Merge pull request #664 from openziti/proxy-support

Add API for controlling proxy use when connecting to controller. Fixes #663

CHANGELOG.md

@@ -1,3 +1,17 @@
+# Release notes 0.24.0
+
+## Issues Fixed and Dependency Updates
+
+* github.com/openziti/sdk-golang: [v0.23.45 -> v0.24.0](https://github.com/openziti/sdk-golang/compare/v0.23.45...v0.24.0)
+    * [Issue #663](https://github.com/openziti/sdk-golang/issues/663) - Add API to allow controlling proxying connections to controllers and routers.
+
+* github.com/go-resty/resty/v2: v2.15.3 -> v2.16.4
+* github.com/openziti/channel/v3: [v3.0.26 -> v3.0.27](https://github.com/openziti/channel/compare/v3.0.26...v3.0.27)
+* github.com/openziti/edge-api: [v0.26.36 -> v0.26.38](https://github.com/openziti/edge-api/compare/v0.26.36...v0.26.38)
+* github.com/openziti/transport/v2: [v2.0.159 -> v2.0.160](https://github.com/openziti/transport/compare/v2.0.159...v2.0.160)
+* golang.org/x/oauth2: v0.23.0 -> v0.25.0
+* google.golang.org/protobuf: v1.36.2 -> v1.36.3
+
 # Release notes 0.23.45
 
 ## Issues Fixed and Dependency Updates

edge-apis/clients.go

@@ -123,10 +123,12 @@ func (self *BaseClient[A]) Authenticate(credentials Credentials, configTypesOver
 }
 
 // initializeComponents assembles the lower level components necessary for the go-swagger/openapi facilities.
-func (self *BaseClient[A]) initializeComponents(apiUrls []*url.URL, caPool *x509.CertPool) {
-	components := NewComponents()
-	components.HttpTransport.TLSClientConfig.RootCAs = caPool
-	components.CaPool = caPool
+func (self *BaseClient[A]) initializeComponents(config *ApiClientConfig) {
+	components := NewComponentsWithConfig(&ComponentsConfig{
+		Proxy: config.Proxy,
+	})
+	components.HttpTransport.TLSClientConfig.RootCAs = config.CaPool
+	components.CaPool = config.CaPool
 
 	self.Components = *components
 }
@@ -205,6 +207,13 @@ type ManagementApiClient struct {
 	BaseClient[ZitiEdgeManagement]
 }
 
+type ApiClientConfig struct {
+	ApiUrls      []*url.URL
+	CaPool       *x509.CertPool
+	TotpCallback func(chan string)
+	Proxy        func(r *http.Request) (*url.URL, error)
+}
+
 // NewManagementApiClient will assemble an ManagementApiClient. The apiUrl should be the full URL
 // to the Edge Management API (e.g. `https://example.com/edge/management/v1`).
 //
@@ -217,16 +226,25 @@ type ManagementApiClient struct {
 // to obtain and verify the target controllers CAs. Tools should allow users to verify and accept new controllers
 // that have not been verified from an outside secret (such as an enrollment token).
 func NewManagementApiClient(apiUrls []*url.URL, caPool *x509.CertPool, totpCallback func(chan string)) *ManagementApiClient {
+	return NewManagementApiClientWithConfig(&ApiClientConfig{
+		ApiUrls:      apiUrls,
+		CaPool:       caPool,
+		TotpCallback: totpCallback,
+		Proxy:        http.ProxyFromEnvironment,
+	})
+}
+
+func NewManagementApiClientWithConfig(config *ApiClientConfig) *ManagementApiClient {
 	ret := &ManagementApiClient{}
 	ret.Schemes = rest_management_api_client.DefaultSchemes
 	ret.ApiBinding = "edge-management"
 	ret.ApiVersion = "v1"
-	ret.ApiUrls = apiUrls
-	ret.initializeComponents(apiUrls, caPool)
+	ret.ApiUrls = config.ApiUrls
+	ret.initializeComponents(config)
 
 	transportPool := NewClientTransportPoolRandom()
 
