You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you have many TCP routes configured, it can become a quite tedious task to transfer all the routes to the Pomerium Desktop app. It would be really helpful, if the pomerium core binary could create the json-Config for the desktop app, by parsing the config.yaml, extracting all tcp routes and make an importable config for Pomerium Desktop.
Since not all field you would like to fill in in Pomerium Desktop are also config options for pomerium core, you would have to enrich the core config with fields like name, tag or local_addr_port, which then gets used to generate the desktop config. This tends to be no problem since pomerium core ignores all "unknown" configuration fields it does not know.
It's really straightforward to write such a tool for yourself since you can read yaml into object representations of nearly any language you like and then read what you want and emit a json at last. But it would come in very handy, if pomerium core could generate that config itself. Thought ahead, you might also include the option in the Desktop App to give pomeriums hostname to the app and let the app fetch the config itself directly from pomerium core.
Here a little - and by far not complete or comprehensive - python script I wrote for my personal use case.
import yaml
import json
import uuid
# Construct Pomerium Desktop Config
pomerium_desktop_config = {
"@type": "type.googleapis.com/pomerium.cli.Records",
"records": [
]
}
# load pomerium config file
with open('config.yaml', 'r') as stream:
pomeriumConfig = yaml.safe_load(stream)
# loop through all tcp routes
for route in pomeriumConfig['routes']:
if route['from'].startswith('tcp+'):
# Read route details here
confItem = {
'id': uuid.uuid4().__str__(),
'conn': {
# name is no officially supported yaml directive in pomeriums config.yaml.
# but since pomerium ignores unknown directives it can be used as a hint for
# the generated desktop config
'name': route['name'],
'remoteAddr': route['from'],
# same applies to the local listen address.
'listenAddr': route['local_listen_addr'],
'disableTlsVerification': False,
# must be extended to also support ascii encoded certs
"clientCertFromStore": {
"subjectFilter": "CN=commonName"
}
}
}
pomerium_desktop_config['records'].append(confItem)
# Generating config file for pomerium desktop
json_object = json.dumps(pomerium_desktop_config, indent=2)
with open("config.json", "w") as outfile:
outfile.write(json_object)
The text was updated successfully, but these errors were encountered:
Thank you for the issue @aponert . We have something very similar in mind on our roadmap which we are planning. Will share details and link back as soon as we are able. Thanks again for sharing.
If you have many TCP routes configured, it can become a quite tedious task to transfer all the routes to the Pomerium Desktop app. It would be really helpful, if the pomerium core binary could create the json-Config for the desktop app, by parsing the config.yaml, extracting all tcp routes and make an importable config for Pomerium Desktop.
Since not all field you would like to fill in in Pomerium Desktop are also config options for pomerium core, you would have to enrich the core config with fields like name, tag or local_addr_port, which then gets used to generate the desktop config. This tends to be no problem since pomerium core ignores all "unknown" configuration fields it does not know.
It's really straightforward to write such a tool for yourself since you can read yaml into object representations of nearly any language you like and then read what you want and emit a json at last. But it would come in very handy, if pomerium core could generate that config itself. Thought ahead, you might also include the option in the Desktop App to give pomeriums hostname to the app and let the app fetch the config itself directly from pomerium core.
Here a little - and by far not complete or comprehensive - python script I wrote for my personal use case.
The text was updated successfully, but these errors were encountered: