tunnels

package
v0.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 19, 2022 License: MIT Imports: 22 Imported by: 2

Documentation

Index

Constants

View Source
const (
	// Min length of tunnel cluster ID.
	TunnelConstraintsClusterIDMinLength = 3

	// Max length of tunnel cluster ID.
	TunnelConstraintsClusterIDMaxLength = 12

	// Characters that are valid in tunnel id. Vowels and 'y' are excluded to avoid
	// accidentally generating any random words.
	TunnelConstraintsTunnelIDChars = "0123456789bcdfghjklmnpqrstvwxz"

	// Length of tunnel id.
	TunnelConstraintsTunnelIDLength = 8

	// Min length of tunnel name.
	TunnelConstraintsTunnelNameMinLength = 3

	// Max length of tunnel name.
	TunnelConstraintsTunnelNameMaxLength = 60
)
View Source
const PackageVersion = "0.0.1"

Variables

View Source
var (
	// ErrNoTunnel is returned when no tunnel is provided.
	ErrNoTunnel = errors.New("tunnel cannot be nil")

	// ErrNoTunnelEndpoints is returned when no tunnel endpoints are provided.
	ErrNoTunnelEndpoints = errors.New("tunnel endpoints cannot be nil or empty")

	// ErrNoConnections is returned when no tunnel endpoints are provided for the given host ID.
	ErrNoConnections = errors.New("the specified host is not currently accepting connections to the tunnel")

	// ErrMultipleHosts is returned when multiple tunnel endpoints for different hosts are provided.
	ErrMultipleHosts = errors.New("there are multiple hosts for the tunnel, specify the host ID to connect to")

	// ErrNoRelayConnections is returned when no relay connections are available.
	ErrNoRelayConnections = errors.New("the host is not currently accepting tunnel relay connections")

	// ErrSSHConnectionClosed is returned when the ssh connection is closed.
	ErrSSHConnectionClosed = errors.New("the ssh connection is closed")

	// ErrPortNotForwarded is returned when the specified port is not forwarded.
	ErrPortNotForwarded = errors.New("the port is not forwarded")
)
View Source
var (
	// A regular expression that can match or validate tunnel cluster ID strings.
	//
	// Cluster IDs are alphanumeric; hyphens are not permitted.
	TunnelConstraintsClusterIDRegex = regexp.MustCompile(
		"[a-z][a-z0-9]{" + strconv.Itoa(TunnelConstraintsClusterIDMinLength-1) + "," + strconv.Itoa(TunnelConstraintsClusterIDMaxLength-1) + "}")

	// A regular expression that can match or validate tunnel ID strings.
	//
	// Tunnel IDs are fixed-length and have a limited character set of numbers and some
	// lowercase letters (minus vowels).
	TunnelConstraintsTunnelIDRegex = regexp.MustCompile(
		"[" + strings.Replace(TunnelConstraintsTunnelIDChars, "0123456789", "0-9", -1) + "]{" + strconv.Itoa(TunnelConstraintsTunnelIDLength) + "}")

	// A regular expression that can match or validate tunnel names.
	//
	// Tunnel names are alphanumeric and may contain hyphens.
	TunnelConstraintsTunnelNameRegex = regexp.MustCompile(
		"[a-z0-9][a-z0-9-]{" +
			strconv.Itoa(TunnelConstraintsTunnelNameMinLength-2) + "," + strconv.Itoa(TunnelConstraintsTunnelNameMaxLength-2) +
			"}[a-z0-9]")

	// A regular expression that can match or validate tunnel names.
	TunnelConstraintsTunnelTagRegex = regexp.MustCompile(`^[\w-=]+$`)
)
View Source
var DevServiceProperties = TunnelServiceProperties{
	ServiceURI:           fmt.Sprintf("https://%s/", devDnsName),
	ServiceAppID:         nonProdFirstPartyAppID,
	ServiceInternalAppID: devThirdPartyAppID,
	GitHubAppClientID:    nonProdGitHubAppClientID,
}
View Source
var PortURIToken = "{port}"

Token included in `TunnelEndpoint.PortUriFormat` that is to be replaced by a specified port number.

View Source
var PpeServiceProperties = TunnelServiceProperties{
	ServiceURI:           fmt.Sprintf("https://%s/", ppeDnsName),
	ServiceAppID:         nonProdFirstPartyAppID,
	ServiceInternalAppID: ppeThirdPartyAppID,
	GitHubAppClientID:    nonProdGitHubAppClientID,
}
View Source
var ServiceProperties = TunnelServiceProperties{
	ServiceURI:           fmt.Sprintf("https://%s/", prodDnsName),
	ServiceAppID:         prodFirstPartyAppID,
	ServiceInternalAppID: prodThirdPartyAppID,
	GitHubAppClientID:    prodGitHubAppClientID,
}

Functions

This section is empty.