-	for _, apiUrl := range apiUrls {
+	for _, apiUrl := range config.ApiUrls {
 		newRuntime := NewRuntime(apiUrl, ret.Schemes, ret.Components.HttpClient)
 		newRuntime.DefaultAuthentication = ret
 		transportPool.Add(apiUrl, newRuntime)
@@ -235,7 +253,7 @@ func NewManagementApiClient(apiUrls []*url.URL, caPool *x509.CertPool, totpCallb
 	newApi := rest_management_api_client.New(transportPool, nil)
 	api := ZitiEdgeManagement{
 		ZitiEdgeManagement:  newApi,
-		TotpCallback:        totpCallback,
+		TotpCallback:        config.TotpCallback,
 		ClientTransportPool: transportPool,
 	}
 
@@ -261,17 +279,26 @@ type ClientApiClient struct {
 // to obtain and verify the target controllers CAs. Tools should allow users to verify and accept new controllers
 // that have not been verified from an outside secret (such as an enrollment token).
 func NewClientApiClient(apiUrls []*url.URL, caPool *x509.CertPool, totpCallback func(chan string)) *ClientApiClient {
+	return NewClientApiClientWithConfig(&ApiClientConfig{
+		ApiUrls:      apiUrls,
+		CaPool:       caPool,
+		TotpCallback: totpCallback,
+		Proxy:        http.ProxyFromEnvironment,
+	})
+}
+
+func NewClientApiClientWithConfig(config *ApiClientConfig) *ClientApiClient {
 	ret := &ClientApiClient{}
 	ret.ApiBinding = "edge-client"
 	ret.ApiVersion = "v1"
 	ret.Schemes = rest_client_api_client.DefaultSchemes
-	ret.ApiUrls = apiUrls
+	ret.ApiUrls = config.ApiUrls
 
-	ret.initializeComponents(apiUrls, caPool)
+	ret.initializeComponents(config)
 
 	transportPool := NewClientTransportPoolRandom()
 
-	for _, apiUrl := range apiUrls {
+	for _, apiUrl := range config.ApiUrls {
 		newRuntime := NewRuntime(apiUrl, ret.Schemes, ret.Components.HttpClient)
 		newRuntime.DefaultAuthentication = ret
 		transportPool.Add(apiUrl, newRuntime)
@@ -280,7 +307,7 @@ func NewClientApiClient(apiUrls []*url.URL, caPool *x509.CertPool, totpCallback
 	newApi := rest_client_api_client.New(transportPool, nil)
 	api := ZitiEdgeClient{
 		ZitiEdgeClient:      newApi,
-		TotpCallback:        totpCallback,
+		TotpCallback:        config.TotpCallback,
 		ClientTransportPool: transportPool,
 	}
 	ret.API = &api

edge-apis/component.go

@@ -5,6 +5,7 @@ import (
 	"github.com/openziti/edge-api/rest_util"
 	"net/http"
 	"net/http/cookiejar"
+	"net/url"
 	"time"
 )
 
@@ -17,12 +18,22 @@ type Components struct {
 	CaPool        *x509.CertPool
 }
 
+type ComponentsConfig struct {
+	Proxy func(*http.Request) (*url.URL, error)
+}
+
 // NewComponents assembles a new set of components with reasonable production defaults.
 func NewComponents() *Components {
+	return NewComponentsWithConfig(&ComponentsConfig{
+		Proxy: http.ProxyFromEnvironment,
+	})
+}
+
+// NewComponentsWithConfig assembles a new set of components with reasonable production defaults.
+func NewComponentsWithConfig(cfg *ComponentsConfig) *Components {
 	tlsClientConfig, _ := rest_util.NewTlsConfig()
 
 	httpTransport := &http.Transport{
-		Proxy:                 http.ProxyFromEnvironment,
 		TLSClientConfig:       tlsClientConfig,
 		ForceAttemptHTTP2:     true,
 		MaxIdleConns:          10,
@@ -31,6 +42,10 @@ func NewComponents() *Components {
 		ExpectContinueTimeout: 1 * time.Second,
 	}
 
