GitVita
New repositoryImport repositoryNew issue
Your repositories Your dashboard Sign in

cloudflare/cloudflared

Public

mirrored fromhttps://github.com/cloudflare/cloudflaredAvailable

Watch0Fork0Star0
CodeCommitsIssuesPull requestsActionsInsightsSecurity
2026.5.0

Branches

Tags

  • No tags available.
0Branches0Tags
Go to file
Add file
Code

Clone

HTTPS

Download ZIP

cloudflared/component-tests

component-tests/cli.py

144lines · modecode

RawDownload
Latest commit unavailable.
1import json
2import subprocess
3from time import sleep
4
5from constants import MANAGEMENT_HOST_NAME
6from setup import get_config_from_file
7from util import get_tunnel_connector_id
8
9SINGLE_CASE_TIMEOUT = 600
10
11class CloudflaredCli:
12 def __init__(self, config, config_path, logger):
13 self.basecmd = [config.cloudflared_binary, "tunnel"]
14 if config_path is not None:
15 self.basecmd += ["--config", str(config_path)]
16 origincert = get_config_from_file()["origincert"]
17 if origincert:
18 self.basecmd += ["--origincert", origincert]
19 self.logger = logger
20
21 def _run_command(self, subcmd, subcmd_name, needs_to_pass=True):
22 cmd = self.basecmd + subcmd
23 # timeout limits the time a subprocess can run. This is useful to guard against running a tunnel when
24 # command/args are in wrong order.
25 result = run_subprocess(cmd, subcmd_name, self.logger, check=needs_to_pass, capture_output=True, timeout=15)
26 return result
27
28 def list_tunnels(self):
29 cmd_args = ["list", "--output", "json"]
30 listed = self._run_command(cmd_args, "list")
31 return json.loads(listed.stdout)
32
33 def get_management_token(self, config, config_path, resource):
34 basecmd = [config.cloudflared_binary]
35 if config_path is not None:
36 basecmd += ["--config", str(config_path)]
37 origincert = get_config_from_file()["origincert"]
38 if origincert:
39 basecmd += ["--origincert", origincert]
40
41 cmd_args = ["management", "token", "--resource", resource, config.get_tunnel_id()]
42 cmd = basecmd + cmd_args
43 result = run_subprocess(cmd, "token", self.logger, check=True, capture_output=True, timeout=15)
44 return json.loads(result.stdout.decode("utf-8").strip())["token"]
45
46 def get_tail_token(self, config, config_path):
47 """
48 Get management token using the 'tail token' command.
49 Returns a token scoped for 'logs' resource.
50 """
51 basecmd = [config.cloudflared_binary]
52 if config_path is not None:
53 basecmd += ["--config", str(config_path)]
54 origincert = get_config_from_file()["origincert"]
55 if origincert:
56 basecmd += ["--origincert", origincert]
57
58 cmd_args = ["tail", "token", config.get_tunnel_id()]
59 cmd = basecmd + cmd_args
60 result = run_subprocess(cmd, "tail-token", self.logger, check=True, capture_output=True, timeout=15)
61 return json.loads(result.stdout.decode("utf-8").strip())["token"]
62
63 def get_management_url(self, path, config, config_path, resource):
64 access_jwt = self.get_management_token(config, config_path, resource)
65 connector_id = get_tunnel_connector_id()
66 return f"https://{MANAGEMENT_HOST_NAME}/{path}?connector_id={connector_id}&access_token={access_jwt}"
67
68 def get_management_wsurl(self, path, config, config_path, resource):
69 access_jwt = self.get_management_token(config, config_path, resource)
70 connector_id = get_tunnel_connector_id()
71 return f"wss://{MANAGEMENT_HOST_NAME}/{path}?connector_id={connector_id}&access_token={access_jwt}"
72
73 def get_connector_id(self, config):
74 op = self.get_tunnel_info(config.get_tunnel_id())
75 connectors = []
76 for conn in op["conns"]:
77 connectors.append(conn["id"])
78 return connectors
79
80 def get_tunnel_info(self, tunnel_id):
81 info = self._run_command(["info", "--output", "json", tunnel_id], "info")
82 return json.loads(info.stdout)
83
84 def __enter__(self):
85 self.basecmd += ["run"]
86 self.process = subprocess.Popen(self.basecmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
87 self.logger.info(f"Run cmd {self.basecmd}")
88 return self.process
89
90 def __exit__(self, exc_type, exc_value, exc_traceback):
91 terminate_gracefully(self.process, self.logger, self.basecmd)
92 self.logger.debug(f"{self.basecmd} logs: {self.process.stderr.read()}")
93
94
95def terminate_gracefully(process, logger, cmd):
96 process.terminate()
97 process_terminated = wait_for_terminate(process)
98 if not process_terminated:
99 process.kill()
100 logger.warning(f"{cmd}: cloudflared did not terminate within wait period. Killing process. logs: \
101 stdout: {process.stdout.read()}, stderr: {process.stderr.read()}")
102
103
104def wait_for_terminate(opened_subprocess, attempts=10, poll_interval=1):
105 """
106 wait_for_terminate polls the opened_subprocess every x seconds for a given number of attempts.
107 It returns true if the subprocess was terminated and false if it didn't.
108 """
109 for _ in range(attempts):
110 if _is_process_stopped(opened_subprocess):
111 return True
112 sleep(poll_interval)
113 return False
114
115
116def _is_process_stopped(process):
117 return process.poll() is not None
118
119
120def cert_path():
121 return get_config_from_file()["origincert"]
122
123
124class SubprocessError(Exception):
125 def __init__(self, program, exit_code, cause):
126 self.program = program
127 self.exit_code = exit_code
128 self.cause = cause
129
130
131def run_subprocess(cmd, cmd_name, logger, timeout=SINGLE_CASE_TIMEOUT, **kargs):
132 kargs["timeout"] = timeout
133 try:
134 result = subprocess.run(cmd, **kargs)
135 logger.debug(f"{cmd} log: {result.stdout}", extra={"cmd": cmd_name})
136 return result
137 except subprocess.CalledProcessError as e:
138 err = f"{cmd} return exit code {e.returncode}, stderr" + e.stderr.decode("utf-8")
139 logger.error(err, extra={"cmd": cmd_name, "return_code": e.returncode})
140 raise SubprocessError(cmd[0], e.returncode, e)
141 except subprocess.TimeoutExpired as e:
142 err = f"{cmd} timeout after {e.timeout} seconds, stdout: {e.stdout}, stderr: {e.stderr}"
143 logger.error(err, extra={"cmd": cmd_name, "return_code": "timeout"})
144 raise e