From cb367b93a183d932fdd5e27beb3efc2b4dc45bf6 Mon Sep 17 00:00:00 2001
From: "Alex Ellis (OpenFaaS Ltd)" <alexellis2@gmail.com>
Date: Tue, 24 Feb 2026 11:43:20 +0000
Subject: [PATCH] Create and own userdata within inletsctl

HTTPS userdata was already owned inside inletsctl, but not for
TCP tunnels. This has now been pulled up from cloudprovision
for easier maintenance.

Unit tests updated and pass. Converted from string concat to
string interpolation with fmt.Sprintf.

Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
---
 cmd/create.go      | 48 ++++++++++++++++++++++++++++++++++------------
 cmd/create_test.go | 41 +++++++++++++++++++++++++++++++++------
 2 files changed, 71 insertions(+), 18 deletions(-)

diff --git a/cmd/create.go b/cmd/create.go
index ceb3c07..c4069b0 100644
--- a/cmd/create.go
+++ b/cmd/create.go
@@ -295,11 +295,11 @@ func runCreate(cmd *cobra.Command, _ []string) error {
 
 	var userData string
 	if len(letsencryptDomains) > 0 {
-		userData = MakeHTTPSUserdata(inletsToken,
+		userData = makeHTTPSUserdata(inletsToken,
 			inletsProVersion,
 			letsencryptIssuer, letsencryptDomains)
 	} else {
-		userData = provision.MakeExitServerUserdata(
+		userData = makeExitServerUserdata(
 			inletsToken,
 			inletsProVersion)
 	}
@@ -595,31 +595,55 @@ func createHost(provider, name, region, zone, projectID, userData, inletsProCont
 	return nil, fmt.Errorf("no provisioner for provider: %q", provider)
 }
 
-// MakeHTTPSUserdata makes a user-data script in bash to setup inlets
-// PRO with a systemd service and the given version.
-func MakeHTTPSUserdata(authToken, version, letsEncryptIssuer string, domains []string) string {
+// makeHTTPSUserdata makes a user-data script in bash to setup inlets
+// with a systemd service and the given version.
+func makeHTTPSUserdata(authToken, version, letsEncryptIssuer string, domains []string) string {
 
 	domainFlags := ""
 	for _, domain := range domains {
 		domainFlags += fmt.Sprintf("--letsencrypt-domain=%s ", domain)
 	}
+	domainFlags = strings.TrimSpace(domainFlags)
+	return fmt.Sprintf(`#!/bin/bash
+export AUTHTOKEN="%s"
+export IP=$(curl -sfSL https://checkip.amazonaws.com)
+export VERSION="%s"
+
+curl -SLsf https://github.com/inlets/inlets-pro/releases/download/$VERSION/inlets-pro -o /tmp/inlets-pro && \
+  chmod +x /tmp/inlets-pro  && \
+  mv /tmp/inlets-pro /usr/local/bin/inlets-pro
+
+curl -SLsf https://github.com/inlets/inlets-pro/releases/download/$VERSION/inlets-pro-http.service -o inlets-pro.service && \
+  mv inlets-pro.service /etc/systemd/system/inlets-pro.service && \
+  echo "AUTHTOKEN=$AUTHTOKEN" >> /etc/default/inlets-pro && \
+  echo "IP=$IP" >> /etc/default/inlets-pro && \
+  echo "DOMAINS=%s" >> /etc/default/inlets-pro && \
+  echo "ISSUER=--letsencrypt-issuer=%s" >> /etc/default/inlets-pro && \
+  systemctl daemon-reload && \
+  systemctl start inlets-pro && \
+  systemctl enable inlets-pro
+`, authToken, version, domainFlags, letsEncryptIssuer)
+}
+
+// makeExitServerUserdata makes a user-data script in bash to setup inlets
+// with systemd service and the given version.
+func makeExitServerUserdata(authToken, version string) string {
 
-	return `#!/bin/bash
-export AUTHTOKEN="` + authToken + `"
+	return fmt.Sprintf(`#!/bin/bash
+export AUTHTOKEN="%s"
 export IP=$(curl -sfSL https://checkip.amazonaws.com)
+export VERSION="%s"
 
-curl -SLsf https://github.com/inlets/inlets-pro/releases/download/` + version + `/inlets-pro -o /tmp/inlets-pro && \
+curl -SLsf https://github.com/inlets/inlets-pro/releases/download/$VERSION/inlets-pro -o /tmp/inlets-pro && \
   chmod +x /tmp/inlets-pro  && \
   mv /tmp/inlets-pro /usr/local/bin/inlets-pro
 
-curl -SLsf https://github.com/inlets/inlets-pro/releases/download/` + version + `/inlets-pro-http.service -o inlets-pro.service && \
+curl -SLsf https://github.com/inlets/inlets-pro/releases/download/$VERSION/inlets-pro.service -o inlets-pro.service && \
   mv inlets-pro.service /etc/systemd/system/inlets-pro.service && \
   echo "AUTHTOKEN=$AUTHTOKEN" >> /etc/default/inlets-pro && \
   echo "IP=$IP" >> /etc/default/inlets-pro && \
-  echo "DOMAINS=` + strings.TrimSpace(domainFlags) + `" >> /etc/default/inlets-pro && \
-  echo "ISSUER=--letsencrypt-issuer=` + letsEncryptIssuer + `" >> /etc/default/inlets-pro && \
   systemctl daemon-reload && \
   systemctl start inlets-pro && \
   systemctl enable inlets-pro
-`
+`, authToken, version)
 }
diff --git a/cmd/create_test.go b/cmd/create_test.go
index 7856493..673bebc 100644
--- a/cmd/create_test.go
+++ b/cmd/create_test.go
@@ -8,19 +8,47 @@ import (
 	"testing"
 )
 
+func Test_MakeTCPUserdata_OneTunnel(t *testing.T) {
+	got := makeExitServerUserdata("token", "0.11.5")
+	os.WriteFile("/tmp/tcp.txt", []byte(got), 0600)
+	want := `#!/bin/bash
+export AUTHTOKEN="token"
+export IP=$(curl -sfSL https://checkip.amazonaws.com)
+export VERSION="0.11.5"
+
+curl -SLsf https://github.com/inlets/inlets-pro/releases/download/$VERSION/inlets-pro -o /tmp/inlets-pro && \
+  chmod +x /tmp/inlets-pro  && \
+  mv /tmp/inlets-pro /usr/local/bin/inlets-pro
+
+curl -SLsf https://github.com/inlets/inlets-pro/releases/download/$VERSION/inlets-pro.service -o inlets-pro.service && \
+  mv inlets-pro.service /etc/systemd/system/inlets-pro.service && \
+  echo "AUTHTOKEN=$AUTHTOKEN" >> /etc/default/inlets-pro && \
+  echo "IP=$IP" >> /etc/default/inlets-pro && \
+  systemctl daemon-reload && \
+  systemctl start inlets-pro && \
+  systemctl enable inlets-pro
+`
+
+	if want != got {
+		t.Fatalf("want\n\n%s\n\nbut got\n\n%s\n\n", want, got)
+	}
+
+}
+
 func Test_MakeHTTPSUserdata_OneDomain(t *testing.T) {
-	got := MakeHTTPSUserdata("token", "0.9.40", "prod", []string{"example.com"})
+	got := makeHTTPSUserdata("token", "0.9.40", "prod", []string{"example.com"})
 
 	os.WriteFile("/tmp/t.txt", []byte(got), 0600)
 	want := `#!/bin/bash
 export AUTHTOKEN="token"
 export IP=$(curl -sfSL https://checkip.amazonaws.com)
+export VERSION="0.9.40"
 
-curl -SLsf https://github.com/inlets/inlets-pro/releases/download/0.9.40/inlets-pro -o /tmp/inlets-pro && \
+curl -SLsf https://github.com/inlets/inlets-pro/releases/download/$VERSION/inlets-pro -o /tmp/inlets-pro && \
   chmod +x /tmp/inlets-pro  && \
   mv /tmp/inlets-pro /usr/local/bin/inlets-pro
 
-curl -SLsf https://github.com/inlets/inlets-pro/releases/download/0.9.40/inlets-pro-http.service -o inlets-pro.service && \
+curl -SLsf https://github.com/inlets/inlets-pro/releases/download/$VERSION/inlets-pro-http.service -o inlets-pro.service && \
   mv inlets-pro.service /etc/systemd/system/inlets-pro.service && \
   echo "AUTHTOKEN=$AUTHTOKEN" >> /etc/default/inlets-pro && \
   echo "IP=$IP" >> /etc/default/inlets-pro && \
@@ -36,19 +64,20 @@ curl -SLsf https://github.com/inlets/inlets-pro/releases/download/0.9.40/inlets-
 }
 
 func Test_MakeHTTPSUserdata_TwoDomains(t *testing.T) {
-	got := MakeHTTPSUserdata("token", "0.9.40", "prod",
+	got := makeHTTPSUserdata("token", "0.9.40", "prod",
 		[]string{"a.example.com", "b.example.com"})
 
 	os.WriteFile("/tmp/t.txt", []byte(got), 0600)
 	want := `#!/bin/bash
 export AUTHTOKEN="token"
 export IP=$(curl -sfSL https://checkip.amazonaws.com)
+export VERSION="0.9.40"
 
-curl -SLsf https://github.com/inlets/inlets-pro/releases/download/0.9.40/inlets-pro -o /tmp/inlets-pro && \
+curl -SLsf https://github.com/inlets/inlets-pro/releases/download/$VERSION/inlets-pro -o /tmp/inlets-pro && \
   chmod +x /tmp/inlets-pro  && \
   mv /tmp/inlets-pro /usr/local/bin/inlets-pro
 
-curl -SLsf https://github.com/inlets/inlets-pro/releases/download/0.9.40/inlets-pro-http.service -o inlets-pro.service && \
+curl -SLsf https://github.com/inlets/inlets-pro/releases/download/$VERSION/inlets-pro-http.service -o inlets-pro.service && \
   mv inlets-pro.service /etc/systemd/system/inlets-pro.service && \
   echo "AUTHTOKEN=$AUTHTOKEN" >> /etc/default/inlets-pro && \
   echo "IP=$IP" >> /etc/default/inlets-pro && \