+	if cfg != nil && cfg.Proxy != nil {
+		httpTransport.Proxy = cfg.Proxy
+	}
+
 	jar, _ := cookiejar.New(nil)
 
 	httpClient := &http.Client{

example/go.mod

@@ -14,6 +14,7 @@ require (
 	github.com/openziti/foundation/v2 v2.0.56
 	github.com/openziti/runzmd v1.0.33
 	github.com/openziti/sdk-golang v0.0.0
+	github.com/openziti/transport/v2 v2.0.160
 	github.com/pkg/errors v0.9.1
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.8.1
@@ -52,7 +53,7 @@ require (
 	github.com/go-openapi/strfmt v0.23.0 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/go-openapi/validate v0.24.0 // indirect
-	github.com/go-resty/resty/v2 v2.15.3 // indirect
+	github.com/go-resty/resty/v2 v2.16.5 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/gomarkdown/markdown v0.0.0-20230922112808-5421fefb8386 // indirect
@@ -78,12 +79,11 @@ require (
 	github.com/muhlemmer/gu v0.3.1 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
-	github.com/openziti/channel/v3 v3.0.26 // indirect
-	github.com/openziti/edge-api v0.26.36 // indirect
+	github.com/openziti/channel/v3 v3.0.27 // indirect
+	github.com/openziti/edge-api v0.26.38 // indirect
 	github.com/openziti/identity v1.0.94 // indirect
 	github.com/openziti/metrics v1.2.65 // indirect
 	github.com/openziti/secretstream v0.1.28 // indirect
-	github.com/openziti/transport/v2 v2.0.159 // indirect
 	github.com/orcaman/concurrent-map/v2 v2.0.1 // indirect
 	github.com/parallaxsecond/parsec-client-go v0.0.0-20221025095442-f0a77d263cf9 // indirect
 	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
@@ -118,12 +118,12 @@ require (
 	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
 	golang.org/x/image v0.18.0 // indirect
 	golang.org/x/net v0.34.0 // indirect
-	golang.org/x/oauth2 v0.23.0 // indirect
+	golang.org/x/oauth2 v0.25.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect
 	golang.org/x/sys v0.29.0 // indirect
 	golang.org/x/term v0.28.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 // indirect
-	google.golang.org/protobuf v1.36.2 // indirect
+	google.golang.org/protobuf v1.36.3 // indirect
 	gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect

example/go.sum

@@ -145,8 +145,8 @@ github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+Gr
 github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
 github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58=
 github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ=
-github.com/go-resty/resty/v2 v2.15.3 h1:bqff+hcqAflpiF591hhJzNdkRsFhlB96CYfBwSFvql8=
-github.com/go-resty/resty/v2 v2.15.3/go.mod h1:0fHAoK7JoBy/Ch36N8VFeMsK7xQOHhvWaC3iOktwmIU=
+github.com/go-resty/resty/v2 v2.16.5 h1:hBKqmWrr7uRc3euHVqmh1HTHcKn99Smr7o5spptdhTM=
+github.com/go-resty/resty/v2 v2.16.5/go.mod h1:hkJtXbA2iKHzJheXYvQ8snQES5ZLGKMwQ07xAwp/fiA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
@@ -359,10 +359,10 @@ github.com/onsi/gomega v1.13.0 h1:7lLHu94wT9Ij0o6EWWclhu0aOh32VxhkwEJvzuWPeak=
 github.com/onsi/gomega v1.13.0/go.mod h1:lRk9szgn8TxENtWd0Tp4c3wjlRfMTMH27I+3Je41yGY=
 github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
 github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
-github.com/openziti/channel/v3 v3.0.26 h1:KVMOpqA8teIUcjG8u21pg8iI1YOjaY/SQyWWozWfXpA=
-github.com/openziti/channel/v3 v3.0.26/go.mod h1:o5/tWvfHgEzVBqdl8WBHFJNc7m8zHcCb3S5ymocDZEk=
-github.com/openziti/edge-api v0.26.36 h1:zy2DjmIz/B+WxPpIzhFOAxi/LhM/yeKa8s1Vz2h8cQk=
-github.com/openziti/edge-api v0.26.36/go.mod h1:sYHVpm26Jr1u7VooNJzTb2b2nGSlmCHMnbGC8XfWSng=
+github.com/openziti/channel/v3 v3.0.27 h1:Jx56fuxuvlkap+zNXIDPdfLW1mA6GjrnCxjbDqdBgco=
+github.com/openziti/channel/v3 v3.0.27/go.mod h1:vmLGw7KS1mhFDBoYal7O4dIcsm6TAVi9WqjI4TvAemQ=
+github.com/openziti/edge-api v0.26.38 h1:3xDWC5SFn3qUVR428TIBpRc2lrjVV7Gz0Rx4pQx0JSg=
+github.com/openziti/edge-api v0.26.38/go.mod h1:sYHVpm26Jr1u7VooNJzTb2b2nGSlmCHMnbGC8XfWSng=
 github.com/openziti/foundation/v2 v2.0.56 h1:YXqBmkrN0fYr3TqIlWZSZGluE2QpJxlA29Z6okZyQ5I=
 github.com/openziti/foundation/v2 v2.0.56/go.mod h1:f12R1pwEod348qONZr6esZgackX1ScLGDcEyPF2G5/w=
 github.com/openziti/identity v1.0.94 h1:nF4etu/5LmOlbT24lpSKq9p+90A9jeyLr5U23LemgD4=
@@ -373,8 +373,8 @@ github.com/openziti/runzmd v1.0.33 h1:tOyjRoUuVXIo1z1pNU32jALWkMmhzsSaDrhLtuOn3T
 github.com/openziti/runzmd v1.0.33/go.mod h1:8c/uvZR/XWXQNllTq6LuTpfKL2DTNxfI2X2wYhgRwik=
 github.com/openziti/secretstream v0.1.28 h1:D+a5TcvbY3i7HOIecoTL0Pq8HJGnJqS0XmUyO1ohObg=
 github.com/openziti/secretstream v0.1.28/go.mod h1:BESAWnpyIr9A+ditH4vk15ZVsnP8zdy6vGi8Qr1lgAg=
-github.com/openziti/transport/v2 v2.0.159 h1:Ol6vTrXWJdkfRLWYI2hjDTeH2Ji0cYC26UuPnBylALg=
-github.com/openziti/transport/v2 v2.0.159/go.mod h1:Hw4TIlDd97D5m8BrlxTZ3bqO01+hwddTDMSOOzz/4cs=
+github.com/openziti/transport/v2 v2.0.160 h1:bYBBj8gqZ8DCF6aCJThq2v89h5ILwqTVaFkyfjFmHpk=
+github.com/openziti/transport/v2 v2.0.160/go.mod h1:Hw4TIlDd97D5m8BrlxTZ3bqO01+hwddTDMSOOzz/4cs=
 github.com/orcaman/concurrent-map/v2 v2.0.1 h1:jOJ5Pg2w1oeB6PeDurIYf6k9PQ+aTITr/6lP/L/zp6c=
 github.com/orcaman/concurrent-map/v2 v2.0.1/go.mod h1:9Eq3TG2oBe5FirmYWQfYO5iH1q0Jv47PLaNK++uCdOM=
 github.com/parallaxsecond/parsec-client-go v0.0.0-20221025095442-f0a77d263cf9 h1:mOvehYivJ4Aqu2CPe3D3lv8jhqOI9/1o0THxJHBE0qw=
@@ -628,8 +628,8 @@ golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
-golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.25.0 h1:CY4y7XT9v0cRI9oupztF8AgiIu99L/ksR/Xp/6jrZ70=
+golang.org/x/oauth2 v0.25.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -899,8 +899,8 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.36.2 h1:R8FeyR1/eLmkutZOM5CWghmo5itiG9z0ktFlTVLuTmU=
-google.golang.org/protobuf v1.36.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.3 h1:82DV7MYdb8anAVi3qge1wSnMDrnKK7ebr+I0hHRN1BU=
+google.golang.org/protobuf v1.36.3/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

example/influxdb-client-go/go.mod

@@ -1,10 +1,12 @@
 module github.com/openziti/sdk-golang/example/influx-client-go
 
-go 1.19
+go 1.21
+
+toolchain go1.23.1
 
 require (
 	github.com/influxdata/influxdb-client-go/v2 v2.12.3
-	github.com/openziti/sdk-golang v0.20.112
+	github.com/openziti/sdk-golang v0.23.45
 	github.com/sirupsen/logrus v1.9.3
 )
 
@@ -19,41 +21,45 @@ require (
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/aymerick/douceur v0.2.0 // indirect
 	github.com/bytedance/sonic v1.10.1 // indirect
-	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
+	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d // indirect
 	github.com/chenzhuoyu/iasm v0.9.0 // indirect
 	github.com/deepmap/oapi-codegen v1.15.0 // indirect
 	github.com/fatih/structs v1.1.0 // indirect
 	github.com/flosch/pongo2/v4 v4.0.2 // indirect
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa // indirect
 	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/gin-gonic/gin v1.9.1 // indirect
-	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
-	github.com/go-openapi/analysis v0.21.4 // indirect
-	github.com/go-openapi/errors v0.20.4 // indirect
-	github.com/go-openapi/jsonpointer v0.20.0 // indirect
-	github.com/go-openapi/jsonreference v0.20.2 // indirect
-	github.com/go-openapi/loads v0.21.2 // indirect
-	github.com/go-openapi/runtime v0.26.0 // indirect
-	github.com/go-openapi/spec v0.20.9 // indirect
-	github.com/go-openapi/strfmt v0.21.7 // indirect
-	github.com/go-openapi/swag v0.22.4 // indirect
-	github.com/go-openapi/validate v0.22.1 // indirect
+	github.com/go-openapi/analysis v0.23.0 // indirect
+	github.com/go-openapi/errors v0.22.0 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/loads v0.22.0 // indirect
+	github.com/go-openapi/runtime v0.28.0 // indirect
+	github.com/go-openapi/spec v0.21.0 // indirect
+	github.com/go-openapi/strfmt v0.23.0 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
+	github.com/go-openapi/validate v0.24.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.15.4 // indirect
+	github.com/go-resty/resty/v2 v2.15.3 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
-	github.com/golang-jwt/jwt/v5 v5.0.0 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/gomarkdown/markdown v0.0.0-20230922112808-5421fefb8386 // indirect
-	github.com/google/uuid v1.3.1 // indirect
+	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/css v1.0.0 // indirect
-	github.com/gorilla/mux v1.8.0 // indirect
-	github.com/gorilla/websocket v1.5.0 // indirect
+	github.com/gorilla/mux v1.8.1 // indirect
+	github.com/gorilla/schema v1.3.0 // indirect
+	github.com/gorilla/securecookie v1.1.2 // indirect
+	github.com/gorilla/websocket v1.5.3 // indirect
 	github.com/influxdata/line-protocol v0.0.0-20210922203350-b1ad95c89adf // indirect
 	github.com/iris-contrib/schema v0.0.6 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
@@ -74,7 +80,7 @@ require (
 	github.com/mailgun/raymond/v2 v2.0.48 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.19 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
 	github.com/michaelquigley/pfxlog v0.6.10 // indirect
 	github.com/microcosm-cc/bluemonday v1.0.25 // indirect
@@ -83,15 +89,16 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/muhlemmer/gu v0.3.1 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
-	github.com/openziti/channel/v2 v2.0.99 // indirect
-	github.com/openziti/edge-api v0.25.36 // indirect
-	github.com/openziti/foundation/v2 v2.0.32 // indirect
-	github.com/openziti/identity v1.0.63 // indirect
-	github.com/openziti/metrics v1.2.35 // indirect
-	github.com/openziti/secretstream v0.1.12 // indirect
-	github.com/openziti/transport/v2 v2.0.107 // indirect
+	github.com/openziti/channel/v3 v3.0.26 // indirect
+	github.com/openziti/edge-api v0.26.36 // indirect
+	github.com/openziti/foundation/v2 v2.0.56 // indirect
+	github.com/openziti/identity v1.0.94 // indirect
+	github.com/openziti/metrics v1.2.65 // indirect
+	github.com/openziti/secretstream v0.1.28 // indirect
+	github.com/openziti/transport/v2 v2.0.159 // indirect
 	github.com/orcaman/concurrent-map/v2 v2.0.1 // indirect
 	github.com/parallaxsecond/parsec-client-go v0.0.0-20221025095442-f0a77d263cf9 // indirect
 	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
@@ -100,7 +107,7 @@ require (
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/schollz/closestmatch v2.1.0+incompatible // indirect
-	github.com/shirou/gopsutil/v3 v3.23.8 // indirect
+	github.com/shirou/gopsutil/v3 v3.24.5 // indirect
 	github.com/shoenig/go-m1cpu v0.1.6 // indirect
 	github.com/speps/go-hashids v2.0.0+incompatible // indirect
 	github.com/tdewolff/minify/v2 v2.12.9 // indirect
@@ -114,23 +121,26 @@ require (
 	github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
 	github.com/yosssi/ace v0.0.5 // indirect
-	github.com/yusufpapurcu/wmi v1.2.3 // indirect
-	go.mongodb.org/mongo-driver v1.13.0 // indirect
-	go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 // indirect
-	go.opentelemetry.io/otel v1.18.0 // indirect
-	go.opentelemetry.io/otel/metric v1.18.0 // indirect
-	go.opentelemetry.io/otel/trace v1.18.0 // indirect
+	github.com/yusufpapurcu/wmi v1.2.4 // indirect
+	github.com/zitadel/oidc/v2 v2.12.2 // indirect
+	go.mongodb.org/mongo-driver v1.17.0 // indirect
+	go.mozilla.org/pkcs7 v0.9.0 // indirect
+	go.opentelemetry.io/otel v1.29.0 // indirect
+	go.opentelemetry.io/otel/metric v1.29.0 // indirect
+	go.opentelemetry.io/otel/trace v1.29.0 // indirect
 	golang.org/x/arch v0.5.0 // indirect
-	golang.org/x/crypto v0.21.0 // indirect
+	golang.org/x/crypto v0.32.0 // indirect
 	golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
-	golang.org/x/net v0.23.0 // indirect
-	golang.org/x/sys v0.18.0 // indirect
-	golang.org/x/term v0.18.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
-	golang.org/x/time v0.3.0 // indirect
-	google.golang.org/protobuf v1.33.0 // indirect
+	golang.org/x/net v0.34.0 // indirect
+	golang.org/x/oauth2 v0.23.0 // indirect
+	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/sys v0.29.0 // indirect
+	golang.org/x/term v0.28.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
+	golang.org/x/time v0.6.0 // indirect
+	google.golang.org/protobuf v1.36.2 // indirect
+	gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	nhooyr.io/websocket v1.8.7 // indirect
+	nhooyr.io/websocket v1.8.17 // indirect
 )

example/zcat/zcat.go

@@ -21,9 +21,12 @@ import (
 	"github.com/michaelquigley/pfxlog"
 	"github.com/openziti/foundation/v2/info"
 	"github.com/openziti/sdk-golang/ziti"
+	"github.com/openziti/transport/v2"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"io"
+	"net/http"
+	"net/url"
 	"os"
 	"time"
 )
@@ -36,12 +39,16 @@ var verbose bool
 var logFormatter string
 var retry bool
 var identityFile string
+var ctrlProxy string
+var routerProxy string
 
 func init() {
 	root.PersistentFlags().StringVarP(&identityFile, "identity", "i", "", "Identity file path")
 	root.PersistentFlags().BoolVarP(&verbose, "verbose", "v", false, "Enable verbose logging")
 	root.PersistentFlags().BoolVarP(&retry, "retry", "r", false, "Retry after i/o error")
 	root.PersistentFlags().StringVar(&logFormatter, "log-formatter", "", "Specify log formatter [json|pfxlog|text]")
+	root.PersistentFlags().StringVar(&ctrlProxy, "ctrl-proxy", "", "Specify a proxy to use for controller connections")
+	root.PersistentFlags().StringVar(&routerProxy, "router-proxy", "", "Specify a proxy to use for router connections")
 }
 
 var root = &cobra.Command{
@@ -83,6 +90,23 @@ func runFunc(_ *cobra.Command, args []string) {
 		panic(err)
 	}
 
+	if ctrlProxy != "" {
+		fmt.Printf("using controller proxy: %s\n", ctrlProxy)
+		cfg.CtrlProxy = func(request *http.Request) (*url.URL, error) {
+			return url.Parse(ctrlProxy)
+		}
+	}
+
+	if routerProxy != "" {
+		fmt.Printf("using router proxy: %s\n", routerProxy)
+		cfg.RouterProxy = func(addr string) *transport.ProxyConfiguration {
+			return &transport.ProxyConfiguration{
+				Type:    transport.ProxyTypeHttpConnect,
+				Address: routerProxy,
+			}
+		}
+	}
+
 	context, err := ziti.NewContext(cfg)
 
 	if err != nil {

go.mod

@@ -18,7 +18,7 @@ require (
 	github.com/michaelquigley/pfxlog v0.6.10
 	github.com/mitchellh/go-ps v1.0.0
 	github.com/mitchellh/mapstructure v1.5.0
-	github.com/openziti/channel/v3 v3.0.26
+	github.com/openziti/channel/v3 v3.0.27
 	github.com/openziti/edge-api v0.26.38
 	github.com/openziti/foundation/v2 v2.0.56
 	github.com/openziti/identity v1.0.94

go.sum

@@ -302,8 +302,8 @@ github.com/onsi/gomega v1.13.0 h1:7lLHu94wT9Ij0o6EWWclhu0aOh32VxhkwEJvzuWPeak=
 github.com/onsi/gomega v1.13.0/go.mod h1:lRk9szgn8TxENtWd0Tp4c3wjlRfMTMH27I+3Je41yGY=
 github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
 github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
-github.com/openziti/channel/v3 v3.0.26 h1:KVMOpqA8teIUcjG8u21pg8iI1YOjaY/SQyWWozWfXpA=
-github.com/openziti/channel/v3 v3.0.26/go.mod h1:o5/tWvfHgEzVBqdl8WBHFJNc7m8zHcCb3S5ymocDZEk=
+github.com/openziti/channel/v3 v3.0.27 h1:Jx56fuxuvlkap+zNXIDPdfLW1mA6GjrnCxjbDqdBgco=
+github.com/openziti/channel/v3 v3.0.27/go.mod h1:vmLGw7KS1mhFDBoYal7O4dIcsm6TAVi9WqjI4TvAemQ=
 github.com/openziti/edge-api v0.26.38 h1:3xDWC5SFn3qUVR428TIBpRc2lrjVV7Gz0Rx4pQx0JSg=
 github.com/openziti/edge-api v0.26.38/go.mod h1:sYHVpm26Jr1u7VooNJzTb2b2nGSlmCHMnbGC8XfWSng=
 github.com/openziti/foundation/v2 v2.0.56 h1:YXqBmkrN0fYr3TqIlWZSZGluE2QpJxlA29Z6okZyQ5I=

version

@@ -1 +1 @@
-0.23
+0.24

ziti/config.go

@@ -22,7 +22,10 @@ import (
 	"github.com/openziti/edge-api/rest_util"
 	"github.com/openziti/identity"
 	apis "github.com/openziti/sdk-golang/edge-apis"
+	"github.com/openziti/transport/v2"
 	"github.com/pkg/errors"
+	"net/http"
+	"net/url"
 	"os"
 )
 
@@ -48,6 +51,15 @@ type Config struct {
 	//EnableHa will signal to the SDK to query and use OIDC authentication which is required for HA controller setups.
 	//This is a temporary feature flag that will be removed and "default to true" at a later date.
 	EnableHa bool `json:"enableHa"`
+
+	//Allows providing a function which controls how/where request to a controller are proxied.
+	//See [http.Transport.Proxy] for more information
+	//If this value is nil, [http.ProxyFromEnvironment] is used. If you never want a proxy to be used,
+	//set a function which always returns nil.
+	CtrlProxy func(*http.Request) (*url.URL, error)
+
+	//Allows providing a function which controls how/where connections to a router are proxied.
+	RouterProxy func(addr string) *transport.ProxyConfiguration
 }
 
 // NewConfig will create a new Config object from a provided Ziti Edge Client API URL and identity configuration.
@@ -90,7 +102,7 @@ func NewConfigFromFile(confFile string) (*Config, error) {
 // GetControllerWellKnownCaPool will return a x509.CertPool. The target controller will not be verified via TLS and
 // must be verified by some other means (i.e. enrollment JWT token).
 //
-// WARNING: This call is unauthenticated and should only be used for example purposes or expliciltly when an unauthenticated
+// WARNING: This call is unauthenticated and should only be used for example purposes or explicitly when an unauthenticated
 // request is required.
 func GetControllerWellKnownCaPool(controllerAddr string) (*x509.CertPool, error) {
 	return rest_util.GetControllerWellKnownCaPool(controllerAddr)

ziti/contexts.go

@@ -34,6 +34,7 @@ import (
 	"github.com/openziti/sdk-golang/ziti/edge/posture"
 	cmap "github.com/orcaman/concurrent-map/v2"
 	"github.com/pkg/errors"
+	"net/http"
 	"net/url"
 	"strconv"
 )
@@ -72,6 +73,10 @@ func NewContext(cfg *Config) (Context, error) {
 // NewContextWithOpts creates a Context from the supplied Config and Options. The configuration requires
 // either the `ID` field or the `Credentials` field to be populated. If both are supplied, the `ID` field is used.
 func NewContextWithOpts(cfg *Config, options *Options) (Context, error) {
+	if cfg == nil {
+		return nil, errors.New("a config is required")
+	}
+
 	if options == nil {
 		options = DefaultOptions
 	}
@@ -83,10 +88,7 @@ func NewContextWithOpts(cfg *Config, options *Options) (Context, error) {
 		authQueryHandlers: map[string]func(query *rest_model.AuthQueryDetail, response MfaCodeResponse) error{},
 		closeNotify:       make(chan struct{}),
 		EventEmmiter:      events.New(),
-	}
-
-	if cfg == nil {
-		return nil, errors.New("a config is required")
+		routerProxy:       cfg.RouterProxy,
 	}
 
 	if cfg.ID.Cert != "" && cfg.ID.Key != "" {
@@ -115,8 +117,10 @@ func NewContextWithOpts(cfg *Config, options *Options) (Context, error) {
 		apiUrls = append(apiUrls, apiUrl)
 	}
 
-	newContext.CtrlClt = &CtrlClient{
-		ClientApiClient: edge_apis.NewClientApiClient(apiUrls, cfg.Credentials.GetCaPool(), func(codeCh chan string) {
+	apiClientConfig := &edge_apis.ApiClientConfig{
+		ApiUrls: apiUrls,
+		CaPool:  cfg.Credentials.GetCaPool(),
+		TotpCallback: func(codeCh chan string) {
 			provider := rest_model.MfaProvidersZiti
 
 			authQuery := &rest_model.AuthQueryDetail{
@@ -140,9 +144,18 @@ func NewContextWithOpts(cfg *Config, options *Options) (Context, error) {
 					return nil
 				})
 			}
-		}),
-		Credentials: cfg.Credentials,
-		ConfigTypes: cfg.ConfigTypes,
+		},
+		Proxy: cfg.CtrlProxy,
+	}
+
+	if apiClientConfig.Proxy == nil {
+		apiClientConfig.Proxy = http.ProxyFromEnvironment
+	}
+
+	newContext.CtrlClt = &CtrlClient{
+		ClientApiClient: edge_apis.NewClientApiClientWithConfig(apiClientConfig),
+		Credentials:     cfg.Credentials,
+		ConfigTypes:     cfg.ConfigTypes,
 	}
 
 	newContext.CtrlClt.ClientApiClient.SetAllowOidcDynamicallyEnabled(cfg.EnableHa)

ziti/ziti.go

@@ -194,6 +194,7 @@ type ContextImpl struct {
 
 	events.EventEmmiter
 	lastSuccessfulApiSessionRefresh time.Time
+	routerProxy                     func(addr string) *transport.ProxyConfiguration
 }
 
 func (context *ContextImpl) AddServiceAddedListener(handler func(Context, *rest_model.ServiceDetail)) func() {
@@ -1387,13 +1388,22 @@ func (context *ContextImpl) connectEdgeRouter(routerName, ingressUrl string) *ed
 		}
 	}
 
-	dialer := channel.NewClassicDialer(channel.DialerConfig{
+	dialerConfig := channel.DialerConfig{
 		Identity: identity.NewIdentity(id),
 		Endpoint: ingAddr,
 		Headers: map[int32][]byte{
 			edge.SessionTokenHeader: context.CtrlClt.GetCurrentApiSession().GetToken(),
 		},
-	})
+		TransportConfig: map[interface{}]interface{}{},
+	}
+
+	if context.routerProxy != nil {
+		if proxyConfig := context.routerProxy(ingressUrl); proxyConfig != nil {
+			dialerConfig.TransportConfig[transport.KeyCachedProxyConfiguration] = proxyConfig
+		}
+	}
+
+	dialer := channel.NewClassicDialer(dialerConfig)
 
 	start := time.Now().UnixNano()
 	edgeConn := network.NewEdgeConnFactory(routerName, ingressUrl, context)