200109190215-a0024ae956ef/go.mod h1:Z56jhag4epkWmt1SarB78ZIZaZWAZomZMxeSac26KnU= github.com/netfoundry/ziti-fabric v0.0.0-20200108200335-8a3b0b19d2e6 h1:zR95MZtLIbuUqr/5LNj1unXuw0gz5WBTlWTv9pJ7+Ow= github.com/netfoundry/ziti-fabric v0.0.0-20200108200335-8a3b0b19d2e6/go.mod h1:pj5sWlqvzI6uY8x/qsJB9tgqjXqDfZa2HomPxKMurVc= github.com/netfoundry/ziti-foundation v0.0.0-20200107143132-d54269e96d45 h1:ZZxJIqJS/jto/TC8XB8Oo3CqFqERDYAH6wDU+Zg9Vlw= From 61c884951fdc0ffed8e391cd047f71f076a6c188 Mon Sep 17 00:00:00 2001 From: Paul Lorenz Date: Thu, 9 Jan 2020 16:20:02 -0500 Subject: [PATCH 4/4] Update to latest ziti-edge --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 8da87e249..be5367b97 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 github.com/keybase/go-ps v0.0.0-20190827175125-91aafc93ba19 github.com/michaelquigley/pfxlog v0.0.0-20190813191113-2be43bd0dccc - github.com/netfoundry/ziti-edge v0.0.0-20200109190215-a0024ae956ef + github.com/netfoundry/ziti-edge v0.0.0-20200109210731-a1e09cc7638e github.com/netfoundry/ziti-fabric v0.0.0-20200108200335-8a3b0b19d2e6 github.com/netfoundry/ziti-foundation v0.0.0-20200108154541-e614e4e75acd github.com/netfoundry/ziti-sdk-golang v0.0.0-20200108160734-8bc089148c01 diff --git a/go.sum b/go.sum index 6f1fad1de..1ae7d2608 100644 --- a/go.sum +++ b/go.sum @@ -220,6 +220,8 @@ github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/netfoundry/ziti-edge v0.0.0-20200109190215-a0024ae956ef h1:u1AAguvXj1cnsSq3qexSijcC+hfV/ShkYncONKct6wk= github.com/netfoundry/ziti-edge v0.0.0-20200109190215-a0024ae956ef/go.mod h1:Z56jhag4epkWmt1SarB78ZIZaZWAZomZMxeSac26KnU= +github.com/netfoundry/ziti-edge v0.0.0-20200109210731-a1e09cc7638e h1:tl2stADLCR6+51rnyJHGztMZA4vfPHk+03PMd99lYlY= +github.com/netfoundry/ziti-edge v0.0.0-20200109210731-a1e09cc7638e/go.mod h1:Z56jhag4epkWmt1SarB78ZIZaZWAZomZMxeSac26KnU= github.com/netfoundry/ziti-fabric v0.0.0-20200108200335-8a3b0b19d2e6 h1:zR95MZtLIbuUqr/5LNj1unXuw0gz5WBTlWTv9pJ7+Ow= github.com/netfoundry/ziti-fabric v0.0.0-20200108200335-8a3b0b19d2e6/go.mod h1:pj5sWlqvzI6uY8x/qsJB9tgqjXqDfZa2HomPxKMurVc= github.com/netfoundry/ziti-foundation v0.0.0-20200107143132-d54269e96d45 h1:ZZxJIqJS/jto/TC8XB8Oo3CqFqERDYAH6wDU+Zg9Vlw=