tunnels

package
v0.0.21 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 18, 2023 License: MIT Imports: 21 Imported by: 2

Documentation

Index

Constants

View Source
const (
	// Min length of tunnel cluster ID.
	TunnelConstraintsClusterIDMinLength = 3

	// Max length of tunnel cluster ID.
	TunnelConstraintsClusterIDMaxLength = 12

	// Length of V1 tunnel id.
	TunnelConstraintsOldTunnelIDLength = 8

	// Min length of V2 tunnelId.
	TunnelConstraintsNewTunnelIDMinLength = 3

	// Max length of V2 tunnelId.
	TunnelConstraintsNewTunnelIDMaxLength = 60

	// Length of a tunnel alias.
	TunnelConstraintsTunnelAliasLength = 8

	// Min length of tunnel name.
	TunnelConstraintsTunnelNameMinLength = 3

	// Max length of tunnel name.
	TunnelConstraintsTunnelNameMaxLength = 60

	// Max length of tunnel or port description.
	TunnelConstraintsDescriptionMaxLength = 400

	// Min length of a single tunnel or port tag.
	TunnelConstraintsTagMinLength = 1

	// Max length of a single tunnel or port tag.
	TunnelConstraintsTagMaxLength = 50

	// Maximum number of tags that can be applied to a tunnel or port.
	TunnelConstraintsMaxTags = 100

	// Min length of a tunnel domain.
	TunnelConstraintsTunnelDomainMinLength = 4

	// Max length of a tunnel domain.
	TunnelConstraintsTunnelDomainMaxLength = 180

	// Maximum number of items allowed in the tunnel ports array. The actual limit on number
	// of ports that can be created may be much lower, and may depend on various resource
	// limitations or policies.
	TunnelConstraintsTunnelMaxPorts = 1000

	// Maximum number of access control entries (ACEs) in a tunnel or tunnel port access
	// control list (ACL).
	TunnelConstraintsAccessControlMaxEntries = 40

	// Maximum number of subjects (such as user IDs) in a tunnel or tunnel port access
	// control entry (ACE).
	TunnelConstraintsAccessControlMaxSubjects = 100

	// Max length of an access control subject or organization ID.
	TunnelConstraintsAccessControlSubjectMaxLength = 200

	// Max length of an access control subject name, when resolving names to IDs.
	TunnelConstraintsAccessControlSubjectNameMaxLength = 200

	// Maximum number of scopes in an access control entry.
	TunnelConstraintsAccessControlMaxScopes = 10

	// Regular expression that can match or validate tunnel cluster ID strings.
	//
	// Cluster IDs are alphanumeric; hyphens are not permitted.
	TunnelConstraintsClusterIDPattern = "^(([a-z]{3,4}[0-9]{1,3})|asse|aue|brs|euw|use)$"

	// Characters that are valid in tunnel IDs. Includes numbers and lowercase letters,
	// excluding vowels and 'y' (to avoid accidentally generating any random words).
	TunnelConstraintsOldTunnelIDChars = "0123456789bcdfghjklmnpqrstvwxz"

	// Regular expression that can match or validate tunnel ID strings.
	//
	// Tunnel IDs are fixed-length and have a limited character set of numbers and lowercase
	// letters (minus vowels and y).
	TunnelConstraintsOldTunnelIDPattern = "[" + TunnelConstraintsOldTunnelIDChars + "]{8}"

	// Characters that are valid in tunnel IDs. Includes numbers and lowercase letters,
	// excluding vowels and 'y' (to avoid accidentally generating any random words).
	TunnelConstraintsNewTunnelIDChars = "0123456789abcdefghijklmnopqrstuvwxyz-"

	// Regular expression that can match or validate tunnel ID strings.
	//
	// Tunnel IDs are fixed-length and have a limited character set of numbers and lowercase
	// letters (minus vowels and y).
	TunnelConstraintsNewTunnelIDPattern = "[a-z0-9][a-z0-9-]{1,58}[a-z0-9]"

	// Characters that are valid in tunnel IDs. Includes numbers and lowercase letters,
	// excluding vowels and 'y' (to avoid accidentally generating any random words).
	TunnelConstraintsTunnelAliasChars = "0123456789bcdfghjklmnpqrstvwxz"

	// Regular expression that can match or validate tunnel alias strings.
	//
	// Tunnel Aliases are fixed-length and have a limited character set of numbers and
	// lowercase letters (minus vowels and y).
	TunnelConstraintsTunnelAliasPattern = "[" + TunnelConstraintsTunnelAliasChars + "]{3,60}"

	// Regular expression that can match or validate tunnel names.
	//
	// Tunnel names are alphanumeric and may contain hyphens. The pattern also allows an
	// empty string because tunnels may be unnamed.
	TunnelConstraintsTunnelNamePattern = "([a-z0-9][a-z0-9-]{1,58}[a-z0-9])|(^$)"

	// Regular expression that can match or validate tunnel or port tags.
	TunnelConstraintsTagPattern = "[\\w-=]{1,50}"

	// Regular expression that can match or validate tunnel domains.
	//
	// The tunnel service may perform additional contextual validation at the time the domain
	// is registered.
	TunnelConstraintsTunnelDomainPattern = "[0-9a-z][0-9a-z-.]{1,158}[0-9a-z]|(^$)"

	// Regular expression that can match or validate an access control subject or
	// organization ID.
	//
	// The : and / characters are allowed because subjects may include IP addresses and
	// ranges. The @ character is allowed because MSA subjects may be identified by email
	// address.
	TunnelConstraintsAccessControlSubjectPattern = "[0-9a-zA-Z-._:/@]{0,200}"

	// Regular expression that can match or validate an access control subject name, when
	// resolving subject names to IDs.
	//
	// Note angle-brackets are only allowed when they wrap an email address as part of a
	// formatted name with email. The service will block any other use of angle-brackets, to
	// avoid any XSS risks.
	TunnelConstraintsAccessControlSubjectNamePattern = "[ \\w\\d-.,/'\"_@()<>]{0,200}"
)
View Source
const PackageVersion = "0.0.21"

Variables

View Source
var (
	// ErrNoTunnel is returned when no tunnel is provided.
	ErrNoTunnel = errors.New("tunnel cannot be nil")

	// ErrNoTunnelEndpoints is returned when no tunnel endpoints are provided.
	ErrNoTunnelEndpoints = errors.New("tunnel endpoints cannot be nil or empty")

	// ErrNoConnections is returned when no tunnel endpoints are provided for the given host ID.
	ErrNoConnections = errors.New("the specified host is not currently accepting connections to the tunnel")

	// ErrMultipleHosts is returned when multiple tunnel endpoints for different hosts are provided.
	ErrMultipleHosts = errors.New("there are multiple hosts for the tunnel, specify the host ID to connect to")

	// ErrNoRelayConnections is returned when no relay connections are available.
	ErrNoRelayConnections = errors.New("the host is not currently accepting tunnel relay connections")

	// ErrSSHConnectionClosed is returned when the ssh connection is closed.
	ErrSSHConnectionClosed = errors.New("the ssh connection is closed")

	// ErrPortNotForwarded is returned when the specified port is not forwarded.
	ErrPortNotForwarded = errors.New("the port is not forwarded")
)
View Source
var (
	// Regular expression that can match or validate tunnel cluster ID strings.
	//
	// Cluster IDs are alphanumeric; hyphens are not permitted.
	TunnelConstraintsClusterIDRegex = regexp.MustCompile(TunnelConstraintsClusterIDPattern)

	// Regular expression that can match or validate tunnel ID strings.
	//
	// Tunnel IDs are fixed-length and have a limited character set of numbers and lowercase
	// letters (minus vowels and y).
	TunnelConstraintsOldTunnelIDRegex = regexp.MustCompile(TunnelConstraintsOldTunnelIDPattern)

	// Regular expression that can match or validate tunnel ID strings.
	//
	// Tunnel IDs are fixed-length and have a limited character set of numbers and lowercase
	// letters (minus vowels and y).
	TunnelConstraintsNewTunnelIDRegex = regexp.MustCompile(TunnelConstraintsNewTunnelIDPattern)

	// Regular expression that can match or validate tunnel alias strings.
	//
	// Tunnel Aliases are fixed-length and have a limited character set of numbers and
	// lowercase letters (minus vowels and y).
	TunnelConstraintsTunnelAliasRegex = regexp.MustCompile(TunnelConstraintsTunnelAliasPattern)

	// Regular expression that can match or validate tunnel names.
	//
	// Tunnel names are alphanumeric and may contain hyphens. The pattern also allows an
	// empty string because tunnels may be unnamed.
	TunnelConstraintsTunnelNameRegex = regexp.MustCompile(TunnelConstraintsTunnelNamePattern)

	// Regular expression that can match or validate tunnel or port tags.
	TunnelConstraintsTagRegex = regexp.MustCompile(TunnelConstraintsTagPattern)

	// Regular expression that can match or validate tunnel domains.
	//
	// The tunnel service may perform additional contextual validation at the time the domain
	// is registered.
	TunnelConstraintsTunnelDomainRegex = regexp.MustCompile(TunnelConstraintsTunnelDomainPattern)

	// Regular expression that can match or validate an access control subject or
	// organization ID.
	TunnelConstraintsAccessControlSubjectRegex = regexp.MustCompile(TunnelConstraintsAccessControlSubjectPattern)

	// Regular expression that can match or validate an access control subject name, when
	// resolving subject names to IDs.
	TunnelConstraintsAccessControlSubjectNameRegex = regexp.MustCompile(TunnelConstraintsAccessControlSubjectNamePattern)
)
View Source
var DevServiceProperties = TunnelServiceProperties{
	ServiceURI:           fmt.Sprintf("https://%s/", devDnsName),
	ServiceAppID:         nonProdFirstPartyAppID,
	ServiceInternalAppID: devThirdPartyAppID,
	GitHubAppClientID:    nonProdGitHubAppClientID,
}
View Source
var PortToken = "{port}"

Token included in `TunnelEndpoint.PortUriFormat` and `TunnelEndpoint.PortSshCommandFormat` that is to be replaced by a specified port number.

View Source
var PpeServiceProperties = TunnelServiceProperties{
	ServiceURI:           fmt.Sprintf("https://%s/", ppeDnsName),
	ServiceAppID:         nonProdFirstPartyAppID,
	ServiceInternalAppID: ppeThirdPartyAppID,
	GitHubAppClientID:    nonProdGitHubAppClientID,
}
View Source
var ServiceProperties = TunnelServiceProperties{
	ServiceURI:           fmt.Sprintf("https://%s/", prodDnsName),
	ServiceAppID:         prodFirstPartyAppID,
	ServiceInternalAppID: prodThirdPartyAppID,
	GitHubAppClientID:    prodGitHubAppClientID,
}

Functions

This section is empty.

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client is a client for a tunnel. It is used to connect to a tunnel.

func NewClient

func NewClient(logger *log.Logger, tunnel *Tunnel, acceptLocalConnectionsForForwardedPorts bool) (*Client, error)

Connect connects to a tunnel and returns a connected client.

func (*Client) Close

func (c *Client) Close() error

func (*Client) Connect

func (c *Client) Connect(ctx context.Context, hostID string) error

func (*Client) ConnectToForwardedPort

func (c *Client) ConnectToForwardedPort(ctx context.Context, listenerIn *net.TCPListener, port uint16) error

Opens a stream connected to a remote port for clients which cannot or do not want to forward local TCP ports. Returns a readWriteCloser which can be used to read and write to the remote port. Set AcceptLocalConnectionsForForwardedPorts to false in ConnectAsync to ensure TCP listeners are not created This will return an error if the port is not yet forwarded, the caller should first call WaitForForwardedPort.

func (*Client) RefreshPorts added in v0.0.6

func (c *Client) RefreshPorts(ctx context.Context) error

func (*Client) WaitForForwardedPort

func (c *Client) WaitForForwardedPort(ctx context.Context, port uint16) error

WaitForForwardedPort waits for the specified port to be forwarded. It is common practice to call this function before ConnectToForwardedPort.

type ClusterDetails added in v0.0.7

type ClusterDetails struct {
	// A cluster identifier based on its region.
	ClusterID string `json:"clusterId"`

	// The URI of the service cluster.
	URI string `json:"uri"`

	// The Azure location of the cluster.
	AzureLocation string `json:"azureLocation"`
}

Details of a tunneling service cluster. Each cluster represents an instance of the tunneling service running in a particular Azure region. New tunnels are created in the current region unless otherwise specified.

type ErrorCode added in v0.0.21

type ErrorCode string
const (
	// Operation timed out.
	ErrorCodeTimeout ErrorCode = "Timeout"

	// Operation cannot be performed because the service is not available.
	ErrorCodeServiceUnavailable ErrorCode = "ServiceUnavailable"

	// Internal error.
	ErrorCodeInternalError ErrorCode = "InternalError"
)

type ErrorCodes added in v0.0.21

type ErrorCodes []ErrorCode

Error codes for ErrorDetail.Code and `x-ms-error-code` header.

type ErrorDetail added in v0.0.21

type ErrorDetail struct {
	// One of a server-defined set of error codes defined in `ErrorCodes`.
	Code string `json:"code"`

	// A human-readable representation of the error.
	Message string `json:"message"`

	// The target of the error.
	Target string `json:"target,omitempty"`

	// An array of details about specific errors that led to this reported error.
	Details []ErrorDetail `json:"details,omitempty"`

	// An object containing more specific information than the current object about the
	// error.
	InnerError *InnerErrorDetail `json:"innererror,omitempty"`
}

The top-level error object whose code matches the x-ms-error-code response header

type InnerErrorDetail added in v0.0.21

type InnerErrorDetail struct {
	// A more specific error code than was provided by the containing error. One of a
	// server-defined set of error codes in `ErrorCodes`.
	Code string `json:"code"`

	// An object containing more specific information than the current object about the
	// error.
	InnerError *InnerErrorDetail `json:"innererror,omitempty"`
}

An object containing more specific information than the current object about the error.

type LocalNetworkTunnelEndpoint

type LocalNetworkTunnelEndpoint struct {
	// Gets or sets a list of IP endpoints where the host may accept connections.
	//
	// A host may accept connections on multiple IP endpoints simultaneously if there are
	// multiple network interfaces on the host system and/or if the host supports both IPv4
	// and IPv6.  Each item in the list is a URI consisting of a scheme (which gives an
	// indication of the network connection protocol), an IP address (IPv4 or IPv6) and a
	// port number. The URIs do not typically include any paths, because the connection is
	// not normally HTTP-based.
	HostEndpoints []string `json:"hostEndpoints"`
}

Parameters for connecting to a tunnel via a local network connection.

While a direct connection is technically not "tunneling", tunnel hosts may accept connections via the local network as an optional more-efficient alternative to a relay.

type Manager

type Manager struct {
	// contains filtered or unexported fields
}

Manager is used to interact with the Visual Studio Tunnel Service APIs.

func NewManager

func NewManager(userAgents []UserAgent, tp tokenProviderfn, tunnelServiceUrl *url.URL, httpHandler *http.Client) (*Manager, error)

Creates a new Manager used for interacting with the Tunnels APIs. tokenProvider is an optional paramater containing a function that returns the access token to use for the request. If no tunnelServiceUrl or httpClient is provided, the default values will be used. Can return error if userAgent is empty or url is invalid.

func (*Manager) CheckNameAvailability added in v0.0.15

func (m *Manager) CheckNameAvailability(
	ctx context.Context, name string,
) (res bool, err error)

Checks if tunnel name is available Returns true if name is available

func (*Manager) CreateTunnel

func (m *Manager) CreateTunnel(ctx context.Context, tunnel *Tunnel, options *TunnelRequestOptions) (t *Tunnel, err error)

Creates a new tunnel with the properties specified in tunnel. Tunnel fields may be nil but the tunnel struct must not be nil. Returns the created tunnel or an error if the create fails.

func (*Manager) CreateTunnelPort

func (m *Manager) CreateTunnelPort(
	ctx context.Context, tunnel *Tunnel, port *TunnelPort, options *TunnelRequestOptions,
) (tp *TunnelPort, err error)

Creates a port on the tunnel. Returns the created port or error if create fails.

func (*Manager) DeleteTunnel

func (m *Manager) DeleteTunnel(ctx context.Context, tunnel *Tunnel, options *TunnelRequestOptions) error

Deletes a tunnel. Returns error if delete fails.

func (*Manager) DeleteTunnelEndpoints

func (m *Manager) DeleteTunnelEndpoints(
	ctx context.Context, tunnel *Tunnel, hostID string, connectionMode TunnelConnectionMode, options *TunnelRequestOptions,
) error

Deletes endpoints on a tunnel. Returns error if the delete fails.

func (*Manager) DeleteTunnelPort

func (m *Manager) DeleteTunnelPort(
	ctx context.Context, tunnel *Tunnel, port uint16, options *TunnelRequestOptions,
) error

Deletes a tunnel port. Returns error if the delete fails.

func (*Manager) GetTunnel

func (m *Manager) GetTunnel(ctx context.Context, tunnel *Tunnel, options *TunnelRequestOptions) (t *Tunnel, err error)

Gets a tunnel by id or name. If getting a tunnel by name the domain must be provided if the tunnel is not in the default domain. Returns the requested tunnel or an error if the tunnel is not found.

func (*Manager) GetTunnelPort

func (m *Manager) GetTunnelPort(
	ctx context.Context, tunnel *Tunnel, port int, options *TunnelRequestOptions,
) (tp *TunnelPort, err error)

func (*Manager) ListClusters added in v0.0.7

func (m *Manager) ListClusters(ctx context.Context) (clusters []*ClusterDetails, err error)

func (*Manager) ListTunnelPorts

func (m *Manager) ListTunnelPorts(
	ctx context.Context, tunnel *Tunnel, options *TunnelRequestOptions,
) (tp []*TunnelPort, err error)

Lists ports on the tunnel.

func (*Manager) ListTunnels

func (m *Manager) ListTunnels(
	ctx context.Context, clusterID string, domain string, options *TunnelRequestOptions,
) (ts []*Tunnel, err error)

Lists tunnels owned by the authenticated user. Returns a list of tunnels or an error if the search fails.

func (*Manager) ListUserLimits added in v0.0.15

func (m *Manager) ListUserLimits(ctx context.Context) (limits []*NamedRateStatus, err error)

Lists user limits. Returns error if the list fails.

func (*Manager) UpdateTunnel

func (m *Manager) UpdateTunnel(ctx context.Context, tunnel *Tunnel, updateFields []string, options *TunnelRequestOptions) (t *Tunnel, err error)

Updates a tunnel's properties, to update a field the field name must be included in updateFields. Returns the updated tunnel or an error if the update fails.

func (*Manager) UpdateTunnelEndpoint

func (m *Manager) UpdateTunnelEndpoint(
	ctx context.Context, tunnel *Tunnel, endpoint *TunnelEndpoint, updateFields []string, options *TunnelRequestOptions,
) (te *TunnelEndpoint, err error)

Updates an endpoint on a tunnel. Returns the updated endpoint or an error if the update fails.

func (*Manager) UpdateTunnelPort

func (m *Manager) UpdateTunnelPort(
	ctx context.Context, tunnel *Tunnel, port *TunnelPort, updateFields []string, options *TunnelRequestOptions,
) (tp *TunnelPort, err error)

Updates a tunnel port. Returns the updated port or an error if the update fails.

type NamedRateStatus added in v0.0.15

type NamedRateStatus struct {
	// The name of the rate status.
	Name string `json:"name"`
}

A named `RateStatus`.

type ProblemDetails

type ProblemDetails struct {
	// Gets or sets the error title.
	Title string `json:"title,omitempty"`

	// Gets or sets the error detail.
	Detail string `json:"detail,omitempty"`

	// Gets or sets additional details about individual request properties.
	Errors map[string][]string `json:"errors,omitempty"`
}

Structure of error details returned by the tunnel service, including validation errors.

This object may be returned with a response status code of 400 (or other 4xx code). It is compatible with RFC 7807 Problem Details (https://tools.ietf.org/html/rfc7807) and https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.mvc.problemdetails but doesn't require adding a dependency on that package.

type RateStatus

type RateStatus struct {
	// Gets or sets the length of each period, in seconds, over which the rate is measured.
	//
	// For rates that are limited by month (or billing period), this value may represent an
	// estimate, since the actual duration may vary by the calendar.
	PeriodSeconds uint32 `json:"periodSeconds,omitempty"`

	// Gets or sets the unix time in seconds when this status will be reset.
	ResetTime int64 `json:"resetTime,omitempty"`

	NamedRateStatus
}

Current value and limit information for a rate-limited operation related to a tunnel or port.

type ResourceStatus

type ResourceStatus struct {
	// Gets or sets the current value.
	Current uint64 `json:"current"`

	// Gets or sets the limit enforced by the service, or null if there is no limit.
	//
	// Any requests that would cause the limit to be exceeded may be denied by the service.
	// For HTTP requests, the response is generally a 403 Forbidden status, with details
	// about the limit in the response body.
	Limit uint64 `json:"limit,omitempty"`

	// Gets or sets an optional source of the `ResourceStatus.Limit`, or null if there is no
	// limit.
	LimitSource string `json:"limitSource,omitempty"`

	RateStatus
}

Current value and limit for a limited resource related to a tunnel or tunnel port.

func (*ResourceStatus) UnmarshalJSON added in v0.0.4

func (rs *ResourceStatus) UnmarshalJSON(data []byte) (err error)

type ServiceVersionDetails

type ServiceVersionDetails struct {
	// Gets or sets the version of the service. E.g. "1.0.6615.53976". The version
	// corresponds to the build number.
	Version string `json:"version"`

	// Gets or sets the commit ID of the service.
	CommitID string `json:"commitId"`

	// Gets or sets the commit date of the service.
	CommitDate string `json:"commitDate"`

	// Gets or sets the cluster ID of the service that handled the request.
	ClusterID string `json:"clusterId"`

	// Gets or sets the Azure location of the service that handled the request.
	AzureLocation string `json:"azureLocation"`
}

Data contract for service version details.

type Tunnel

type Tunnel struct {
	// Gets or sets the ID of the cluster the tunnel was created in.
	ClusterID string `json:"clusterId,omitempty"`

	// Gets or sets the generated ID of the tunnel, unique within the cluster.
	TunnelID string `json:"tunnelId,omitempty"`

	// Gets or sets the optional short name (alias) of the tunnel.
	//
	// The name must be globally unique within the parent domain, and must be a valid
	// subdomain.
	Name string `json:"name,omitempty"`

	// Gets or sets the description of the tunnel.
	Description string `json:"description,omitempty"`

	// Gets or sets the tags of the tunnel.
	Tags []string `json:"tags,omitempty"`

	// Gets or sets the optional parent domain of the tunnel, if it is not using the default
	// parent domain.
	Domain string `json:"domain,omitempty"`

	// Gets or sets a dictionary mapping from scopes to tunnel access tokens.
	AccessTokens map[TunnelAccessScope]string `json:"accessTokens,omitempty"`

	// Gets or sets access control settings for the tunnel.
	//
	// See `TunnelAccessControl` documentation for details about the access control model.
	AccessControl *TunnelAccessControl `json:"accessControl,omitempty"`

	// Gets or sets default options for the tunnel.
	Options *TunnelOptions `json:"options,omitempty"`

	// Gets or sets current connection status of the tunnel.
	Status *TunnelStatus `json:"status,omitempty"`

	// Gets or sets an array of endpoints where hosts are currently accepting client
	// connections to the tunnel.
	Endpoints []TunnelEndpoint `json:"endpoints,omitempty"`

	// Gets or sets a list of ports in the tunnel.
	//
	// This optional property enables getting info about all ports in a tunnel at the same
	// time as getting tunnel info, or creating one or more ports at the same time as
	// creating a tunnel. It is omitted when listing (multiple) tunnels, or when updating
	// tunnel properties. (For the latter, use APIs to create/update/delete individual ports
	// instead.)
	Ports []TunnelPort `json:"ports,omitempty"`

	// Gets or sets the time in UTC of tunnel creation.
	Created *time.Time `json:"created,omitempty"`

	// Gets or the time the tunnel will be deleted if it is not used or updated.
	Expiration *time.Time `json:"expiration,omitempty"`

	// Gets or the custom amount of time the tunnel will be valid if it is not used or
	// updated in seconds.
	CustomExpiration uint32 `json:"customExpiration,omitempty"`
}

Data contract for tunnel objects managed through the tunnel service REST API.

func (*Tunnel) Table

func (t *Tunnel) Table() table.Table

type TunnelAccessControl

type TunnelAccessControl struct {
	// Gets or sets the list of access control entries.
	//
	// The order of entries is significant: later entries override earlier entries that apply
	// to the same subject. However, deny rules are always processed after allow rules,
	// therefore an allow rule cannot override a deny rule for the same subject.
	Entries []TunnelAccessControlEntry `json:"entries"`
}

Data contract for access control on a `Tunnel` or `TunnelPort`.

Tunnels and tunnel ports can each optionally have an access-control property set on them. An access-control object contains a list (ACL) of entries (ACEs) that specify the access scopes granted or denied to some subjects. Tunnel ports inherit the ACL from the tunnel, though ports may include ACEs that augment or override the inherited rules. Currently there is no capability to define "roles" for tunnel access (where a role specifies a set of related access scopes), and assign roles to users. That feature may be added in the future. (It should be represented as a separate `RoleAssignments` property on this class.)

type TunnelAccessControlEntry

type TunnelAccessControlEntry struct {
	// Gets or sets the access control entry type.
	Type TunnelAccessControlEntryType `json:"type"`

	// Gets or sets the provider of the subjects in this access control entry. The provider
	// impacts how the subject identifiers are resolved and displayed. The provider may be an
	// identity provider such as AAD, or a system or standard such as "ssh" or "ipv4".
	//
	// For user, group, or org ACEs, this value is the name of the identity provider of the
	// user/group/org IDs. It may be one of the well-known provider names in
	// `TunnelAccessControlEntry.Providers`, or (in the future) a custom identity provider.
	// For public key ACEs, this value is the type of public key, e.g. "ssh".  For IP address
	// range ACEs, this value is the IP address version, "ipv4" or "ipv6", or "service-tag"
	// if the range is defined by an Azure service tag.  For anonymous ACEs, this value is
	// null.
	Provider string `json:"provider,omitempty"`

	// Gets or sets a value indicating whether this is an access control entry on a tunnel
	// port that is inherited from the tunnel's access control list.
	IsInherited bool `json:"isInherited,omitempty"`

	// Gets or sets a value indicating whether this entry is a deny rule that blocks access
	// to the specified users. Otherwise it is an allow rule.
	//
	// All deny rules (including inherited rules) are processed after all allow rules.
	// Therefore a deny ACE cannot be overridden by an allow ACE that is later in the list or
	// on a more-specific resource. In other words, inherited deny ACEs cannot be overridden.
	IsDeny bool `json:"isDeny,omitempty"`

	// Gets or sets a value indicating whether this entry applies to all subjects that are
	// NOT in the `TunnelAccessControlEntry.Subjects` list.
	//
	// Examples: an inverse organizations ACE applies to all users who are not members of the
	// listed organization(s); an inverse anonymous ACE applies to all authenticated users;
	// an inverse IP address ranges ACE applies to all clients that are not within any of the
	// listed IP address ranges. The inverse option is often useful in policies in
	// combination with `TunnelAccessControlEntry.IsDeny`, for example a policy could deny
	// access to users who are not members of an organization or are outside of an IP address
	// range, effectively blocking any tunnels from allowing outside access (because
	// inherited deny ACEs cannot be overridden).
	IsInverse bool `json:"isInverse,omitempty"`

	// Gets or sets an optional organization context for all subjects of this entry. The use
	// and meaning of this value depends on the `TunnelAccessControlEntry.Type` and
	// `TunnelAccessControlEntry.Provider` of this entry.
	//
	// For AAD users and group ACEs, this value is the AAD tenant ID. It is not currently
	// used with any other types of ACEs.
	Organization string `json:"organization,omitempty"`

	// Gets or sets the subjects for the entry, such as user or group IDs. The format of the
	// values depends on the `TunnelAccessControlEntry.Type` and
	// `TunnelAccessControlEntry.Provider` of this entry.
	Subjects []string `json:"subjects"`

	// Gets or sets the access scopes that this entry grants or denies to the subjects.
	//
	// These must be one or more values from `TunnelAccessScopes`.
	Scopes []string `json:"scopes"`
}

Data contract for an access control entry on a `Tunnel` or `TunnelPort`.

An access control entry (ACE) grants or denies one or more access scopes to one or more subjects. Tunnel ports inherit access control entries from their tunnel, and they may have additional port-specific entries that augment or override those access rules.

type TunnelAccessControlEntryProvider

type TunnelAccessControlEntryProvider string
const (
	// Microsoft (AAD) identity provider.
	TunnelAccessControlEntryProviderMicrosoft TunnelAccessControlEntryProvider = "microsoft"

	// GitHub identity provider.
	TunnelAccessControlEntryProviderGitHub TunnelAccessControlEntryProvider = "github"

	// SSH public keys.
	TunnelAccessControlEntryProviderSsh TunnelAccessControlEntryProvider = "ssh"

	// IPv4 addresses.
	TunnelAccessControlEntryProviderIPv4 TunnelAccessControlEntryProvider = "ipv4"

	// IPv6 addresses.
	TunnelAccessControlEntryProviderIPv6 TunnelAccessControlEntryProvider = "ipv6"

	// Service tags.
	TunnelAccessControlEntryProviderServiceTag TunnelAccessControlEntryProvider = "service-tag"
)

type TunnelAccessControlEntryProviders

type TunnelAccessControlEntryProviders []TunnelAccessControlEntryProvider

Constants for well-known identity providers.

type TunnelAccessControlEntryType

type TunnelAccessControlEntryType string

Specifies the type of `TunnelAccessControlEntry`.

const (
	// Uninitialized access control entry type.
	TunnelAccessControlEntryTypeNone TunnelAccessControlEntryType = "None"

	// The access control entry refers to all anonymous users.
	TunnelAccessControlEntryTypeAnonymous TunnelAccessControlEntryType = "Anonymous"

	// The access control entry is a list of user IDs that are allowed (or denied) access.
	TunnelAccessControlEntryTypeUsers TunnelAccessControlEntryType = "Users"

	// The access control entry is a list of groups IDs that are allowed (or denied) access.
	TunnelAccessControlEntryTypeGroups TunnelAccessControlEntryType = "Groups"

	// The access control entry is a list of organization IDs that are allowed (or denied)
	// access.
	//
	// All users in the organizations are allowed (or denied) access, unless overridden by
	// following group or user rules.
	TunnelAccessControlEntryTypeOrganizations TunnelAccessControlEntryType = "Organizations"

	// The access control entry is a list of repositories. Users are allowed access to the
	// tunnel if they have access to the repo.
	TunnelAccessControlEntryTypeRepositories TunnelAccessControlEntryType = "Repositories"

	// The access control entry is a list of public keys. Users are allowed access if they
	// can authenticate using a private key corresponding to one of the public keys.
	TunnelAccessControlEntryTypePublicKeys TunnelAccessControlEntryType = "PublicKeys"

	// The access control entry is a list of IP address ranges that are allowed (or denied)
	// access to the tunnel. Ranges can be IPv4, IPv6, or Azure service tags.
	TunnelAccessControlEntryTypeIPAddressRanges TunnelAccessControlEntryType = "IPAddressRanges"
)

type TunnelAccessScope

type TunnelAccessScope string
const (
	// Allows creating tunnels. This scope is valid only in policies at the global, domain,
	// or organization level; it is not relevant to an already-created tunnel or tunnel port.
	// (Creation of ports requires "manage" or "host" access to the tunnel.)
	TunnelAccessScopeCreate TunnelAccessScope = "create"

	// Allows management operations on tunnels and tunnel ports.
	TunnelAccessScopeManage TunnelAccessScope = "manage"

	// Allows management operations on all ports of a tunnel, but does not allow updating any
	// other tunnel properties or deleting the tunnel.
	TunnelAccessScopeManagePorts TunnelAccessScope = "manage:ports"

	// Allows accepting connections on tunnels as a host. Includes access to update tunnel
	// endpoints and ports.
	TunnelAccessScopeHost TunnelAccessScope = "host"

	// Allows inspecting tunnel connection activity and data.
	TunnelAccessScopeInspect TunnelAccessScope = "inspect"

	// Allows connecting to tunnels or ports as a client.
	TunnelAccessScopeConnect TunnelAccessScope = "connect"
)

type TunnelAccessScopes

type TunnelAccessScopes []TunnelAccessScope

Defines scopes for tunnel access tokens.

A tunnel access token with one or more of these scopes typically also has cluster ID and tunnel ID claims that limit the access scope to a specific tunnel, and may also have one or more port claims that further limit the access to particular ports of the tunnel.

type TunnelAccessSubject

type TunnelAccessSubject struct {
	// Gets or sets the type of subject, e.g. user, group, or organization.
	Type TunnelAccessControlEntryType `json:"type"`

	// Gets or sets the subject ID.
	//
	// The ID is typically a guid or integer that is unique within the scope of the identity
	// provider or organization, and never changes for that subject.
	ID string `json:"id,omitempty"`

	// Gets or sets the subject organization ID, which may be required if an organization is
	// not implied by the authentication context.
	OrganizationID string `json:"organizationId,omitempty"`

	// Gets or sets the partial or full subject name.
	//
	// When resolving a subject name to ID, a partial name may be provided, and the full name
	// is returned if the partial name was successfully resolved. When formatting a subject
	// ID to name, the full name is returned if the ID was found.
	Name string `json:"name,omitempty"`

	// Gets or sets an array of possible subject matches, if a partial name was provided and
	// did not resolve to a single subject.
	//
	// This property applies only when resolving subject names to IDs.
	Matches []TunnelAccessSubject `json:"matches,omitempty"`
}

Properties about a subject of a tunnel access control entry (ACE), used when resolving subject names to IDs when creating new ACEs, or formatting subject IDs to names when displaying existing ACEs.

type TunnelAuthenticationScheme

type TunnelAuthenticationScheme string
const (
	// Authentication scheme for AAD (or Microsoft account) access tokens.
	TunnelAuthenticationSchemeAad TunnelAuthenticationScheme = "aad"

	// Authentication scheme for GitHub access tokens.
	TunnelAuthenticationSchemeGitHub TunnelAuthenticationScheme = "github"

	// Authentication scheme for tunnel access tokens.
	TunnelAuthenticationSchemeTunnel TunnelAuthenticationScheme = "tunnel"

	// Authentication scheme for tunnelPlan access tokens.
	TunnelAuthenticationSchemeTunnelPlan TunnelAuthenticationScheme = "tunnelplan"
)

type TunnelAuthenticationSchemes

type TunnelAuthenticationSchemes []TunnelAuthenticationScheme

Defines string constants for authentication schemes supported by tunnel service APIs.

type TunnelConnectionMode

type TunnelConnectionMode string

Specifies the connection protocol / implementation for a tunnel.

Depending on the connection mode, hosts or clients might need to use different authentication and connection protocols.

const (
	// Connect directly to the host over the local network.
	//
	// While it's technically not "tunneling", this mode may be combined with others to
	// enable choosing the most efficient connection mode available.
	TunnelConnectionModeLocalNetwork TunnelConnectionMode = "LocalNetwork"

	// Use the tunnel service's integrated relay function.
	TunnelConnectionModeTunnelRelay TunnelConnectionMode = "TunnelRelay"
)

type TunnelEndpoint

type TunnelEndpoint struct {
	// Gets or sets the ID of this endpoint.
	ID string `json:"id"`

	// Gets or sets the connection mode of the endpoint.
	//
	// This property is required when creating or updating an endpoint.  The subclass type is
	// also an indication of the connection mode, but this property is necessary to determine
	// the subclass type when deserializing.
	ConnectionMode TunnelConnectionMode `json:"connectionMode"`

	// Gets or sets the ID of the host that is listening on this endpoint.
	//
	// This property is required when creating or updating an endpoint.  If the host supports
	// multiple connection modes, the host's ID is the same for all the endpoints it
	// supports. However different hosts may simultaneously accept connections at different
	// endpoints for the same tunnel, if enabled in tunnel options.
	HostID string `json:"hostId"`

	// Gets or sets an array of public keys, which can be used by clients to authenticate the
	// host.
	HostPublicKeys []string `json:"hostPublicKeys,omitempty"`

	// Gets or sets a string used to format URIs where a web client can connect to ports of
	// the tunnel. The string includes a `TunnelEndpoint.PortToken` that must be replaced
	// with the actual port number.
	PortURIFormat string `json:"portUriFormat,omitempty"`

	// Gets or sets the URI where a web client can connect to the default port of the tunnel.
	TunnelURI string `json:"tunnelUri,omitempty"`

	// Gets or sets a string used to format ssh command where ssh client can connect to
	// shared ssh port of the tunnel. The string includes a `TunnelEndpoint.PortToken` that
	// must be replaced with the actual port number.
	PortSshCommandFormat string `json:"portSshCommandFormat,omitempty"`

	// Gets or sets the Ssh command where the Ssh client can connect to the default ssh port
	// of the tunnel.
	TunnelSshCommand string `json:"tunnelSshCommand,omitempty"`

	// Gets or sets the Ssh gateway public key which should be added to the authorized_keys
	// file so that tunnel service can connect to the shared ssh server.
	SshGatewayPublicKey string `json:"sshGatewayPublicKey,omitempty"`

	LocalNetworkTunnelEndpoint
	TunnelRelayTunnelEndpoint
}

Base class for tunnel connection parameters.

A tunnel endpoint specifies how and where hosts and clients can connect to a tunnel. There is a subclass for each connection mode, each having different connection parameters. A tunnel may have multiple endpoints for one host (or multiple hosts), and clients can select their preferred endpoint(s) from those depending on network environment or client capabilities.

type TunnelHeaderName

type TunnelHeaderName string
const (
	// Additional authorization header that can be passed to tunnel web forwarding to
	// authenticate and authorize the client. The format of the value is the same as
	// Authorization header that is sent to the Tunnel service by the tunnel SDK. Supported
	// schemes: "tunnel" with the tunnel access JWT good for 'Connect' scope.
	TunnelHeaderNameXTunnelAuthorization TunnelHeaderName = "X-Tunnel-Authorization"

	// Request ID header that nginx ingress controller adds to all requests if it's not
	// there.
	TunnelHeaderNameXRequestID TunnelHeaderName = "X-Request-ID"

	// Github Ssh public key which can be used to validate if it belongs to tunnel's owner.
	TunnelHeaderNameXGithubSshKey TunnelHeaderName = "X-Github-Ssh-Key"

	// Header that will skip the antiphishing page when connection to a tunnel through web
	// forwarding.
	TunnelHeaderNameXTunnelSkipAntiPhishingPage TunnelHeaderName = "X-Tunnel-Skip-AntiPhishing-Page"
)

type TunnelHeaderNames

type TunnelHeaderNames []TunnelHeaderName

Header names for http requests that Tunnel Service can handle

type TunnelListByRegion added in v0.0.21

type TunnelListByRegion struct {
	// Azure region name.
	RegionName string `json:"regionName,omitempty"`

	// Cluster id in the region.
	ClusterID string `json:"clusterId,omitempty"`

	// List of tunnels.
	Value []Tunnel `json:"value,omitempty"`

	// Error detail if getting list of tunnels in the region failed.
	Error *ErrorDetail `json:"error,omitempty"`
}

Tunnel list by region.

type TunnelListByRegionResponse added in v0.0.21

type TunnelListByRegionResponse struct {
	// List of tunnels
	Value []TunnelListByRegion `json:"value,omitempty"`

	// Link to get next page of results.
	NextLink string `json:"nextLink,omitempty"`
}

Data contract for response of a list tunnel by region call.

type TunnelListResponse added in v0.0.21

type TunnelListResponse struct {
	// List of tunnels
	Value []TunnelV2 `json:"value,omitempty"`

	// Link to get next page of results
	NextLink string `json:"nextLink,omitempty"`
}

Data contract for response of a list tunnel call.

type TunnelOptions

type TunnelOptions struct {
	// Gets or sets a value indicating whether web-forwarding of this tunnel can run on any
	// cluster (region) without redirecting to the home cluster. This is only applicable if
	// the tunnel has a name and web-forwarding uses it.
	IsGloballyAvailable bool `json:"isGloballyAvailable,omitempty"`

	// Gets or sets a value for `Host` header rewriting to use in web-forwarding of this
	// tunnel or port. By default, with this property null or empty, web-forwarding uses
	// "localhost" to rewrite the header. Web-fowarding will use this property instead if it
	// is not null or empty. Port-level option, if set, takes precedence over this option on
	// the tunnel level. The option is ignored if IsHostHeaderUnchanged is true.
	HostHeader string `json:"hostHeader,omitempty"`

	// Gets or sets a value indicating whether `Host` header is rewritten or the header value
	// stays intact. By default, if false, web-forwarding rewrites the host header with the
	// value from HostHeader property or "localhost". If true, the host header will be
	// whatever the tunnel's web-forwarding host is, e.g. tunnel-name-8080.devtunnels.ms.
	// Port-level option, if set, takes precedence over this option on the tunnel level.
	IsHostHeaderUnchanged bool `json:"isHostHeaderUnchanged,omitempty"`

	// Gets or sets a value for `Origin` header rewriting to use in web-forwarding of this
	// tunnel or port. By default, with this property null or empty, web-forwarding uses
	// "http(s)://localhost" to rewrite the header. Web-fowarding will use this property
	// instead if it is not null or empty. Port-level option, if set, takes precedence over
	// this option on the tunnel level. The option is ignored if IsOriginHeaderUnchanged is
	// true.
	OriginHeader string `json:"originHeader,omitempty"`

	// Gets or sets a value indicating whether `Origin` header is rewritten or the header
	// value stays intact. By default, if false, web-forwarding rewrites the origin header
	// with the value from OriginHeader property or  "http(s)://localhost". If true, the
	// Origin header will be whatever the tunnel's web-forwarding Origin is, e.g.
	// https://tunnel-name-8080.devtunnels.ms. Port-level option, if set, takes precedence
	// over this option on the tunnel level.
	IsOriginHeaderUnchanged bool `json:"isOriginHeaderUnchanged,omitempty"`

	// Gets or sets if inspection is enabled for the tunnel.
	IsInspectionEnabled bool `json:"isInspectionEnabled,omitempty"`
}

Data contract for `Tunnel` or `TunnelPort` options.

type TunnelPort

type TunnelPort struct {
	// Gets or sets the ID of the cluster the tunnel was created in.
	ClusterID string `json:"clusterId,omitempty"`

	// Gets or sets the generated ID of the tunnel, unique within the cluster.
	TunnelID string `json:"tunnelId,omitempty"`

	// Gets or sets the IP port number of the tunnel port.
	PortNumber uint16 `json:"portNumber"`

	// Gets or sets the optional short name of the port.
	//
	// The name must be unique among named ports of the same tunnel.
	Name string `json:"name,omitempty"`

	// Gets or sets the optional description of the port.
	Description string `json:"description,omitempty"`

	// Gets or sets the tags of the port.
	Tags []string `json:"tags,omitempty"`

	// Gets or sets the protocol of the tunnel port.
	//
	// Should be one of the string constants from `TunnelProtocol`.
	Protocol string `json:"protocol,omitempty"`

	// Gets or sets a value indicating whether this port is a default port for the tunnel.
	//
	// A client that connects to a tunnel (by ID or name) without specifying a port number
	// will connect to the default port for the tunnel, if a default is configured. Or if the
	// tunnel has only one port then the single port is the implicit default.
	//
	// Selection of a default port for a connection also depends on matching the connection
	// to the port `TunnelPort.Protocol`, so it is possible to configure separate defaults
	// for distinct protocols like `TunnelProtocol.Http` and `TunnelProtocol.Ssh`.
	IsDefault bool `json:"isDefault,omitempty"`

	// Gets or sets a dictionary mapping from scopes to tunnel access tokens.
	//
	// Unlike the tokens in `Tunnel.AccessTokens`, these tokens are restricted to the
	// individual port.
	AccessTokens map[TunnelAccessScope]string `json:"accessTokens,omitempty"`

	// Gets or sets access control settings for the tunnel port.
	//
	// See `TunnelAccessControl` documentation for details about the access control model.
	AccessControl *TunnelAccessControl `json:"accessControl,omitempty"`

	// Gets or sets options for the tunnel port.
	Options *TunnelOptions `json:"options,omitempty"`

	// Gets or sets current connection status of the tunnel port.
	Status *TunnelPortStatus `json:"status,omitempty"`

	// Gets or sets the username for the ssh service user is trying to forward.
	//
	// Should be provided if the `TunnelProtocol` is Ssh.
	SshUser string `json:"sshUser,omitempty"`

	// Gets or sets web forwarding URIs. If set, it's a list of absolute URIs where the port
	// can be accessed with web forwarding.
	PortForwardingURIs []string `json:"portForwardingUris"`

	// Gets or sets inspection URI. If set, it's an absolute URIs where the port's traffic
	// can be inspected.
	InspectionURI string `json:"inspectionUri"`
}

Data contract for tunnel port objects managed through the tunnel service REST API.

func NewTunnelPort

func NewTunnelPort(portNumber uint16, clusterId string, tunnelId string, protocol TunnelProtocol) *TunnelPort

func (*TunnelPort) Table

func (tp *TunnelPort) Table() table.Table

type TunnelPortListResponse added in v0.0.21

type TunnelPortListResponse struct {
	// List of tunnels
	Value []TunnelPortV2 `json:"value,omitempty"`

	// Link to get next page of results
	NextLink string `json:"nextLink,omitempty"`
}

Data contract for response of a list tunnel ports call.

type TunnelPortStatus

type TunnelPortStatus struct {
	// Gets or sets the current value and limit for the number of clients connected to the
	// port.
	//
	// This client connection count does not include non-port-specific connections such as
	// SDK and SSH clients. See `TunnelStatus.ClientConnectionCount` for status of those
	// connections.  This count also does not include HTTP client connections, unless they
	// are upgraded to websockets. HTTP connections are counted per-request rather than
	// per-connection: see `TunnelPortStatus.HttpRequestRate`.
	ClientConnectionCount *ResourceStatus `json:"clientConnectionCount,omitempty"`

	// Gets or sets the UTC date time when a client was last connected to the port, or null
	// if a client has never connected.
	LastClientConnectionTime *time.Time `json:"lastClientConnectionTime,omitempty"`

	// Gets or sets the current value and limit for the rate of client connections to the
	// tunnel port.
	//
	// This client connection rate does not count non-port-specific connections such as SDK
	// and SSH clients. See `TunnelStatus.ClientConnectionRate` for those connection types.
	// This also does not include HTTP connections, unless they are upgraded to websockets.
	// HTTP connections are counted per-request rather than per-connection: see
	// `TunnelPortStatus.HttpRequestRate`.
	ClientConnectionRate *RateStatus `json:"clientConnectionRate,omitempty"`

	// Gets or sets the current value and limit for the rate of HTTP requests to the tunnel
	// port.
	HttpRequestRate *RateStatus `json:"httpRequestRate,omitempty"`
}

Data contract for `TunnelPort` status.

type TunnelPortV2 added in v0.0.16

type TunnelPortV2 struct {
	// Gets or sets the ID of the cluster the tunnel was created in.
	ClusterID string `json:"clusterId,omitempty"`

	// Gets or sets the generated ID of the tunnel, unique within the cluster.
	TunnelID string `json:"tunnelId,omitempty"`

	// Gets or sets the IP port number of the tunnel port.
	PortNumber uint16 `json:"portNumber"`

	// Gets or sets the optional short name of the port.
	//
	// The name must be unique among named ports of the same tunnel.
	Name string `json:"name,omitempty"`

	// Gets or sets the optional description of the port.
	Description string `json:"description,omitempty"`

	// Gets or sets the tags of the port.
	Labels []string `json:"labels,omitempty"`

	// Gets or sets the protocol of the tunnel port.
	//
	// Should be one of the string constants from `TunnelProtocol`.
	Protocol string `json:"protocol,omitempty"`

	// Gets or sets a value indicating whether this port is a default port for the tunnel.
	//
	// A client that connects to a tunnel (by ID or name) without specifying a port number
	// will connect to the default port for the tunnel, if a default is configured. Or if the
	// tunnel has only one port then the single port is the implicit default.
	//
	// Selection of a default port for a connection also depends on matching the connection
	// to the port `TunnelPortV2.Protocol`, so it is possible to configure separate defaults
	// for distinct protocols like `TunnelProtocol.Http` and `TunnelProtocol.Ssh`.
	IsDefault bool `json:"isDefault,omitempty"`

	// Gets or sets a dictionary mapping from scopes to tunnel access tokens.
	//
	// Unlike the tokens in `Tunnel.AccessTokens`, these tokens are restricted to the
	// individual port.
	AccessTokens map[TunnelAccessScope]string `json:"accessTokens,omitempty"`

	// Gets or sets access control settings for the tunnel port.
	//
	// See `TunnelAccessControl` documentation for details about the access control model.
	AccessControl *TunnelAccessControl `json:"accessControl,omitempty"`

	// Gets or sets options for the tunnel port.
	Options *TunnelOptions `json:"options,omitempty"`

	// Gets or sets current connection status of the tunnel port.
	Status *TunnelPortStatus `json:"status,omitempty"`

	// Gets or sets the username for the ssh service user is trying to forward.
	//
	// Should be provided if the `TunnelProtocol` is Ssh.
	SshUser string `json:"sshUser,omitempty"`

	// Gets or sets web forwarding URIs. If set, it's a list of absolute URIs where the port
	// can be accessed with web forwarding.
	PortForwardingURIs []string `json:"portForwardingUris"`

	// Gets or sets inspection URI. If set, it's an absolute URIs where the port's traffic
	// can be inspected.
	InspectionURI string `json:"inspectionUri"`
}

Data contract for tunnel port objects managed through the tunnel service REST API.

type TunnelProtocol

type TunnelProtocol string

Defines possible values for the protocol of a `TunnelPort`.

const (
	// The protocol is automatically detected. (TODO: Define detection semantics.)
	TunnelProtocolAuto TunnelProtocol = "auto"

	// Unknown TCP protocol.
	TunnelProtocolTcp TunnelProtocol = "tcp"

	// Unknown UDP protocol.
	TunnelProtocolUdp TunnelProtocol = "udp"

	// SSH protocol.
	TunnelProtocolSsh TunnelProtocol = "ssh"

	// Remote desktop protocol.
	TunnelProtocolRdp TunnelProtocol = "rdp"

	// HTTP protocol.
	TunnelProtocolHttp TunnelProtocol = "http"

	// HTTPS protocol.
	TunnelProtocolHttps TunnelProtocol = "https"
)

type TunnelRelayTunnelEndpoint

type TunnelRelayTunnelEndpoint struct {
	// Gets or sets the host URI.
	HostRelayURI string `json:"hostRelayUri,omitempty"`

	// Gets or sets the client URI.
	ClientRelayURI string `json:"clientRelayUri,omitempty"`
}

Parameters for connecting to a tunnel via the tunnel service's built-in relay function.

type TunnelRequestOptions

type TunnelRequestOptions struct {
	// Token used for authentication for service.
	AccessToken string

	// Additional headers to be included in the request.
	AdditionalHeaders map[string]string

	// Additional qurey parameters to be included in the request.
	AdditionalQueryParameters map[string]string

	// Indicates whether HTTP redirect responses will be automatically followed.
	FollowRedirects bool

	// Flag that requests tunnel ports when retrieving a tunnel object.
	IncludePorts bool

	// Flag that requests tunnel access control details when listing or searching tunnels.
	IncludeAccessControl bool

	// Optional list of tags to filter the requested tunnels or ports.
	// By default, an item is included if ANY tag matches; set `requireAllTags` to match
	// ALL tags instead.
	Tags []string

	// Flag that indicates whether listed items must match all tags specified in `tags`.
	// If false, an item is included if any tag matches.
	RequireAllTags bool

	// List of token scopes that are requested when retrieving a tunnel or tunnel port object.
	TokenScopes TunnelAccessScopes

	// If there is another tunnel with the name requested in updateTunnel, try to acquire the name from the other tunnel.
	ForceRename bool

	// Limits the number of tunnels returned when searching or listing tunnels.
	Limit uint
}

Options that are sent in requests to the tunnels service.

type TunnelServiceProperties

type TunnelServiceProperties struct {
	// Gets the base URI of the service.
	ServiceURI string `json:"serviceUri"`

	// Gets the public AAD AppId for the service.
	//
	// Clients specify this AppId as the audience property when authenticating to the
	// service.
	ServiceAppID string `json:"serviceAppId"`

	// Gets the internal AAD AppId for the service.
	//
	// Other internal services specify this AppId as the audience property when
	// authenticating to the tunnel service. Production services must be in the AME tenant to
	// use this appid.
	ServiceInternalAppID string `json:"serviceInternalAppId"`

	// Gets the client ID for the service's GitHub app.
	//
	// Clients apps that authenticate tunnel users with GitHub specify this as the client ID
	// when requesting a user token.
	GitHubAppClientID string `json:"gitHubAppClientId"`
}

Provides environment-dependent properties about the service.

type TunnelStatus

type TunnelStatus struct {
	// Gets or sets the current value and limit for the number of ports on the tunnel.
	PortCount *ResourceStatus `json:"portCount,omitempty"`

	// Gets or sets the current value and limit for the number of hosts currently accepting
	// connections to the tunnel.
	//
	// This is typically 0 or 1, but may be more than 1 if the tunnel options allow multiple
	// hosts.
	HostConnectionCount *ResourceStatus `json:"hostConnectionCount,omitempty"`

	// Gets or sets the UTC time when a host was last accepting connections to the tunnel, or
	// null if a host has never connected.
	LastHostConnectionTime *time.Time `json:"lastHostConnectionTime,omitempty"`

	// Gets or sets the current value and limit for the number of clients connected to the
	// tunnel.
	//
	// This counts non-port-specific client connections, which is SDK and SSH clients. See
	// `TunnelPortStatus` for status of per-port client connections.
	ClientConnectionCount *ResourceStatus `json:"clientConnectionCount,omitempty"`

	// Gets or sets the UTC time when a client last connected to the tunnel, or null if a
	// client has never connected.
	//
	// This reports times for non-port-specific client connections, which is SDK client and
	// SSH clients. See `TunnelPortStatus` for per-port client connections.
	LastClientConnectionTime *time.Time `json:"lastClientConnectionTime,omitempty"`

	// Gets or sets the current value and limit for the rate of client connections to the
	// tunnel.
	//
	// This counts non-port-specific client connections, which is SDK client and SSH clients.
	// See `TunnelPortStatus` for status of per-port client connections.
	ClientConnectionRate *RateStatus `json:"clientConnectionRate,omitempty"`

	// Gets or sets the current value and limit for the rate of bytes being received by the
	// tunnel host and uploaded by tunnel clients.
	//
	// All types of tunnel and port connections, from potentially multiple clients, can
	// contribute to this rate. The reported rate may differ slightly from the rate
	// measurable by applications, due to protocol overhead. Data rate status reporting is
	// delayed by a few seconds, so this value is a snapshot of the data transfer rate from a
	// few seconds earlier.
	UploadRate *RateStatus `json:"uploadRate,omitempty"`

	// Gets or sets the current value and limit for the rate of bytes being sent by the
	// tunnel host and downloaded by tunnel clients.
	//
	// All types of tunnel and port connections, from potentially multiple clients, can
	// contribute to this rate. The reported rate may differ slightly from the rate
	// measurable by applications, due to protocol overhead. Data rate status reporting is
	// delayed by a few seconds, so this value is a snapshot of the data transfer rate from a
	// few seconds earlier.
	DownloadRate *RateStatus `json:"downloadRate,omitempty"`

	// Gets or sets the total number of bytes received by the tunnel host and uploaded by
	// tunnel clients, over the lifetime of the tunnel.
	//
	// All types of tunnel and port connections, from potentially multiple clients, can
	// contribute to this total. The reported value may differ slightly from the value
	// measurable by applications, due to protocol overhead. Data transfer status reporting
	// is delayed by a few seconds.
	UploadTotal uint64 `json:"uploadTotal,omitempty"`

	// Gets or sets the total number of bytes sent by the tunnel host and downloaded by
	// tunnel clients, over the lifetime of the tunnel.
	//
	// All types of tunnel and port connections, from potentially multiple clients, can
	// contribute to this total. The reported value may differ slightly from the value
	// measurable by applications, due to protocol overhead. Data transfer status reporting
	// is delayed by a few seconds.
	DownloadTotal uint64 `json:"downloadTotal,omitempty"`

	// Gets or sets the current value and limit for the rate of management API read
	// operations  for the tunnel or tunnel ports.
	ApiReadRate *RateStatus `json:"apiReadRate,omitempty"`

	// Gets or sets the current value and limit for the rate of management API update
	// operations for the tunnel or tunnel ports.
	ApiUpdateRate *RateStatus `json:"apiUpdateRate,omitempty"`
}

Data contract for `Tunnel` status.

type TunnelV2 added in v0.0.16

type TunnelV2 struct {
	// Gets or sets the ID of the cluster the tunnel was created in.
	ClusterID string `json:"clusterId,omitempty"`

	// Gets or sets the generated ID of the tunnel, unique within the cluster.
	TunnelID string `json:"tunnelId,omitempty"`

	// Gets or sets the optional short name (alias) of the tunnel.
	//
	// The name must be globally unique within the parent domain, and must be a valid
	// subdomain.
	Name string `json:"name,omitempty"`

	// Gets or sets the description of the tunnel.
	Description string `json:"description,omitempty"`

	// Gets or sets the tags of the tunnel.
	Labels []string `json:"labels,omitempty"`

	// Gets or sets the optional parent domain of the tunnel, if it is not using the default
	// parent domain.
	Domain string `json:"domain,omitempty"`

	// Gets or sets a dictionary mapping from scopes to tunnel access tokens.
	AccessTokens map[TunnelAccessScope]string `json:"accessTokens,omitempty"`

	// Gets or sets access control settings for the tunnel.
	//
	// See `TunnelAccessControl` documentation for details about the access control model.
	AccessControl *TunnelAccessControl `json:"accessControl,omitempty"`

	// Gets or sets default options for the tunnel.
	Options *TunnelOptions `json:"options,omitempty"`

	// Gets or sets current connection status of the tunnel.
	Status *TunnelStatus `json:"status,omitempty"`

	// Gets or sets an array of endpoints where hosts are currently accepting client
	// connections to the tunnel.
	Endpoints []TunnelEndpoint `json:"endpoints,omitempty"`

	// Gets or sets a list of ports in the tunnel.
	//
	// This optional property enables getting info about all ports in a tunnel at the same
	// time as getting tunnel info, or creating one or more ports at the same time as
	// creating a tunnel. It is omitted when listing (multiple) tunnels, or when updating
	// tunnel properties. (For the latter, use APIs to create/update/delete individual ports
	// instead.)
	Ports []TunnelPortV2 `json:"ports,omitempty"`

	// Gets or sets the time in UTC of tunnel creation.
	Created *time.Time `json:"created,omitempty"`

	// Gets or the time the tunnel will be deleted if it is not used or updated.
	Expiration *time.Time `json:"expiration,omitempty"`

	// Gets or the custom amount of time the tunnel will be valid if it is not used or
	// updated in seconds.
	CustomExpiration uint32 `json:"customExpiration,omitempty"`
}

Data contract for tunnel objects managed through the tunnel service REST API.

type UserAgent

type UserAgent struct {
	Name    string
	Version string
}

UserAgent contains the name and version of the client.

Directories

Path Synopsis
ssh

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL