backport of commit 316f4208eb (#6435)

Co-authored-by: Louis Ruch <louisruch@gmail.com>
release/0.21.x
hc-github-team-secure-boundary 6 days ago committed by GitHub
parent d35692ea78
commit d92e2eac86
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

@ -108,4 +108,13 @@ func Test_GetOpts(t *testing.T) {
require.NoError(t, err)
assert.Equal(client, opts.withApiClient)
})
t.Run("WithInactivityTimeout", func(t *testing.T) {
assert := assert.New(t)
opts, err := getOpts()
require.NoError(t, err)
assert.Empty(opts.withInactivityTimeout)
opts, err = getOpts(WithInactivityTimeout(3 * time.Millisecond))
require.NoError(t, err)
assert.Equal(3*time.Millisecond, opts.withInactivityTimeout)
})
}

@ -216,11 +216,16 @@ func (p *ClientProxy) Start(opt ...Option) (retErr error) {
// Ensure closing the listener runs on any other return condition
defer listenerCloseFunc()
// automatically close the proxy when inactive
proxyAutoClose := time.AfterFunc(10*time.Minute, func() {
p.cancel()
p.setCloseReason("Inactivity timeout reached")
})
var proxyAutoClose *time.Timer
if opts.withInactivityTimeout > 0 {
// automatically close the proxy when inactive
proxyAutoClose = time.AfterFunc(opts.withInactivityTimeout, func() {
p.cancel()
p.setCloseReason("Inactivity timeout reached")
})
// Stop timer until we have at least one connection, then reset/stop based on activity
proxyAutoClose.Stop()
}
activeConnCh := make(chan int32)
activeConnFn := func(d int32) {
@ -342,13 +347,16 @@ func (p *ClientProxy) Start(opt ...Option) (retErr error) {
}
case activeConns := <-activeConnCh:
switch {
case activeConns > 0:
// always stop the timer when a new connection is made,
// even if timeout opt is 0
proxyAutoClose.Stop()
case proxyAutoClose == nil:
// do nothing if timer is not set
case opts.withInactivityTimeout <= 0:
// no timeout was set, timer should not be reset for inactivity
// this should never happen due to the proxyAutoClose nil check above, but just in case
case activeConns > 0:
// stop timer when we have a new conneciton
proxyAutoClose.Stop()
case activeConns == 0:
// reset timer when we have no more active connections
proxyAutoClose.Reset(opts.withInactivityTimeout)
}
}

@ -54,6 +54,10 @@ type TerminationInfo struct {
var (
_ cli.Command = (*Command)(nil)
_ cli.CommandAutocomplete = (*Command)(nil)
// rdpDefaultTimeout is the default inactivity timeout for boundary connect rdp
// The default is zero (no timeout), however it is overridden for macOS clients only in connect_darwin.go
rdpDefaultTimeout time.Duration = 0
)
type Command struct {
@ -516,24 +520,17 @@ func (c *Command) Run(args []string) (retCode int) {
clientProxyCloseCh := make(chan struct{})
connCountCloseCh := make(chan struct{})
if c.flagInactiveTimeout == 0 {
// no timeout was specified by the user, so use our defaults based on subcommand
switch {
case c.flagInactiveTimeout < 0:
// timeout has been disabled, no need for option
case c.flagInactiveTimeout == 0:
// no timeout was specified, use protocol-specific defaults
switch c.Func {
case "connect":
// connect is when there is no subcommand specified, this case should
// have the most generous timeout
apiProxyOpts = append(apiProxyOpts, apiproxy.WithInactivityTimeout(30*time.Second))
case "rdp":
// rdp has a gui, so give the user a chance to click "reconnect"
apiProxyOpts = append(apiProxyOpts, apiproxy.WithInactivityTimeout(5*time.Second))
case "ssh":
// one second is probably enough for ssh
apiProxyOpts = append(apiProxyOpts, apiproxy.WithInactivityTimeout(time.Second))
default:
// for other protocols, give some extra leeway just in case
apiProxyOpts = append(apiProxyOpts, apiproxy.WithInactivityTimeout(3*time.Second))
apiProxyOpts = append(apiProxyOpts, apiproxy.WithInactivityTimeout(rdpDefaultTimeout))
}
} else {
default:
// use provided timeout
apiProxyOpts = append(apiProxyOpts, apiproxy.WithInactivityTimeout(c.flagInactiveTimeout))
}

@ -0,0 +1,10 @@
// Copyright IBM Corp. 2020, 2025
// SPDX-License-Identifier: BUSL-1.1
package connect
import "time"
func init() {
rdpDefaultTimeout = 30 * time.Second
}
Loading…
Cancel
Save