diff --git a/cmd/mcp/route.go b/cmd/mcp/route.go index c1876af..5491713 100644 --- a/cmd/mcp/route.go +++ b/cmd/mcp/route.go @@ -28,17 +28,26 @@ func routeCmd() *cobra.Command { }, } + var ( + routeMode string + backendTLS bool + tlsCert string + tlsKey string + ) + add := &cobra.Command{ Use: "add ", Short: "Add a route to mc-proxy", - Long: "Add a route. Example: mcp route add -n rift :443 mcq.metacircular.net 100.95.252.120:443", + Long: "Add a route. Example: mcp route add -n rift :443 mcq.svc.mcp.metacircular.net 127.0.0.1:48080 --mode l7 --tls-cert /srv/mc-proxy/certs/mcq.pem --tls-key /srv/mc-proxy/certs/mcq.key", Args: cobra.ExactArgs(3), RunE: func(_ *cobra.Command, args []string) error { - return runRouteAdd(nodeName, args) + return runRouteAdd(nodeName, args, routeMode, backendTLS, tlsCert, tlsKey) }, } - add.Flags().String("mode", "l4", "route mode (l4 or l7)") - add.Flags().Bool("backend-tls", false, "re-encrypt traffic to backend") + add.Flags().StringVar(&routeMode, "mode", "l4", "route mode (l4 or l7)") + add.Flags().BoolVar(&backendTLS, "backend-tls", false, "re-encrypt traffic to backend") + add.Flags().StringVar(&tlsCert, "tls-cert", "", "path to TLS cert on the node (required for l7)") + add.Flags().StringVar(&tlsKey, "tls-key", "", "path to TLS key on the node (required for l7)") remove := &cobra.Command{ Use: "remove ", @@ -138,7 +147,7 @@ func printRoutes(nodeName string, resp *mcpv1.ListProxyRoutesResponse) { } } -func runRouteAdd(nodeName string, args []string) error { +func runRouteAdd(nodeName string, args []string, mode string, backendTLS bool, tlsCert, tlsKey string) error { if nodeName == "" { return fmt.Errorf("--node is required") } @@ -166,12 +175,16 @@ func runRouteAdd(nodeName string, args []string) error { ListenerAddr: args[0], Hostname: args[1], Backend: args[2], + Mode: mode, + BackendTls: backendTLS, + TlsCert: tlsCert, + TlsKey: tlsKey, }) if err != nil { return fmt.Errorf("add route: %w", err) } - fmt.Printf("Added route: %s → %s on %s (%s)\n", args[1], args[2], args[0], nodeName) + fmt.Printf("Added route: %s %s → %s on %s (%s)\n", mode, args[1], args[2], args[0], nodeName) return nil } diff --git a/gen/mcp/v1/mcp.pb.go b/gen/mcp/v1/mcp.pb.go index 77ba05e..a3fc700 100644 --- a/gen/mcp/v1/mcp.pb.go +++ b/gen/mcp/v1/mcp.pb.go @@ -2815,6 +2815,8 @@ type AddProxyRouteRequest struct { Backend string `protobuf:"bytes,3,opt,name=backend,proto3" json:"backend,omitempty"` Mode string `protobuf:"bytes,4,opt,name=mode,proto3" json:"mode,omitempty"` // "l4" or "l7" BackendTls bool `protobuf:"varint,5,opt,name=backend_tls,json=backendTls,proto3" json:"backend_tls,omitempty"` + TlsCert string `protobuf:"bytes,6,opt,name=tls_cert,json=tlsCert,proto3" json:"tls_cert,omitempty"` // path to TLS cert (required for l7) + TlsKey string `protobuf:"bytes,7,opt,name=tls_key,json=tlsKey,proto3" json:"tls_key,omitempty"` // path to TLS key (required for l7) unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } @@ -2884,6 +2886,20 @@ func (x *AddProxyRouteRequest) GetBackendTls() bool { return false } +func (x *AddProxyRouteRequest) GetTlsCert() string { + if x != nil { + return x.TlsCert + } + return "" +} + +func (x *AddProxyRouteRequest) GetTlsKey() string { + if x != nil { + return x.TlsKey + } + return "" +} + type AddProxyRouteResponse struct { state protoimpl.MessageState `protogen:"open.v1"` unknownFields protoimpl.UnknownFields @@ -3198,14 +3214,16 @@ const file_proto_mcp_v1_mcp_proto_rawDesc = "" + "\x11total_connections\x18\x02 \x01(\x03R\x10totalConnections\x129\n" + "\n" + "started_at\x18\x03 \x01(\v2\x1a.google.protobuf.TimestampR\tstartedAt\x127\n" + - "\tlisteners\x18\x04 \x03(\v2\x19.mcp.v1.ProxyListenerInfoR\tlisteners\"\xa6\x01\n" + + "\tlisteners\x18\x04 \x03(\v2\x19.mcp.v1.ProxyListenerInfoR\tlisteners\"\xda\x01\n" + "\x14AddProxyRouteRequest\x12#\n" + "\rlistener_addr\x18\x01 \x01(\tR\flistenerAddr\x12\x1a\n" + "\bhostname\x18\x02 \x01(\tR\bhostname\x12\x18\n" + "\abackend\x18\x03 \x01(\tR\abackend\x12\x12\n" + "\x04mode\x18\x04 \x01(\tR\x04mode\x12\x1f\n" + "\vbackend_tls\x18\x05 \x01(\bR\n" + - "backendTls\"\x17\n" + + "backendTls\x12\x19\n" + + "\btls_cert\x18\x06 \x01(\tR\atlsCert\x12\x17\n" + + "\atls_key\x18\a \x01(\tR\x06tlsKey\"\x17\n" + "\x15AddProxyRouteResponse\"Z\n" + "\x17RemoveProxyRouteRequest\x12#\n" + "\rlistener_addr\x18\x01 \x01(\tR\flistenerAddr\x12\x1a\n" + diff --git a/internal/agent/proxy_rpc.go b/internal/agent/proxy_rpc.go index 978cafa..ea416e0 100644 --- a/internal/agent/proxy_rpc.go +++ b/internal/agent/proxy_rpc.go @@ -69,6 +69,8 @@ func (a *Agent) AddProxyRoute(ctx context.Context, req *mcpv1.AddProxyRouteReque Backend: req.GetBackend(), Mode: req.GetMode(), BackendTLS: req.GetBackendTls(), + TLSCert: req.GetTlsCert(), + TLSKey: req.GetTlsKey(), } if err := a.Proxy.AddRoute(ctx, req.GetListenerAddr(), route); err != nil { diff --git a/proto/mcp/v1/mcp.proto b/proto/mcp/v1/mcp.proto index f2790e1..6b5a24e 100644 --- a/proto/mcp/v1/mcp.proto +++ b/proto/mcp/v1/mcp.proto @@ -362,6 +362,8 @@ message AddProxyRouteRequest { string backend = 3; string mode = 4; // "l4" or "l7" bool backend_tls = 5; + string tls_cert = 6; // path to TLS cert (required for l7) + string tls_key = 7; // path to TLS key (required for l7) } message AddProxyRouteResponse {}