az network bastion tunnel - Localhost tunnel only - Add ability to listen on IP or Any IP address.

Hyper200 commented 2 years ago

If the issue is to do with Azure CLI 2.0 in-particular, create an issue here at Azure/azure-cli

This is autogenerated. Please review and update as needed.

Describe the bug

Command Name az network bastion tunnel

Errors:

The command failed with an unexpected error. Here is the traceback:
invalid literal for int() with base 10: '0.0.0.0:54321'
Traceback (most recent call last):
  File "/opt/az/lib/python3.8/site-packages/knack/cli.py", line 231, in invoke
    cmd_result = self.invocation.execute(args)
  File "/opt/az/lib/python3.8/site-packages/azure/cli/core/commands/__init__.py", line 658, in execute
    raise ex
  File "/opt/az/lib/python3.8/site-packages/azure/cli/core/commands/__init__.py", line 721, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "/opt/az/lib/python3.8/site-packages/azure/cli/core/commands/__init__.py", line 692, in _run_job
    result = cmd_copy(params)
  File "/opt/az/lib/python3.8/site-packages/azure/cli/core/commands/__init__.py", line 328, in __call__
    return self.handler(*args, **kwargs)
  File "/opt/az/lib/python3.8/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
    return op(**command_args)
  File "/opt/az/lib/python3.8/site-packages/azure/cli/command_modules/network/custom.py", line 8212, in create_bastion_tunnel
    tunnel_server = get_tunnel(cmd, resource_group_name, bastion_host_name, target_resource_id, resource_port, port)
  File "/opt/az/lib/python3.8/site-packages/azure/cli/command_modules/network/custom.py", line 8198, in get_tunnel
    tunnel_server = TunnelServer(cmd.cli_ctx, 'localhost', port, bastion, vm_id, resource_port)
  File "/opt/az/lib/python3.8/site-packages/azure/cli/command_modules/network/tunnel.py", line 43, in __init__
    self.local_port = int(local_port)
ValueError: invalid literal for int() with base 10: '0.0.0.0:54321'

To Reproduce:

Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.

Put any pre-requisite steps here...
az network bastion tunnel --name bas-defra-prod-uks-01 --resource-group RG-UKS-DEFRA-PROD-01 --target-resource-id ########## --resource-port "3389" --port "0.0.0.0:54321"

Expected Behavior

Environment Summary

Linux-5.10.60.1-microsoft-standard-WSL2-x86_64-with-glibc2.29, Ubuntu 20.04.3 LTS
Python 3.8.12
Installer: DEB

azure-cli 2.34.1

Extensions:
azure-firewall 0.3.0
image-copy-extension 0.2.8

Dependencies:
msal 1.16.0
azure-mgmt-resource 20.0.0

Additional Context

I use azure cli via WSL in ubuntu, unfortunately the following command does not work

az network bastion tunnel --name bas-defra-prod-uks-01 --resource-group RG-UKS-DEFRA-PROD-01 --target-resource-id --resource-port "3389" --port "0.0.0.0:54321

Presumable this is because it is expecting a port only, the issue here is i want to use the RDP client on windows, which would go via the tunnel in wsl via the WSL IP.

The --port by default will listen on localhost only, can this be updated to allow to set an IP address as shown in the exmaple above? as this allows for WSL port forwarding.

Thanks,

Joe.

ghost commented 2 years ago

Thank you for your feedback. This has been routed to the support team for assistance.

yonzhan commented 2 years ago

route to CXP team

georgewfisher commented 2 years ago

@yonzhan Any updates on this issue?

yonzhan commented 2 years ago

bastion service team should take a look

navba-MSFT commented 2 years ago

@Hyper200 Apologies for the late reply. Thanks for reaching out to us and reporting this issue. I am looking into this ask. I will get back to you once I have more Information on this.

navba-MSFT commented 2 years ago

@Hyper200 Unfortunately, At this time we only allow the port to be a local host port which wouldn’t allow how it’s specified. Alternatively you can do this tunnel and then forward the port to the address you want to. Hope this helps.

Hyper200 commented 2 years ago

Can we re-open this please?

You can't use a tunnel on WSL because you must listen on 0.0.0.0 for it to be accessable via Windows whilst the ubuntu instance is running the command.

ghost commented 2 years ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @aznetsuppgithub.

Issue Details

- If the issue is to do with Azure CLI 2.0 in-particular, create an issue here at [Azure/azure-cli](https://github.com/Azure/azure-cli/issues) ### **This is autogenerated. Please review and update as needed.** ## Describe the bug **Command Name** `az network bastion tunnel` **Errors:** ``` The command failed with an unexpected error. Here is the traceback: invalid literal for int() with base 10: '0.0.0.0:54321' Traceback (most recent call last): File "/opt/az/lib/python3.8/site-packages/knack/cli.py", line 231, in invoke cmd_result = self.invocation.execute(args) File "/opt/az/lib/python3.8/site-packages/azure/cli/core/commands/__init__.py", line 658, in execute raise ex File "/opt/az/lib/python3.8/site-packages/azure/cli/core/commands/__init__.py", line 721, in _run_jobs_serially results.append(self._run_job(expanded_arg, cmd_copy)) File "/opt/az/lib/python3.8/site-packages/azure/cli/core/commands/__init__.py", line 692, in _run_job result = cmd_copy(params) File "/opt/az/lib/python3.8/site-packages/azure/cli/core/commands/__init__.py", line 328, in __call__ return self.handler(*args, **kwargs) File "/opt/az/lib/python3.8/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler return op(**command_args) File "/opt/az/lib/python3.8/site-packages/azure/cli/command_modules/network/custom.py", line 8212, in create_bastion_tunnel tunnel_server = get_tunnel(cmd, resource_group_name, bastion_host_name, target_resource_id, resource_port, port) File "/opt/az/lib/python3.8/site-packages/azure/cli/command_modules/network/custom.py", line 8198, in get_tunnel tunnel_server = TunnelServer(cmd.cli_ctx, 'localhost', port, bastion, vm_id, resource_port) File "/opt/az/lib/python3.8/site-packages/azure/cli/command_modules/network/tunnel.py", line 43, in __init__ self.local_port = int(local_port) ValueError: invalid literal for int() with base 10: '0.0.0.0:54321' ``` ## To Reproduce: Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information. - _Put any pre-requisite steps here..._ - `az network bastion tunnel --name bas-defra-prod-uks-01 --resource-group RG-UKS-DEFRA-PROD-01 --target-resource-id ########## --resource-port "3389" --port "0.0.0.0:54321"` ## Expected Behavior ## Environment Summary ``` Linux-5.10.60.1-microsoft-standard-WSL2-x86_64-with-glibc2.29, Ubuntu 20.04.3 LTS Python 3.8.12 Installer: DEB azure-cli 2.34.1 Extensions: azure-firewall 0.3.0 image-copy-extension 0.2.8 Dependencies: msal 1.16.0 azure-mgmt-resource 20.0.0 ``` ## Additional Context ----- I use azure cli via WSL in ubuntu, unfortunately the following command does not work az network bastion tunnel --name bas-defra-prod-uks-01 --resource-group RG-UKS-DEFRA-PROD-01 --target-resource-id --resource-port "3389" --port "0.0.0.0:54321 Presumable this is because it is expecting a port only, the issue here is i want to use the RDP client on windows, which would go via the tunnel in wsl via the WSL IP. The --port by default will listen on localhost only, can this be updated to allow to set an IP address as shown in the exmaple above? as this allows for WSL port forwarding. Thanks, Joe.

Author:	Hyper200
Assignees:	navba-MSFT
Labels:	`customer-reported`, `Network`, `Service Attention`, `feature-request`, `Network - Bastion`, `Auto-Assign`
Milestone:	Backlog

navba-MSFT commented 2 years ago

@Hyper200 I am adding Service Team to look into this issue.

@aznetsuppgithub Could you please look into this as and provide an update once you get a chance ? Awaiting your reply.

navba-MSFT commented 2 years ago

@Hyper200 I have heard back from the Product Owners that they don’t think they have this feature scheduled yet, but they can certainly look into it. In the meantime, would you be able to use the native client’s rdp connectivity? I was able to verify that it works from a WSL session with one of my test VMs. Awaiting your reply.

ghost commented 2 years ago

Hi, we're sending this friendly reminder because we haven't heard back from you in a while. We need more information about this issue to help address it. Please be sure to give us your input within the next 7 days. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you!

Hyper200 commented 2 years ago

Hi @navba-MSFT

I'm not entirly sure what the native RDP from wsl via Azure CLI is but i'll go and do some digging and see. I have a work around in that i just use the azure CLI from the windows machine and use RDP on that, but i would rather keep my configurations from WSL where possiable.

Azure / azure-cli-extensions