Documentation ¶
Index ¶
- Constants
- Variables
- type Client
- func (c *Client) Close() error
- func (c *Client) Connect(ctx context.Context, hostID string) error
- func (c *Client) ConnectToForwardedPort(ctx context.Context, listenerIn *net.Listener, port uint16) (io.ReadWriteCloser, chan error)
- func (c *Client) RefreshPorts(ctx context.Context) error
- func (c *Client) WaitForForwardedPort(ctx context.Context, port uint16) error
- type ClusterDetails
- type LocalNetworkTunnelEndpoint
- type Manager
- func (m *Manager) CreateTunnel(ctx context.Context, tunnel *Tunnel, options *TunnelRequestOptions) (t *Tunnel, err error)
- func (m *Manager) CreateTunnelPort(ctx context.Context, tunnel *Tunnel, port *TunnelPort, ...) (tp *TunnelPort, err error)
- func (m *Manager) DeleteTunnel(ctx context.Context, tunnel *Tunnel, options *TunnelRequestOptions) error
- func (m *Manager) DeleteTunnelEndpoints(ctx context.Context, tunnel *Tunnel, hostID string, ...) error
- func (m *Manager) DeleteTunnelPort(ctx context.Context, tunnel *Tunnel, port uint16, ...) error
- func (m *Manager) GetTunnel(ctx context.Context, tunnel *Tunnel, options *TunnelRequestOptions) (t *Tunnel, err error)
- func (m *Manager) GetTunnelPort(ctx context.Context, tunnel *Tunnel, port int, options *TunnelRequestOptions) (tp *TunnelPort, err error)
- func (m *Manager) ListClusters(ctx context.Context) (clusters []*ClusterDetails, err error)
- func (m *Manager) ListTunnelPorts(ctx context.Context, tunnel *Tunnel, options *TunnelRequestOptions) (tp []*TunnelPort, err error)
- func (m *Manager) ListTunnels(ctx context.Context, clusterID string, domain string, ...) (ts []*Tunnel, err error)
- func (m *Manager) UpdateTunnel(ctx context.Context, tunnel *Tunnel, updateFields []string, ...) (t *Tunnel, err error)
- func (m *Manager) UpdateTunnelEndpoint(ctx context.Context, tunnel *Tunnel, endpoint *TunnelEndpoint, ...) (te *TunnelEndpoint, err error)
- func (m *Manager) UpdateTunnelPort(ctx context.Context, tunnel *Tunnel, port *TunnelPort, updateFields []string, ...) (tp *TunnelPort, err error)
- type ProblemDetails
- type RateStatus
- type ResourceStatus
- type ServiceVersionDetails
- type Tunnel
- type TunnelAccessControl
- type TunnelAccessControlEntry
- type TunnelAccessControlEntryProvider
- type TunnelAccessControlEntryProviders
- type TunnelAccessControlEntryType
- type TunnelAccessScope
- type TunnelAccessScopes
- type TunnelAccessSubject
- type TunnelAuthenticationScheme
- type TunnelAuthenticationSchemes
- type TunnelConnectionMode
- type TunnelEndpoint
- type TunnelHeaderName
- type TunnelHeaderNames
- type TunnelOptions
- type TunnelPort
- type TunnelPortStatus
- type TunnelProtocol
- type TunnelRelayTunnelEndpoint
- type TunnelRequestOptions
- type TunnelServiceProperties
- type TunnelStatus
- type UserAgent
Constants ¶
const ( // Min length of tunnel cluster ID. TunnelConstraintsClusterIDMinLength = 3 // Max length of tunnel cluster ID. TunnelConstraintsClusterIDMaxLength = 12 // Characters that are valid in tunnel id. Vowels and 'y' are excluded to avoid // accidentally generating any random words. TunnelConstraintsTunnelIDChars = "0123456789bcdfghjklmnpqrstvwxz" // Length of tunnel id. TunnelConstraintsTunnelIDLength = 8 // Min length of tunnel name. TunnelConstraintsTunnelNameMinLength = 3 // Max length of tunnel name. TunnelConstraintsTunnelNameMaxLength = 60 )
const PackageVersion = "0.0.6"
Variables ¶
var ( // ErrNoTunnel is returned when no tunnel is provided. ErrNoTunnel = errors.New("tunnel cannot be nil") // ErrNoTunnelEndpoints is returned when no tunnel endpoints are provided. ErrNoTunnelEndpoints = errors.New("tunnel endpoints cannot be nil or empty") // ErrNoConnections is returned when no tunnel endpoints are provided for the given host ID. ErrNoConnections = errors.New("the specified host is not currently accepting connections to the tunnel") // ErrMultipleHosts is returned when multiple tunnel endpoints for different hosts are provided. ErrMultipleHosts = errors.New("there are multiple hosts for the tunnel, specify the host ID to connect to") // ErrNoRelayConnections is returned when no relay connections are available. ErrNoRelayConnections = errors.New("the host is not currently accepting tunnel relay connections") // ErrSSHConnectionClosed is returned when the ssh connection is closed. ErrSSHConnectionClosed = errors.New("the ssh connection is closed") // ErrPortNotForwarded is returned when the specified port is not forwarded. ErrPortNotForwarded = errors.New("the port is not forwarded") )
var ( // A regular expression that can match or validate tunnel cluster ID strings. // // Cluster IDs are alphanumeric; hyphens are not permitted. TunnelConstraintsClusterIDRegex = regexp.MustCompile( "[a-z][a-z0-9]{" + strconv.Itoa(TunnelConstraintsClusterIDMinLength-1) + "," + strconv.Itoa(TunnelConstraintsClusterIDMaxLength-1) + "}") // A regular expression that can match or validate tunnel ID strings. // // Tunnel IDs are fixed-length and have a limited character set of numbers and some // lowercase letters (minus vowels). TunnelConstraintsTunnelIDRegex = regexp.MustCompile( "[" + strings.Replace(TunnelConstraintsTunnelIDChars, "0123456789", "0-9", -1) + "]{" + strconv.Itoa(TunnelConstraintsTunnelIDLength) + "}") // A regular expression that can match or validate tunnel names. // // Tunnel names are alphanumeric and may contain hyphens. TunnelConstraintsTunnelNameRegex = regexp.MustCompile( "[a-z0-9][a-z0-9-]{" + strconv.Itoa(TunnelConstraintsTunnelNameMinLength-2) + "," + strconv.Itoa(TunnelConstraintsTunnelNameMaxLength-2) + "}[a-z0-9]") // A regular expression that can match or validate tunnel names. TunnelConstraintsTunnelTagRegex = regexp.MustCompile(`^[\w-=]+$`) )
var DevServiceProperties = TunnelServiceProperties{ ServiceURI: fmt.Sprintf("https://%s/", devDnsName), ServiceAppID: nonProdFirstPartyAppID, ServiceInternalAppID: devThirdPartyAppID, GitHubAppClientID: nonProdGitHubAppClientID, }
var PortToken = "{port}"
Token included in `TunnelEndpoint.PortUriFormat` and `TunnelEndpoint.PortSshCommandFormat` that is to be replaced by a specified port number.
var PpeServiceProperties = TunnelServiceProperties{ ServiceURI: fmt.Sprintf("https://%s/", ppeDnsName), ServiceAppID: nonProdFirstPartyAppID, ServiceInternalAppID: ppeThirdPartyAppID, GitHubAppClientID: nonProdGitHubAppClientID, }
var ServiceProperties = TunnelServiceProperties{ ServiceURI: fmt.Sprintf("https://%s/", prodDnsName), ServiceAppID: prodFirstPartyAppID, ServiceInternalAppID: prodThirdPartyAppID, GitHubAppClientID: prodGitHubAppClientID, }
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is a client for a tunnel. It is used to connect to a tunnel.
func NewClient ¶
func NewClient(logger *log.Logger, tunnel *Tunnel, acceptLocalConnectionsForForwardedPorts bool) (*Client, error)
Connect connects to a tunnel and returns a connected client.
func (*Client) ConnectToForwardedPort ¶
func (c *Client) ConnectToForwardedPort(ctx context.Context, listenerIn *net.Listener, port uint16) (io.ReadWriteCloser, chan error)
Opens a stream connected to a remote port for clients which cannot or do not want to forward local TCP ports. Returns a readWriteCloser which can be used to read and write to the remote port. Set AcceptLocalConnectionsForForwardedPorts to false in ConnectAsync to ensure TCP listeners are not created This will return an error if the port is not yet forwarded, the caller should first call WaitForForwardedPort.
func (*Client) RefreshPorts ¶ added in v0.0.6
type ClusterDetails ¶ added in v0.0.7
type ClusterDetails struct { // A cluster identifier based on its region. ClusterID string `json:"clusterId"` // The URI of the service cluster. URI string `json:"uri"` // The Azure location of the cluster. AzureLocation string `json:"azureLocation"` }
Details of a tunneling service cluster. Each cluster represents an instance of the tunneling service running in a particular Azure region. New tunnels are created in the current region unless otherwise specified.
type LocalNetworkTunnelEndpoint ¶
type LocalNetworkTunnelEndpoint struct { // Gets or sets a list of IP endpoints where the host may accept connections. // // A host may accept connections on multiple IP endpoints simultaneously if there are // multiple network interfaces on the host system and/or if the host supports both IPv4 // and IPv6. Each item in the list is a URI consisting of a scheme (which gives an // indication of the network connection protocol), an IP address (IPv4 or IPv6) and a // port number. The URIs do not typically include any paths, because the connection is // not normally HTTP-based. HostEndpoints []string `json:"hostEndpoints"` }
Parameters for connecting to a tunnel via a local network connection.
While a direct connection is technically not "tunneling", tunnel hosts may accept connections via the local network as an optional more-efficient alternative to a relay.
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager is used to interact with the Visual Studio Tunnel Service APIs.
func NewManager ¶
func NewManager(userAgents []UserAgent, tp tokenProviderfn, tunnelServiceUrl *url.URL, httpHandler *http.Client) (*Manager, error)
Creates a new Manager used for interacting with the Tunnels APIs. tokenProvider is an optional paramater containing a function that returns the access token to use for the request. If no tunnelServiceUrl or httpClient is provided, the default values will be used. Can return error if userAgent is empty or url is invalid.
func (*Manager) CreateTunnel ¶
func (m *Manager) CreateTunnel(ctx context.Context, tunnel *Tunnel, options *TunnelRequestOptions) (t *Tunnel, err error)
Creates a new tunnel with the properties specified in tunnel. Tunnel fields may be nil but the tunnel struct must not be nil. Returns the created tunnel or an error if the create fails.
func (*Manager) CreateTunnelPort ¶
func (m *Manager) CreateTunnelPort( ctx context.Context, tunnel *Tunnel, port *TunnelPort, options *TunnelRequestOptions, ) (tp *TunnelPort, err error)
Creates a port on the tunnel. Returns the created port or error if create fails.
func (*Manager) DeleteTunnel ¶
func (m *Manager) DeleteTunnel(ctx context.Context, tunnel *Tunnel, options *TunnelRequestOptions) error
Deletes a tunnel. Returns error if delete fails.
func (*Manager) DeleteTunnelEndpoints ¶
func (m *Manager) DeleteTunnelEndpoints( ctx context.Context, tunnel *Tunnel, hostID string, connectionMode TunnelConnectionMode, options *TunnelRequestOptions, ) error
Deletes endpoints on a tunnel. Returns error if the delete fails.
func (*Manager) DeleteTunnelPort ¶
func (m *Manager) DeleteTunnelPort( ctx context.Context, tunnel *Tunnel, port uint16, options *TunnelRequestOptions, ) error
Deletes a tunnel port. Returns error if the delete fails.
func (*Manager) GetTunnel ¶
func (m *Manager) GetTunnel(ctx context.Context, tunnel *Tunnel, options *TunnelRequestOptions) (t *Tunnel, err error)
Gets a tunnel by id or name. If getting a tunnel by name the domain must be provided if the tunnel is not in the default domain. Returns the requested tunnel or an error if the tunnel is not found.
func (*Manager) GetTunnelPort ¶
func (m *Manager) GetTunnelPort( ctx context.Context, tunnel *Tunnel, port int, options *TunnelRequestOptions, ) (tp *TunnelPort, err error)
func (*Manager) ListClusters ¶ added in v0.0.7
func (m *Manager) ListClusters(ctx context.Context) (clusters []*ClusterDetails, err error)
func (*Manager) ListTunnelPorts ¶
func (m *Manager) ListTunnelPorts( ctx context.Context, tunnel *Tunnel, options *TunnelRequestOptions, ) (tp []*TunnelPort, err error)
Lists ports on the tunnel.
func (*Manager) ListTunnels ¶
func (m *Manager) ListTunnels( ctx context.Context, clusterID string, domain string, options *TunnelRequestOptions, ) (ts []*Tunnel, err error)
Lists tunnels owned by the authenticated user. Returns a list of tunnels or an error if the search fails.
func (*Manager) UpdateTunnel ¶
func (m *Manager) UpdateTunnel(ctx context.Context, tunnel *Tunnel, updateFields []string, options *TunnelRequestOptions) (t *Tunnel, err error)
Updates a tunnel's properties, to update a field the field name must be included in updateFields. Returns the updated tunnel or an error if the update fails.
func (*Manager) UpdateTunnelEndpoint ¶
func (m *Manager) UpdateTunnelEndpoint( ctx context.Context, tunnel *Tunnel, endpoint *TunnelEndpoint, updateFields []string, options *TunnelRequestOptions, ) (te *TunnelEndpoint, err error)
Updates an endpoint on a tunnel. Returns the updated endpoint or an error if the update fails.
func (*Manager) UpdateTunnelPort ¶
func (m *Manager) UpdateTunnelPort( ctx context.Context, tunnel *Tunnel, port *TunnelPort, updateFields []string, options *TunnelRequestOptions, ) (tp *TunnelPort, err error)
Updates a tunnel port. Returns the updated port or an error if the update fails.
type ProblemDetails ¶
type ProblemDetails struct { // Gets or sets the error title. Title string `json:"title,omitempty"` // Gets or sets the error detail. Detail string `json:"detail,omitempty"` // Gets or sets additional details about individual request properties. Errors map[string][]string `json:"errors,omitempty"` }
Structure of error details returned by the tunnel service, including validation errors.
This object may be returned with a response status code of 400 (or other 4xx code). It is compatible with RFC 7807 Problem Details (https://tools.ietf.org/html/rfc7807) and https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.mvc.problemdetails but doesn't require adding a dependency on that package.
type RateStatus ¶
type RateStatus struct { // Gets or sets the length of each period, in seconds, over which the rate is measured. // // For rates that are limited by month (or billing period), this value may represent an // estimate, since the actual duration may vary by the calendar. PeriodSeconds uint32 `json:"periodSeconds,omitempty"` // Gets or sets the number of seconds until the current measurement period ends and the // current rate value resets. ResetSeconds uint32 `json:"resetSeconds,omitempty"` }
Current value and limit information for a rate-limited operation related to a tunnel or port.
type ResourceStatus ¶
type ResourceStatus struct { // Gets or sets the current value. Current uint64 `json:"current"` // Gets or sets the limit enforced by the service, or null if there is no limit. // // Any requests that would cause the limit to be exceeded may be denied by the service. // For HTTP requests, the response is generally a 403 Forbidden status, with details // about the limit in the response body. Limit uint64 `json:"limit,omitempty"` RateStatus }
Current value and limit for a limited resource related to a tunnel or tunnel port.
func (*ResourceStatus) UnmarshalJSON ¶ added in v0.0.4
func (rs *ResourceStatus) UnmarshalJSON(data []byte) (err error)
type ServiceVersionDetails ¶
type ServiceVersionDetails struct { // Gets or sets the version of the service. E.g. "1.0.6615.53976". The version // corresponds to the build number. Version string `json:"version"` // Gets or sets the commit ID of the service. CommitID string `json:"commitId"` // Gets or sets the commit date of the service. CommitDate string `json:"commitDate"` // Gets or sets the cluster ID of the service that handled the request. ClusterID string `json:"clusterId"` // Gets or sets the Azure location of the service that handled the request. AzureLocation string `json:"azureLocation"` }
Data contract for service version details.
type Tunnel ¶
type Tunnel struct { // Gets or sets the ID of the cluster the tunnel was created in. ClusterID string `json:"clusterId,omitempty"` // Gets or sets the generated ID of the tunnel, unique within the cluster. TunnelID string `json:"tunnelId,omitempty"` // Gets or sets the optional short name (alias) of the tunnel. // // The name must be globally unique within the parent domain, and must be a valid // subdomain. Name string `json:"name,omitempty"` // Gets or sets the description of the tunnel. Description string `json:"description,omitempty"` // Gets or sets the tags of the tunnel. Tags []string `json:"tags,omitempty"` // Gets or sets the optional parent domain of the tunnel, if it is not using the default // parent domain. Domain string `json:"domain,omitempty"` // Gets or sets a dictionary mapping from scopes to tunnel access tokens. AccessTokens map[TunnelAccessScope]string `json:"accessTokens,omitempty"` // Gets or sets access control settings for the tunnel. // // See `TunnelAccessControl` documentation for details about the access control model. AccessControl *TunnelAccessControl `json:"accessControl,omitempty"` // Gets or sets default options for the tunnel. Options *TunnelOptions `json:"options,omitempty"` // Gets or sets current connection status of the tunnel. Status *TunnelStatus `json:"status,omitempty"` // Gets or sets an array of endpoints where hosts are currently accepting client // connections to the tunnel. Endpoints []TunnelEndpoint `json:"endpoints,omitempty"` // Gets or sets a list of ports in the tunnel. // // This optional property enables getting info about all ports in a tunnel at the same // time as getting tunnel info, or creating one or more ports at the same time as // creating a tunnel. It is omitted when listing (multiple) tunnels, or when updating // tunnel properties. (For the latter, use APIs to create/update/delete individual ports // instead.) Ports []TunnelPort `json:"ports,omitempty"` // Gets or sets the time in UTC of tunnel creation. Created *time.Time `json:"created,omitempty"` }
Data contract for tunnel objects managed through the tunnel service REST API.
type TunnelAccessControl ¶
type TunnelAccessControl struct { // Gets or sets the list of access control entries. // // The order of entries is significant: later entries override earlier entries that apply // to the same subject. However, deny rules are always processed after allow rules, // therefore an allow rule cannot override a deny rule for the same subject. Entries []TunnelAccessControlEntry `json:"entries"` }
Data contract for access control on a `Tunnel` or `TunnelPort`.
Tunnels and tunnel ports can each optionally have an access-control property set on them. An access-control object contains a list (ACL) of entries (ACEs) that specify the access scopes granted or denied to some subjects. Tunnel ports inherit the ACL from the tunnel, though ports may include ACEs that augment or override the inherited rules. Currently there is no capability to define "roles" for tunnel access (where a role specifies a set of related access scopes), and assign roles to users. That feature may be added in the future. (It should be represented as a separate `RoleAssignments` property on this class.)
type TunnelAccessControlEntry ¶
type TunnelAccessControlEntry struct { // Gets or sets the access control entry type. Type TunnelAccessControlEntryType `json:"type"` // Gets or sets the provider of the subjects in this access control entry. The provider // impacts how the subject identifiers are resolved and displayed. The provider may be an // identity provider such as AAD, or a system or standard such as "ssh" or "ipv4". // // For user, group, or org ACEs, this value is the name of the identity provider of the // user/group/org IDs. It may be one of the well-known provider names in // `TunnelAccessControlEntry.Providers`, or (in the future) a custom identity provider. // For public key ACEs, this value is the type of public key, e.g. "ssh". For IP address // range ACEs, this value is the IP address version, "ipv4" or "ipv6", or "service-tag" // if the range is defined by an Azure service tag. For anonymous ACEs, this value is // null. Provider string `json:"provider,omitempty"` // Gets or sets a value indicating whether this is an access control entry on a tunnel // port that is inherited from the tunnel's access control list. IsInherited bool `json:"isInherited,omitempty"` // Gets or sets a value indicating whether this entry is a deny rule that blocks access // to the specified users. Otherwise it is an allow rule. // // All deny rules (including inherited rules) are processed after all allow rules. // Therefore a deny ACE cannot be overridden by an allow ACE that is later in the list or // on a more-specific resource. In other words, inherited deny ACEs cannot be overridden. IsDeny bool `json:"isDeny,omitempty"` // Gets or sets a value indicating whether this entry applies to all subjects that are // NOT in the `TunnelAccessControlEntry.Subjects` list. // // Examples: an inverse organizations ACE applies to all users who are not members of the // listed organization(s); an inverse anonymous ACE applies to all authenticated users; // an inverse IP address ranges ACE applies to all clients that are not within any of the // listed IP address ranges. The inverse option is often useful in policies in // combination with `TunnelAccessControlEntry.IsDeny`, for example a policy could deny // access to users who are not members of an organization or are outside of an IP address // range, effectively blocking any tunnels from allowing outside access (because // inherited deny ACEs cannot be overridden). IsInverse bool `json:"isInverse,omitempty"` // Gets or sets an optional organization context for all subjects of this entry. The use // and meaning of this value depends on the `TunnelAccessControlEntry.Type` and // `TunnelAccessControlEntry.Provider` of this entry. // // For AAD users and group ACEs, this value is the AAD tenant ID. It is not currently // used with any other types of ACEs. Organization string `json:"organization,omitempty"` // Gets or sets the subjects for the entry, such as user or group IDs. The format of the // values depends on the `TunnelAccessControlEntry.Type` and // `TunnelAccessControlEntry.Provider` of this entry. Subjects []string `json:"subjects"` // Gets or sets the access scopes that this entry grants or denies to the subjects. // // These must be one or more values from `TunnelAccessScopes`. Scopes []string `json:"scopes"` }
Data contract for an access control entry on a `Tunnel` or `TunnelPort`.
An access control entry (ACE) grants or denies one or more access scopes to one or more subjects. Tunnel ports inherit access control entries from their tunnel, and they may have additional port-specific entries that augment or override those access rules.
type TunnelAccessControlEntryProvider ¶
type TunnelAccessControlEntryProvider string
const ( // Microsoft (AAD) identity provider. TunnelAccessControlEntryProviderMicrosoft TunnelAccessControlEntryProvider = "microsoft" // GitHub identity provider. TunnelAccessControlEntryProviderGitHub TunnelAccessControlEntryProvider = "github" // SSH public keys. TunnelAccessControlEntryProviderSsh TunnelAccessControlEntryProvider = "ssh" // IPv4 addresses. TunnelAccessControlEntryProviderIPv4 TunnelAccessControlEntryProvider = "ipv4" // IPv6 addresses. TunnelAccessControlEntryProviderIPv6 TunnelAccessControlEntryProvider = "ipv6" // Service tags. TunnelAccessControlEntryProviderServiceTag TunnelAccessControlEntryProvider = "service-tag" )
type TunnelAccessControlEntryProviders ¶
type TunnelAccessControlEntryProviders []TunnelAccessControlEntryProvider
Constants for well-known identity providers.
type TunnelAccessControlEntryType ¶
type TunnelAccessControlEntryType string
Specifies the type of `TunnelAccessControlEntry`.
const ( // Uninitialized access control entry type. TunnelAccessControlEntryTypeNone TunnelAccessControlEntryType = "None" // The access control entry refers to all anonymous users. TunnelAccessControlEntryTypeAnonymous TunnelAccessControlEntryType = "Anonymous" // The access control entry is a list of user IDs that are allowed (or denied) access. TunnelAccessControlEntryTypeUsers TunnelAccessControlEntryType = "Users" // The access control entry is a list of groups IDs that are allowed (or denied) access. TunnelAccessControlEntryTypeGroups TunnelAccessControlEntryType = "Groups" // The access control entry is a list of organization IDs that are allowed (or denied) // access. // // All users in the organizations are allowed (or denied) access, unless overridden by // following group or user rules. TunnelAccessControlEntryTypeOrganizations TunnelAccessControlEntryType = "Organizations" // The access control entry is a list of repositories. Users are allowed access to the // tunnel if they have access to the repo. TunnelAccessControlEntryTypeRepositories TunnelAccessControlEntryType = "Repositories" // The access control entry is a list of public keys. Users are allowed access if they // can authenticate using a private key corresponding to one of the public keys. TunnelAccessControlEntryTypePublicKeys TunnelAccessControlEntryType = "PublicKeys" // The access control entry is a list of IP address ranges that are allowed (or denied) // access to the tunnel. Ranges can be IPv4, IPv6, or Azure service tags. TunnelAccessControlEntryTypeIPAddressRanges TunnelAccessControlEntryType = "IPAddressRanges" )
type TunnelAccessScope ¶
type TunnelAccessScope string
const ( // Allows creating tunnels. This scope is valid only in policies at the global, domain, // or organization level; it is not relevant to an already-created tunnel or tunnel port. // (Creation of ports requires "manage" or "host" access to the tunnel.) TunnelAccessScopeCreate TunnelAccessScope = "create" // Allows management operations on tunnels and tunnel ports. TunnelAccessScopeManage TunnelAccessScope = "manage" // Allows management operations on all ports of a tunnel, but does not allow updating any // other tunnel properties or deleting the tunnel. TunnelAccessScopeManagePorts TunnelAccessScope = "manage:ports" // Allows accepting connections on tunnels as a host. Includes access to update tunnel // endpoints and ports. TunnelAccessScopeHost TunnelAccessScope = "host" // Allows inspecting tunnel connection activity and data. TunnelAccessScopeInspect TunnelAccessScope = "inspect" // Allows connecting to tunnels or ports as a client. TunnelAccessScopeConnect TunnelAccessScope = "connect" )
type TunnelAccessScopes ¶
type TunnelAccessScopes []TunnelAccessScope
Defines scopes for tunnel access tokens.
A tunnel access token with one or more of these scopes typically also has cluster ID and tunnel ID claims that limit the access scope to a specific tunnel, and may also have one or more port claims that further limit the access to particular ports of the tunnel.
type TunnelAccessSubject ¶
type TunnelAccessSubject struct { // Gets or sets the type of subject, e.g. user, group, or organization. Type TunnelAccessControlEntryType `json:"type"` // Gets or sets the subject ID. // // The ID is typically a guid or integer that is unique within the scope of the identity // provider or organization, and never changes for that subject. ID string `json:"id,omitempty"` // Gets or sets the subject organization ID, which may be required if an organization is // not implied by the authentication context. OrganizationID string `json:"organizationId,omitempty"` // Gets or sets the partial or full subject name. // // When resolving a subject name to ID, a partial name may be provided, and the full name // is returned if the partial name was successfully resolved. When formatting a subject // ID to name, the full name is returned if the ID was found. Name string `json:"name,omitempty"` // Gets or sets an array of possible subject matches, if a partial name was provided and // did not resolve to a single subject. // // This property applies only when resolving subject names to IDs. Matches []TunnelAccessSubject `json:"matches,omitempty"` }
Properties about a subject of a tunnel access control entry (ACE), used when resolving subject names to IDs when creating new ACEs, or formatting subject IDs to names when displaying existing ACEs.
type TunnelAuthenticationScheme ¶
type TunnelAuthenticationScheme string
const ( // Authentication scheme for AAD (or Microsoft account) access tokens. TunnelAuthenticationSchemeAad TunnelAuthenticationScheme = "aad" // Authentication scheme for GitHub access tokens. TunnelAuthenticationSchemeGitHub TunnelAuthenticationScheme = "github" // Authentication scheme for tunnel access tokens. TunnelAuthenticationSchemeTunnel TunnelAuthenticationScheme = "tunnel" )
type TunnelAuthenticationSchemes ¶
type TunnelAuthenticationSchemes []TunnelAuthenticationScheme
Defines string constants for authentication schemes supported by tunnel service APIs.
type TunnelConnectionMode ¶
type TunnelConnectionMode string
Specifies the connection protocol / implementation for a tunnel.
Depending on the connection mode, hosts or clients might need to use different authentication and connection protocols.
const ( // Connect directly to the host over the local network. // // While it's technically not "tunneling", this mode may be combined with others to // enable choosing the most efficient connection mode available. TunnelConnectionModeLocalNetwork TunnelConnectionMode = "LocalNetwork" // Use the tunnel service's integrated relay function. TunnelConnectionModeTunnelRelay TunnelConnectionMode = "TunnelRelay" )
type TunnelEndpoint ¶
type TunnelEndpoint struct { // Gets or sets the connection mode of the endpoint. // // This property is required when creating or updating an endpoint. The subclass type is // also an indication of the connection mode, but this property is necessary to determine // the subclass type when deserializing. ConnectionMode TunnelConnectionMode `json:"connectionMode"` // Gets or sets the ID of the host that is listening on this endpoint. // // This property is required when creating or updating an endpoint. If the host supports // multiple connection modes, the host's ID is the same for all the endpoints it // supports. However different hosts may simultaneously accept connections at different // endpoints for the same tunnel, if enabled in tunnel options. HostID string `json:"hostId"` // Gets or sets an array of public keys, which can be used by clients to authenticate the // host. HostPublicKeys []string `json:"hostPublicKeys,omitempty"` // Gets or sets a string used to format URIs where a web client can connect to ports of // the tunnel. The string includes a `TunnelEndpoint.PortToken` that must be replaced // with the actual port number. PortURIFormat string `json:"portUriFormat,omitempty"` // Gets or sets the URI where a web client can connect to the default port of the tunnel. TunnelURI string `json:"tunnelUri,omitempty"` // Gets or sets a string used to format ssh command where ssh client can connect to // shared ssh port of the tunnel. The string includes a `TunnelEndpoint.PortToken` that // must be replaced with the actual port number. PortSshCommandFormat string `json:"portSshCommandFormat,omitempty"` // Gets or sets the Ssh command where the Ssh client can connect to the default ssh port // of the tunnel. TunnelSshCommand string `json:"tunnelSshCommand,omitempty"` // Gets or sets the Ssh gateway public key which should be added to the authorized_keys // file so that tunnel service can connect to the shared ssh server. SshGatewayPublicKey string `json:"sshGatewayPublicKey,omitempty"` LocalNetworkTunnelEndpoint TunnelRelayTunnelEndpoint }
Base class for tunnel connection parameters.
A tunnel endpoint specifies how and where hosts and clients can connect to a tunnel. There is a subclass for each connection mode, each having different connection parameters. A tunnel may have multiple endpoints for one host (or multiple hosts), and clients can select their preferred endpoint(s) from those depending on network environment or client capabilities.
type TunnelHeaderName ¶
type TunnelHeaderName string
const ( // Additional authorization header that can be passed to tunnel web forwarding to // authenticate and authorize the client. The format of the value is the same as // Authorization header that is sent to the Tunnel service by the tunnel SDK. Supported // schemes: "tunnel" with the tunnel access JWT good for 'Connect' scope. TunnelHeaderNameXTunnelAuthorization TunnelHeaderName = "X-Tunnel-Authorization" // Request ID header that nginx ingress controller adds to all requests if it's not // there. TunnelHeaderNameXRequestID TunnelHeaderName = "X-Request-ID" // Github Ssh public key which can be used to validate if it belongs to tunnel's owner. TunnelHeaderNameXGithubSshKey TunnelHeaderName = "X-Github-Ssh-Key" // Header that will skip the antiphishing page when connection to a tunnel through web // forwarding. TunnelHeaderNameXTunnelSkipPhishing TunnelHeaderName = "X-Tunnel-Skip-Phishing-Page" )
type TunnelHeaderNames ¶
type TunnelHeaderNames []TunnelHeaderName
Header names for http requests that Tunnel Service can handle
type TunnelOptions ¶
type TunnelOptions struct { // Gets or sets a value indicating whether web-forwarding of this tunnel can run on any // cluster (region) without redirecting to the home cluster. This is only applicable if // the tunnel has a name and web-forwarding uses it. IsGloballyAvailable bool `json:"isGloballyAvailable,omitempty"` }
Data contract for `Tunnel` or `TunnelPort` options.
type TunnelPort ¶
type TunnelPort struct { // Gets or sets the ID of the cluster the tunnel was created in. ClusterID string `json:"clusterId,omitempty"` // Gets or sets the generated ID of the tunnel, unique within the cluster. TunnelID string `json:"tunnelId,omitempty"` // Gets or sets the IP port number of the tunnel port. PortNumber uint16 `json:"portNumber"` // Gets or sets the optional short name of the port. // // The name must be unique among named ports of the same tunnel. Name string `json:"name,omitempty"` // Gets or sets the optional description of the port. Description string `json:"description,omitempty"` // Gets or sets the tags of the port. Tags []string `json:"tags,omitempty"` // Gets or sets the protocol of the tunnel port. // // Should be one of the string constants from `TunnelProtocol`. Protocol string `json:"protocol,omitempty"` // Gets or sets a dictionary mapping from scopes to tunnel access tokens. // // Unlike the tokens in `Tunnel.AccessTokens`, these tokens are restricted to the // individual port. AccessTokens map[TunnelAccessScope]string `json:"accessTokens,omitempty"` // Gets or sets access control settings for the tunnel port. // // See `TunnelAccessControl` documentation for details about the access control model. AccessControl *TunnelAccessControl `json:"accessControl,omitempty"` // Gets or sets options for the tunnel port. Options *TunnelOptions `json:"options,omitempty"` // Gets or sets current connection status of the tunnel port. Status *TunnelPortStatus `json:"status,omitempty"` // Gets or sets the username for the ssh service user is trying to forward. // // Should be provided if the `TunnelProtocol` is Ssh. SshUser string `json:"sshUser,omitempty"` }
Data contract for tunnel port objects managed through the tunnel service REST API.
func NewTunnelPort ¶
func NewTunnelPort(portNumber uint16, clusterId string, tunnelId string, protocol TunnelProtocol) *TunnelPort
func (*TunnelPort) Table ¶
func (tp *TunnelPort) Table() table.Table
type TunnelPortStatus ¶
type TunnelPortStatus struct { // Gets or sets the current value and limit for the number of clients connected to the // port. // // This client connection count does not include non-port-specific connections such as // SDK and SSH clients. See `TunnelStatus.ClientConnectionCount` for status of those // connections. This count also does not include HTTP client connections, unless they // are upgraded to websockets. HTTP connections are counted per-request rather than // per-connection: see `TunnelPortStatus.HttpRequestRate`. ClientConnectionCount *ResourceStatus `json:"clientConnectionCount,omitempty"` // Gets or sets the UTC date time when a client was last connected to the port, or null // if a client has never connected. LastClientConnectionTime *time.Time `json:"lastClientConnectionTime,omitempty"` // Gets or sets the current value and limit for the rate of client connections to the // tunnel port. // // This client connection rate does not count non-port-specific connections such as SDK // and SSH clients. See `TunnelStatus.ClientConnectionRate` for those connection types. // This also does not include HTTP connections, unless they are upgraded to websockets. // HTTP connections are counted per-request rather than per-connection: see // `TunnelPortStatus.HttpRequestRate`. ClientConnectionRate *RateStatus `json:"clientConnectionRate,omitempty"` // Gets or sets the current value and limit for the rate of HTTP requests to the tunnel // port. HttpRequestRate *RateStatus `json:"httpRequestRate,omitempty"` }
Data contract for `TunnelPort` status.
type TunnelProtocol ¶
type TunnelProtocol string
Defines possible values for the protocol of a `TunnelPort`.
const ( // The protocol is automatically detected. (TODO: Define detection semantics.) TunnelProtocolAuto TunnelProtocol = "auto" // Unknown TCP protocol. TunnelProtocolTcp TunnelProtocol = "tcp" // Unknown UDP protocol. TunnelProtocolUdp TunnelProtocol = "udp" // SSH protocol. TunnelProtocolSsh TunnelProtocol = "ssh" // Remote desktop protocol. TunnelProtocolRdp TunnelProtocol = "rdp" // HTTP protocol. TunnelProtocolHttp TunnelProtocol = "http" // HTTPS protocol. TunnelProtocolHttps TunnelProtocol = "https" )
type TunnelRelayTunnelEndpoint ¶
type TunnelRelayTunnelEndpoint struct { // Gets or sets the host URI. HostRelayURI string `json:"hostRelayUri,omitempty"` // Gets or sets the client URI. ClientRelayURI string `json:"clientRelayUri,omitempty"` }
Parameters for connecting to a tunnel via the tunnel service's built-in relay function.
type TunnelRequestOptions ¶
type TunnelRequestOptions struct { // Token used for authentication for service. AccessToken string // Additional headers to be included in the request. AdditionalHeaders map[string]string // Additional qurey parameters to be included in the request. AdditionalQueryParameters map[string]string // Indicates whether HTTP redirect responses will be automatically followed. FollowRedirects bool // Flag that requests tunnel ports when retrieving a tunnel object. IncludePorts bool // Optional list of tags to filter the requested tunnels or ports. // By default, an item is included if ANY tag matches; set `requireAllTags` to match // ALL tags instead. Tags []string // Flag that indicates whether listed items must match all tags specified in `tags`. // If false, an item is included if any tag matches. RequireAllTags bool // List of token scopes that are requested when retrieving a tunnel or tunnel port object. TokenScopes TunnelAccessScopes // If there is another tunnel with the name requested in updateTunnel, try to acquire the name from the other tunnel. ForceRename bool }
Options that are sent in requests to the tunnels service.
type TunnelServiceProperties ¶
type TunnelServiceProperties struct { // Gets the base URI of the service. ServiceURI string `json:"serviceUri"` // Gets the public AAD AppId for the service. // // Clients specify this AppId as the audience property when authenticating to the // service. ServiceAppID string `json:"serviceAppId"` // Gets the internal AAD AppId for the service. // // Other internal services specify this AppId as the audience property when // authenticating to the tunnel service. Production services must be in the AME tenant to // use this appid. ServiceInternalAppID string `json:"serviceInternalAppId"` // Gets the client ID for the service's GitHub app. // // Clients apps that authenticate tunnel users with GitHub specify this as the client ID // when requesting a user token. GitHubAppClientID string `json:"gitHubAppClientId"` }
Provides environment-dependent properties about the service.
type TunnelStatus ¶
type TunnelStatus struct { // Gets or sets the current value and limit for the number of ports on the tunnel. PortCount *ResourceStatus `json:"portCount,omitempty"` // Gets or sets the current value and limit for the number of hosts currently accepting // connections to the tunnel. // // This is typically 0 or 1, but may be more than 1 if the tunnel options allow multiple // hosts. HostConnectionCount *ResourceStatus `json:"hostConnectionCount,omitempty"` // Gets or sets the UTC time when a host was last accepting connections to the tunnel, or // null if a host has never connected. LastHostConnectionTime *time.Time `json:"lastHostConnectionTime,omitempty"` // Gets or sets the current value and limit for the number of clients connected to the // tunnel. // // This counts non-port-specific client connections, which is SDK and SSH clients. See // `TunnelPortStatus` for status of per-port client connections. ClientConnectionCount *ResourceStatus `json:"clientConnectionCount,omitempty"` // Gets or sets the UTC time when a client last connected to the tunnel, or null if a // client has never connected. // // This reports times for non-port-specific client connections, which is SDK client and // SSH clients. See `TunnelPortStatus` for per-port client connections. LastClientConnectionTime *time.Time `json:"lastClientConnectionTime,omitempty"` // Gets or sets the current value and limit for the rate of client connections to the // tunnel. // // This counts non-port-specific client connections, which is SDK client and SSH clients. // See `TunnelPortStatus` for status of per-port client connections. ClientConnectionRate *RateStatus `json:"clientConnectionRate,omitempty"` // Gets or sets the current value and limit for the rate of bytes transferred via the // tunnel. // // This includes both sending and receiving. All types of tunnel and port connections // contribute to this rate. DataTransferRate *RateStatus `json:"dataTransferRate,omitempty"` // Gets or sets the current value and limit for the rate of management API read // operations for the tunnel or tunnel ports. ApiReadRate *RateStatus `json:"apiReadRate,omitempty"` // Gets or sets the current value and limit for the rate of management API update // operations for the tunnel or tunnel ports. ApiUpdateRate *RateStatus `json:"apiUpdateRate,omitempty"` }
Data contract for `Tunnel` status.
Source Files ¶
- access_scopes.go
- buffer.go
- client.go
- cluster_details.go
- manager.go
- problem_details.go
- remote_forwarded_ports.go
- request_options.go
- resource_status.go
- service_version_details.go
- socket.go
- tunnel.go
- tunnel_access_control.go
- tunnel_access_control_entry.go
- tunnel_access_control_entry_type.go
- tunnel_access_scopes.go
- tunnel_access_subject.go
- tunnel_authentication_schemes.go
- tunnel_connection_mode.go
- tunnel_constraints.go
- tunnel_endpoint.go
- tunnel_header_names.go
- tunnel_options.go
- tunnel_port.go
- tunnel_port_status.go
- tunnel_protocol.go
- tunnel_service_properties.go
- tunnel_status.go
- tunnels.go