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client is a client for a tunnel. It is used to connect to a tunnel.

func NewClient

func NewClient(logger *log.Logger, tunnel *Tunnel, acceptLocalConnectionsForForwardedPorts bool) (*Client, error)

Connect connects to a tunnel and returns a connected client.

func (*Client) Close

func (c *Client) Close() error

func (*Client) Connect

func (c *Client) Connect(ctx context.Context, hostID string) error

func (*Client) ConnectToForwardedPort

func (c *Client) ConnectToForwardedPort(ctx context.Context, listenerIn *net.Listener, port uint16) (io.ReadWriteCloser, chan error)

Opens a stream connected to a remote port for clients which cannot or do not want to forward local TCP ports. Returns a readWriteCloser which can be used to read and write to the remote port. Set AcceptLocalConnectionsForForwardedPorts to false in ConnectAsync to ensure TCP listeners are not created This will return an error if the port is not yet forwarded, the caller should first call WaitForForwardedPort.

func (*Client) WaitForForwardedPort

func (c *Client) WaitForForwardedPort(ctx context.Context, port uint16) error

WaitForForwardedPort waits for the specified port to be forwarded. It is common practice to call this function before ConnectToForwardedPort.

type LiveShareRelayTunnelEndpoint

type LiveShareRelayTunnelEndpoint struct {
	// Gets or sets the Live Share workspace ID.
	WorkspaceID string `json:"workspaceId"`

	// Gets or sets the Azure Relay URI.
	RelayURI string `json:"relayUri,omitempty"`

	// Gets or sets a SAS token that allows hosts to listen on the Azure Relay endpoint.
	RelayHostSasToken string `json:"relayHostSasToken,omitempty"`

	// Gets or sets a SAS token that allows clients to connect to the Azure Relay endpoint.
	RelayClientSasToken string `json:"relayClientSasToken,omitempty"`
}

Parameters for connecting to a tunnel via a Live Share Azure Relay.

type LocalNetworkTunnelEndpoint

type LocalNetworkTunnelEndpoint struct {
	// Gets or sets a list of IP endpoints where the host may accept connections.
	//
	// A host may accept connections on multiple IP endpoints simultaneously if there are
	// multiple network interfaces on the host system and/or if the host supports both IPv4
	// and IPv6.  Each item in the list is a URI consisting of a scheme (which gives an
	// indication of the network connection protocol), an IP address (IPv4 or IPv6) and a
	// port number. The URIs do not typically include any paths, because the connection is
	// not normally HTTP-based.
	HostEndpoints []string `json:"hostEndpoints"`
}

Parameters for connecting to a tunnel via a local network connection.

While a direct connection is technically not "tunneling", tunnel hosts may accept connections via the local network as an optional more-efficient alternative to a relay.

type Manager

type Manager struct {
	// contains filtered or unexported fields
}

Manager is used to interact with the Visual Studio Tunnel Service APIs.

func NewManager

func NewManager(userAgents []UserAgent, tp tokenProviderfn, tunnelServiceUrl *url.URL, httpHandler *http.Client) (*Manager, error)

Creates a new Manager used for interacting with the Tunnels APIs. tokenProvider is an optional paramater containing a function that returns the access token to use for the request. If no tunnelServiceUrl or httpClient is provided, the default values will be used. Can return error if userAgent is empty or url is invalid.

func (*Manager) CreateTunnel

func (m *Manager) CreateTunnel(ctx context.Context, tunnel *Tunnel, options *TunnelRequestOptions) (t *Tunnel, err error)

Creates a new tunnel with the properties specified in tunnel. Tunnel fields may be nil but the tunnel struct must not be nil. Returns the created tunnel or an error if the create fails.

func (*Manager) CreateTunnelPort

func (m *Manager) CreateTunnelPort(
	ctx context.Context, tunnel *Tunnel, port *TunnelPort, options *TunnelRequestOptions,
) (tp *TunnelPort, err error)

Creates a port on the tunnel. Returns the created port or error if create fails.

func (*Manager) DeleteTunnel

func (m *Manager) DeleteTunnel(ctx context.Context, tunnel *Tunnel, options *TunnelRequestOptions) error

Deletes a tunnel. Returns error if delete fails.

func (*Manager) DeleteTunnelEndpoints

func (m *Manager) DeleteTunnelEndpoints(
	ctx context.Context, tunnel *Tunnel, hostID string, connectionMode TunnelConnectionMode, options *TunnelRequestOptions,
) error

Deletes endpoints on a tunnel. Returns error if the delete fails.

func (*Manager) DeleteTunnelPort

func (m *Manager) DeleteTunnelPort(
	ctx context.Context, tunnel *Tunnel, port uint16, options *TunnelRequestOptions,
) error

Deletes a tunnel port. Returns error if the delete fails.

func (*Manager) GetTunnel

func (m *Manager) GetTunnel(ctx context.Context, tunnel *Tunnel, options *TunnelRequestOptions) (t *Tunnel, err error)

Gets a tunnel by id or name. If getting a tunnel by name the domain must be provided if the tunnel is not in the default domain. Returns the requested tunnel or an error if the tunnel is not found.

func (*Manager) GetTunnelPort

func (m *Manager) GetTunnelPort(
	ctx context.Context, tunnel *Tunnel, port int, options *TunnelRequestOptions,
) (tp *TunnelPort, err error)

func (*Manager) ListTunnelPorts

func (m *Manager) ListTunnelPorts(
	ctx context.Context, tunnel *Tunnel, options *TunnelRequestOptions,
) (tp []*TunnelPort, err error)

Lists all ports on the tunnel.

func (*Manager) ListTunnels

func (m *Manager) ListTunnels(
	ctx context.Context, clusterID string, domain string, options *TunnelRequestOptions,
) (ts []*Tunnel, err error)

Lists all tunnels owned by the authenticated user. Returns a list of tunnels or an error if the search fails.

func (*Manager) SearchTunnels

func (m *Manager) SearchTunnels(
	ctx context.Context, tags []string, requireAllTags bool, clusterID string, domain string, options *TunnelRequestOptions,
) (ts []*Tunnel, err error)

Search tunnels that the authenticated user has access to based on tags. If requireAllTags is true then tunnels returned must contain all tags in the tags slice. Returns a slice of the found tunnels or an error if the search fails.

func (*Manager) UpdateTunnel

func (m *Manager) UpdateTunnel(ctx context.Context, tunnel *Tunnel, updateFields []string, options *TunnelRequestOptions) (t *Tunnel, err error)

Updates a tunnel's properties, to update a field the field name must be included in updateFields. Returns the updated tunnel or an error if the update fails.

func (*Manager) UpdateTunnelEndpoint

func (m *Manager) UpdateTunnelEndpoint(
	ctx context.Context, tunnel *Tunnel, endpoint *TunnelEndpoint, updateFields []string, options *TunnelRequestOptions,
) (te *TunnelEndpoint, err error)

Updates an endpoint on a tunnel. Returns the updated endpoint or an error if the update fails.

func (*Manager) UpdateTunnelPort

func (m *Manager) UpdateTunnelPort(
	ctx context.Context, tunnel *Tunnel, port *TunnelPort, updateFields []string, options *TunnelRequestOptions,
) (tp *TunnelPort, err error)

Updates a tunnel port. Returns the updated port or an error if the update fails.

type ProblemDetails

type ProblemDetails struct {
	// Gets or sets the error title.
	Title string `json:"title,omitempty"`

	// Gets or sets the error detail.
	Detail string `json:"detail,omitempty"`

	// Gets or sets additional details about individual request properties.
	Errors map[string][]string `json:"errors,omitempty"`
}

Structure of error details returned by the tunnel service, including validation errors.

This object may be returned with a response status code of 400 (or other 4xx code). It is compatible with RFC 7807 Problem Details (https://tools.ietf.org/html/rfc7807) and https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.mvc.problemdetails but doesn't require adding a dependency on that package.

type RateStatus

type RateStatus struct {
	// Gets or sets the length of each period, in seconds, over which the rate is measured.
	//
	// For rates that are limited by month (or billing period), this value may represent an
	// estimate, since the actual duration may vary by the calendar.
	PeriodSeconds uint32 `json:"periodSeconds,omitempty"`

	// Gets or sets the number of seconds until the current measurement period ends and the
	// current rate value resets.
	ResetSeconds uint32 `json:"resetSeconds,omitempty"`
}

Current value and limit information for a rate-limited operation related to a tunnel or port.

type ResourceStatus

type ResourceStatus struct {
	// Gets or sets the current value.
	Current uint64 `json:"current"`

	// Gets or sets the limit enforced by the service, or null if there is no limit.
	//
	// Any requests that would cause the limit to be exceeded may be denied by the service.
	// For HTTP requests, the response is generally a 403 Forbidden status, with details
	// about the limit in the response body.
	Limit uint64 `json:"limit,omitempty"`

	RateStatus
}

Current value and limit for a limited resource related to a tunnel or tunnel port.

type ServiceVersionDetails

type ServiceVersionDetails struct {
	// Gets or sets the version of the service. E.g. "1.0.6615.53976". The version
	// corresponds to the build number.
	Version string `json:"version"`

	// Gets or sets the commit ID of the service.
	CommitID string `json:"commitId"`

	// Gets or sets the commit date of the service.
	CommitDate string `json:"commitDate"`

	// Gets or sets the cluster ID of the service that handled the request.
	ClusterID string `json:"clusterId"`

	// Gets or sets the Azure location of the service that handled the request.
	AzureLocation string `json:"azureLocation"`
}

Data contract for service version details.

type Tunnel

type Tunnel struct {
	// Gets or sets the ID of the cluster the tunnel was created in.
	ClusterID string `json:"clusterId,omitempty"`

	// Gets or sets the generated ID of the tunnel, unique within the cluster.
	TunnelID string `json:"tunnelId,omitempty"`

	// Gets or sets the optional short name (alias) of the tunnel.
	//
	// The name must be globally unique within the parent domain, and must be a valid
	// subdomain.
	Name string `json:"name,omitempty"`

	// Gets or sets the description of the tunnel.
	Description string `json:"description,omitempty"`

	// Gets or sets the tags of the tunnel.
	Tags []string `json:"tags,omitempty"`

	// Gets or sets the optional parent domain of the tunnel, if it is not using the default
	// parent domain.
	Domain string `json:"domain,omitempty"`

	// Gets or sets a dictionary mapping from scopes to tunnel access tokens.
	AccessTokens map[TunnelAccessScope]string `json:"accessTokens,omitempty"`

	// Gets or sets access control settings for the tunnel.
	//
	// See `TunnelAccessControl` documentation for details about the access control model.
	AccessControl *TunnelAccessControl `json:"accessControl,omitempty"`

	// Gets or sets default options for the tunnel.
	Options *TunnelOptions `json:"options,omitempty"`

	// Gets or sets current connection status of the tunnel.
	Status *TunnelStatus `json:"status,omitempty"`

	// Gets or sets an array of endpoints where hosts are currently accepting client
	// connections to the tunnel.
	Endpoints []TunnelEndpoint `json:"endpoints,omitempty"`

	// Gets or sets a list of ports in the tunnel.
	//
	// This optional property enables getting info about all ports in a tunnel at the same
	// time as getting tunnel info, or creating one or more ports at the same time as
	// creating a tunnel. It is omitted when listing (multiple) tunnels, or when updating
	// tunnel properties. (For the latter, use APIs to create/update/delete individual ports
	// instead.)
	Ports []TunnelPort `json:"ports,omitempty"`

	// Gets or sets the time in UTC of tunnel creation.
	Created *time.Time `json:"created,omitempty"`
}

Data contract for tunnel objects managed through the tunnel service REST API.

func (*Tunnel) Table

func (t *Tunnel) Table() table.Table

type TunnelAccessControl

type TunnelAccessControl struct {
	// Gets or sets the list of access control entries.
	//
	// The order of entries is significant: later entries override earlier entries that apply
	// to the same subject. However, deny rules are always processed after allow rules,
	// therefore an allow rule cannot override a deny rule for the same subject.
	Entries []TunnelAccessControlEntry `json:"entries"`
}

Data contract for access control on a `Tunnel` or `TunnelPort`.

Tunnels and tunnel ports can each optionally have an access-control property set on them. An access-control object contains a list (ACL) of entries (ACEs) that specify the access scopes granted or denied to some subjects. Tunnel ports inherit the ACL from the tunnel, though ports may include ACEs that augment or override the inherited rules. Currently there is no capability to define "roles" for tunnel access (where a role specifies a set of related access scopes), and assign roles to users. That feature may be added in the future. (It should be represented as a separate `RoleAssignments` property on this class.)

type TunnelAccessControlEntry

type TunnelAccessControlEntry struct {
	// Gets or sets the access control entry type.
	Type TunnelAccessControlEntryType `json:"type"`

	// Gets or sets the provider of the subjects in this access control entry. The provider
	// impacts how the subject identifiers are resolved and displayed. The provider may be an
	// identity provider such as AAD, or a system or standard such as "ssh" or "ipv4".
	//
	// For user, group, or org ACEs, this value is the name of the identity provider of the
	// user/group/org IDs. It may be one of the well-known provider names in
	// `TunnelAccessControlEntry.Providers`, or (in the future) a custom identity provider.
	// For public key ACEs, this value is the type of public key, e.g. "ssh".  For IP address
	// range ACEs, this value is the IP addrss version, e.g. "ipv4" or "ipv6".  For anonymous
	// ACEs, this value is null.
	Provider string `json:"provider,omitempty"`

	// Gets or sets a value indicating whether this is an access control entry on a tunnel
	// port that is inherited from the tunnel's access control list.
	IsInherited bool `json:"isInherited,omitempty"`

	// Gets or sets a value indicating whether this entry is a deny rule that blocks access
	// to the specified users. Otherwise it is an allow rule.
	//
	// All deny rules (including inherited rules) are processed after all allow rules.
	// Therefore a deny ACE cannot be overridden by an allow ACE that is later in the list or
	// on a more-specific resource. In other words, inherited deny ACEs cannot be overridden.
	IsDeny bool `json:"isDeny,omitempty"`

	// Gets or sets a value indicating whether this entry applies to all subjects that are
	// NOT in the `TunnelAccessControlEntry.Subjects` list.
	//
	// Examples: an inverse organizations ACE applies to all users who are not members of the
	// listed organization(s); an inverse anonymous ACE applies to all authenticated users;
	// an inverse IP address ranges ACE applies to all clients that are not within any of the
	// listed IP address ranges. The inverse option is often useful in policies in
	// combination with `TunnelAccessControlEntry.IsDeny`, for example a policy could deny
	// access to users who are not members of an organization or are outside of an IP address
	// range, effectively blocking any tunnels from allowing outside access (because
	// inherited deny ACEs cannot be overridden).
	IsInverse bool `json:"isInverse,omitempty"`

	// Gets or sets an optional organization context for all subjects of this entry. The use
	// and meaning of this value depends on the `TunnelAccessControlEntry.Type` and
	// `TunnelAccessControlEntry.Provider` of this entry.
	//
	// For AAD users and group ACEs, this value is the AAD tenant ID. It is not currently
	// used with any other types of ACEs.
	Organization string `json:"organization,omitempty"`

	// Gets or sets the subjects for the entry, such as user or group IDs. The format of the
	// values depends on the `TunnelAccessControlEntry.Type` and
	// `TunnelAccessControlEntry.Provider` of this entry.
	Subjects []string `json:"subjects"`

	// Gets or sets the access scopes that this entry grants or denies to the subjects.
	//
	// These must be one or more values from `TunnelAccessScopes`.
	Scopes []string `json:"scopes"`
}

Data contract for an access control entry on a `Tunnel` or `TunnelPort`.

An access control entry (ACE) grants or denies one or more access scopes to one or more subjects. Tunnel ports inherit access control entries from their tunnel, and they may have additional port-specific entries that augment or override those access rules.

type TunnelAccessControlEntryProvider

type TunnelAccessControlEntryProvider string
const (
	// Microsoft (AAD) identity provider.
	TunnelAccessControlEntryProviderMicrosoft TunnelAccessControlEntryProvider = "microsoft"

	// GitHub identity provider.
	TunnelAccessControlEntryProviderGitHub TunnelAccessControlEntryProvider = "github"

	// SSH public keys.
	TunnelAccessControlEntryProviderSsh TunnelAccessControlEntryProvider = "ssh"

	// IPv4 addresses.
	TunnelAccessControlEntryProviderIPv4 TunnelAccessControlEntryProvider = "ipv4"

	// IPv6 addresses.
	TunnelAccessControlEntryProviderIPv6 TunnelAccessControlEntryProvider = "ipv6"
)

type TunnelAccessControlEntryProviders

type TunnelAccessControlEntryProviders []TunnelAccessControlEntryProvider

Constants for well-known identity providers.

type TunnelAccessControlEntryType

type TunnelAccessControlEntryType string

Specifies the type of `TunnelAccessControlEntry`.

const (
	// Uninitialized access control entry type.
	TunnelAccessControlEntryTypeNone TunnelAccessControlEntryType = "none"

	// The access control entry refers to all anonymous users.
	TunnelAccessControlEntryTypeAnonymous TunnelAccessControlEntryType = "anonymous"

	// The access control entry is a list of user IDs that are allowed (or denied) access.
	TunnelAccessControlEntryTypeUsers TunnelAccessControlEntryType = "users"

	// The access control entry is a list of groups IDs that are allowed (or denied) access.
	TunnelAccessControlEntryTypeGroups TunnelAccessControlEntryType = "groups"

	// The access control entry is a list of organization IDs that are allowed (or denied)
	// access.
	//
	// All users in the organizations are allowed (or denied) access, unless overridden by
	// following group or user rules.
	TunnelAccessControlEntryTypeOrganizations TunnelAccessControlEntryType = "organizations"

	// The access control entry is a list of repositories. Users are allowed access to the
	// tunnel if they have access to the repo.
	TunnelAccessControlEntryTypeRepositories TunnelAccessControlEntryType = "repositories"

	// The access control entry is a list of public keys. Users are allowed access if they
	// can authenticate using a private key corresponding to one of the public keys.
	TunnelAccessControlEntryTypePublicKeys TunnelAccessControlEntryType = "publicKeys"

	// The access control entry is a list of IP address ranges that are allowed (or denied)
	// access to the tunnel.
	TunnelAccessControlEntryTypeIPAddressRanges TunnelAccessControlEntryType = "iPAddressRanges"
)

type TunnelAccessScope

type TunnelAccessScope string
const (
	// Allows creating tunnels. This scope is valid only in policies at the global, domain,
	// or organization level; it is not relevant to an already-created tunnel or tunnel port.
	// (Creation of ports requires "manage" or "host" access to the tunnel.)
	TunnelAccessScopeCreate TunnelAccessScope = "create"

	// Allows management operations on tunnels and tunnel ports.
	TunnelAccessScopeManage TunnelAccessScope = "manage"

	// Allows accepting connections on tunnels as a host.
	TunnelAccessScopeHost TunnelAccessScope = "host"

	// Allows inspecting tunnel connection activity and data.
	TunnelAccessScopeInspect TunnelAccessScope = "inspect"

	// Allows connecting to tunnels as a client.
	TunnelAccessScopeConnect TunnelAccessScope = "connect"
)

type TunnelAccessScopes

type TunnelAccessScopes []TunnelAccessScope

Defines scopes for tunnel access tokens.

type TunnelAccessSubject

type TunnelAccessSubject struct {
	// Gets or sets the type of subject, e.g. user, group, or organization.
	Type TunnelAccessControlEntryType `json:"type"`

	// Gets or sets the subject ID.
	//
	// The ID is typically a guid or integer that is unique within the scope of the identity
	// provider or organization, and never changes for that subject.
	ID string `json:"id,omitempty"`

	// Gets or sets the subject organization ID, which may be required if an organization is
	// not implied by the authentication context.
	OrganizationID string `json:"organizationId,omitempty"`

	// Gets or sets the partial or full subject name.
	//
	// When resolving a subject name to ID, a partial name may be provided, and the full name
	// is returned if the partial name was successfully resolved. When formatting a subject
	// ID to name, the full name is returned if the ID was found.
	Name string `json:"name,omitempty"`

	// Gets or sets an array of possible subject matches, if a partial name was provided and
	// did not resolve to a single subject.
	//
	// This property applies only when resolving subject names to IDs.
	Matches []TunnelAccessSubject `json:"matches,omitempty"`
}

Properties about a subject of a tunnel access control entry (ACE), used when resolving subject names to IDs when creating new ACEs, or formatting subject IDs to names when displaying existing ACEs.

type TunnelAuthenticationScheme

type TunnelAuthenticationScheme string
const (
	// Authentication scheme for AAD (or Microsoft account) access tokens.
	TunnelAuthenticationSchemeAad TunnelAuthenticationScheme = "aad"

	// Authentication scheme for GitHub access tokens.
	TunnelAuthenticationSchemeGitHub TunnelAuthenticationScheme = "github"

	// Authentication scheme for tunnel access tokens.
	TunnelAuthenticationSchemeTunnel TunnelAuthenticationScheme = "tunnel"
)

type TunnelAuthenticationSchemes

type TunnelAuthenticationSchemes []TunnelAuthenticationScheme

Defines string constants for authentication schemes supported by tunnel service APIs.

type TunnelConnectionMode

type TunnelConnectionMode string

Specifies the connection protocol / implementation for a tunnel.

Depending on the connection mode, hosts or clients might need to use different authentication and connection protocols.

const (
	// Connect directly to the host over the local network.
	//
	// While it's technically not "tunneling", this mode may be combined with others to
	// enable choosing the most efficient connection mode available.
	TunnelConnectionModeLocalNetwork TunnelConnectionMode = "localNetwork"

	// Use the tunnel service's integrated relay function.
	TunnelConnectionModeTunnelRelay TunnelConnectionMode = "tunnelRelay"

	// Connect via a Live Share workspace's Azure Relay endpoint.
	TunnelConnectionModeLiveShareRelay TunnelConnectionMode = "liveShareRelay"
)

type TunnelEndpoint

type TunnelEndpoint struct {
	// Gets or sets the connection mode of the endpoint.
	//
	// This property is required when creating or updating an endpoint.  The subclass type is
	// also an indication of the connection mode, but this property is necessary to determine
	// the subclass type when deserializing.
	ConnectionMode TunnelConnectionMode `json:"connectionMode"`

	// Gets or sets the ID of the host that is listening on this endpoint.
	//
	// This property is required when creating or updating an endpoint.  If the host supports
	// multiple connection modes, the host's ID is the same for all the endpoints it
	// supports. However different hosts may simultaneously accept connections at different
	// endpoints for the same tunnel, if enabled in tunnel options.
	HostID string `json:"hostId"`

	// Gets or sets an array of public keys, which can be used by clients to authenticate the
	// host.
	HostPublicKeys []string `json:"hostPublicKeys,omitempty"`

	// Gets or sets a string used to format URIs where a web client can connect to ports of
	// the tunnel. The string includes a `TunnelEndpoint.PortUriToken` that must be replaced
	// with the actual port number.
	PortURIFormat string `json:"portUriFormat,omitempty"`

	LiveShareRelayTunnelEndpoint
	LocalNetworkTunnelEndpoint
	TunnelRelayTunnelEndpoint
}

Base class for tunnel connection parameters.

A tunnel endpoint specifies how and where hosts and clients can connect to a tunnel. There is a subclass for each connection mode, each having different connection parameters. A tunnel may have multiple endpoints for one host (or multiple hosts), and clients can select their preferred endpoint(s) from those depending on network environment or client capabilities.

type TunnelHeaderName

type TunnelHeaderName string
const (
	// Additional authorization header that can be passed to tunnel web forwarding to
	// authenticate and authorize the client. The format of the value is the same as
	// Authorization header that is sent to the Tunnel service by the tunnel SDK. Supported
	// schemes: "tunnel" with the tunnel access JWT good for 'Connect' scope.
	TunnelHeaderNameXTunnelAuthorization TunnelHeaderName = "X-Tunnel-Authorization"

	// Request ID header that nginx ingress controller adds to all requests if it's not
	// there.
	TunnelHeaderNameXRequestID TunnelHeaderName = "X-Request-ID"

	// Github Ssh public key which can be used to validate if it belongs to tunnel's owner.
	TunnelHeaderNameXGithubSshKey TunnelHeaderName = "X-Github-Ssh-Key"
)

type TunnelHeaderNames

type TunnelHeaderNames []TunnelHeaderName

Header names for http requests that Tunnel Service can handle

type TunnelOptions

type TunnelOptions struct {
	// Gets or sets a value indicating whether web-forwarding of this tunnel can run on any
	// cluster (region) without redirecting to the home cluster. This is only applicable if
	// the tunnel has a name and web-forwarding uses it.
	IsGloballyAvailable bool `json:"isGloballyAvailable,omitempty"`
}

Data contract for `Tunnel` or `TunnelPort` options.

type TunnelPort

type TunnelPort struct {
	// Gets or sets the ID of the cluster the tunnel was created in.
	ClusterID string `json:"clusterId,omitempty"`

	// Gets or sets the generated ID of the tunnel, unique within the cluster.
	TunnelID string `json:"tunnelId,omitempty"`

	// Gets or sets the IP port number of the tunnel port.
	PortNumber uint16 `json:"portNumber"`

	// Gets or sets the protocol of the tunnel port.
	//
	// Should be one of the string constants from `TunnelProtocol`.
	Protocol string `json:"protocol,omitempty"`

	// Gets or sets a dictionary mapping from scopes to tunnel access tokens.
	//
	// Unlike the tokens in `Tunnel.AccessTokens`, these tokens are restricted to the
	// individual port.
	AccessTokens map[TunnelAccessScope]string `json:"accessTokens,omitempty"`

	// Gets or sets access control settings for the tunnel port.
	//
	// See `TunnelAccessControl` documentation for details about the access control model.
	AccessControl *TunnelAccessControl `json:"accessControl,omitempty"`

	// Gets or sets options for the tunnel port.
	Options *TunnelOptions `json:"options,omitempty"`

	// Gets or sets current connection status of the tunnel port.
	Status *TunnelPortStatus `json:"status,omitempty"`
}

Data contract for tunnel port objects managed through the tunnel service REST API.

func NewTunnelPort

func NewTunnelPort(portNumber uint16, clusterId string, tunnelId string, protocol TunnelProtocol) *TunnelPort

func (*TunnelPort) Table

func (tp *TunnelPort) Table() table.Table

type TunnelPortStatus

type TunnelPortStatus struct {
	// Gets or sets the number of clients currently connected to the port.
	//
	// The client connection count does not include the host. (See the
	// `TunnelStatus.HostConnectionCount` property for host connection status. Hosts always
	// listen for incoming connections on all tunnel ports simultaneously.)
	ClientConnectionCount uint32 `json:"clientConnectionCount"`

	// Gets or sets the UTC date time when a client was last connected to the port.
	LastClientConnectionTime *time.Time `json:"lastClientConnectionTime,omitempty"`
}

Data contract for `TunnelPort` status.

type TunnelProtocol

type TunnelProtocol string

Defines possible values for the protocol of a `TunnelPort`.

const (
	// The protocol is automatically detected. (TODO: Define detection semantics.)
	TunnelProtocolAuto TunnelProtocol = "auto"

	// Unknown TCP protocol.
	TunnelProtocolTcp TunnelProtocol = "tcp"

	// Unknown UDP protocol.
	TunnelProtocolUdp TunnelProtocol = "udp"

	// SSH protocol.
	TunnelProtocolSsh TunnelProtocol = "ssh"

	// Remote desktop protocol.
	TunnelProtocolRdp TunnelProtocol = "rdp"

	// HTTP protocol.
	TunnelProtocolHttp TunnelProtocol = "http"

	// HTTPS protocol.
	TunnelProtocolHttps TunnelProtocol = "https"
)

type TunnelRelayTunnelEndpoint

type TunnelRelayTunnelEndpoint struct {
	// Gets or sets the host URI.
	HostRelayURI string `json:"hostRelayUri,omitempty"`

	// Gets or sets the client URI.
	ClientRelayURI string `json:"clientRelayUri,omitempty"`
}

Parameters for connecting to a tunnel via the tunnel service's built-in relay function.

type TunnelRequestOptions

type TunnelRequestOptions struct {
	// Token used for authentication for service.
	AccessToken string

	// Additional headers to be included in the request.
	AdditionalHeaders map[string]string

	// Indicates whether HTTP redirect responses will be automatically followed.
	FollowRedirects bool

	// Flag that requests tunnel ports when retrieving a tunnel object.
	IncludePorts bool

	// List of scopes that are needed for the current request.
	Scopes TunnelAccessScopes

	// List of token scopes that are requested when retrieving a tunnel or tunnel port object.
	TokenScopes TunnelAccessScopes

	// If there is another tunnel with the name requested in updateTunnel, try to acquire the name from the other tunnel.
	ForceRename bool
}

Options that are sent in requests to the tunnels service.

type TunnelServiceProperties

type TunnelServiceProperties struct {
	// Gets the base URI of the service.
	ServiceURI string `json:"serviceUri"`

	// Gets the public AAD AppId for the service.
	//
	// Clients specify this AppId as the audience property when authenticating to the
	// service.
	ServiceAppID string `json:"serviceAppId"`

	// Gets the internal AAD AppId for the service.
	//
	// Other internal services specify this AppId as the audience property when
	// authenticating to the tunnel service. Production services must be in the AME tenant to
	// use this appid.
	ServiceInternalAppID string `json:"serviceInternalAppId"`

	// Gets the client ID for the service's GitHub app.
	//
	// Clients apps that authenticate tunnel users with GitHub specify this as the client ID
	// when requesting a user token.
	GitHubAppClientID string `json:"gitHubAppClientId"`
}

Provides environment-dependent properties about the service.

type TunnelStatus

type TunnelStatus struct {
	// Gets or sets the number of hosts currently accepting connections to the tunnel.
	//
	// This is typically 0 or 1, but may be more than 1 if the tunnel options allow multiple
	// hosts.
	HostConnectionCount uint32 `json:"hostConnectionCount"`

	// Gets or sets the UTC time when a host was last accepting connections to the tunnel, or
	// null if a host has never connected.
	LastHostConnectionTime *time.Time `json:"lastHostConnectionTime,omitempty"`

	// Gets or sets the number of clients currently connected to the tunnel.
	ClientConnectionCount uint32 `json:"clientConnectionCount"`

	// Gets or sets the UTC time when a client last connected to the tunnel, or null if a
	// client has never connected.
	LastClientConnectionTime *time.Time `json:"lastClientConnectionTime"`
}

Data contract for `Tunnel` status.

type UserAgent

type UserAgent struct {
	Name    string
	Version string
}

UserAgent contains the name and version of the client.

Directories

Path Synopsis
ssh

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL