Skip to content

Add support for proxying TCP apps#13455

Merged
r0mant merged 2 commits intomasterfrom
roman/tcp
Jul 26, 2022
Merged

Add support for proxying TCP apps#13455
r0mant merged 2 commits intomasterfrom
roman/tcp

Conversation

@r0mant
Copy link
Copy Markdown
Collaborator

@r0mant r0mant commented Jun 14, 2022
edited
Loading

This PR adds support for proxying TCP applications in App Access. Closes #10216. Also closes #10952.

Users can define a TCP application same way as they define HTTP apps, for example in the static config or using dynamic registration:

app_service:
  enabled: "yes"
  apps:
  - name: "ponger"
    description: "Ping pong"
    uri: tcp://localhost:9876
  - name: "postgres"
    description: "PostgreSQL"
    uri: tcp://localhost:5432

tsh apps ls now specifies the application protocol:

$ tsh apps ls
Application  Description   Type Public Address                   Labels
------------ ------------- ---- -------------------------------- ----------------------------------
dumper       Header dumper HTTP dumper.root.gravitational.io     app=dumper,teleport.dev/origin
elastic      Elasticsearch HTTP elastic.root.gravitational.io    app=elastic,teleport.dev/origin
opensearch   OpenSearch    HTTP opensearch.root.gravitational.io app=opensearch,teleport.dev/origin
ponger       Ping pong     TCP  ponger.root.gravitational.io     app=ponger,teleport.dev/origin
postgres     PostgreSQL    TCP  postgres.root.gravitational.io   teleport.dev/origin

After fetching credentials for a TCP application, a user starts a local proxy:

$ tsh app login postgres
Logged into TCP app postgres. Start the local TCP proxy for it:

  tsh proxy app postgres

Then connect to the application through this proxy.

$ tsh proxy app postgres
Proxying connections to postgres on 127.0.0.1:54720

Then they can connect to the local proxy with the app's client as if they were connecting to the app directly:

$ psql postgres://r0mant@localhost:54720/test
psql (14.2, server 13.5 (Debian 13.5-1.pgdg110+1))
Type "help" for help.

test=#

Docs and the webapps PR to update UI for the new audit event will come separately.

@github-actions github-actions Bot added application-access audit-log Issues related to Teleports Audit Log tsh tsh - Teleport's command line tool for logging into nodes running Teleport. labels Jun 14, 2022
rosstimothy
rosstimothy reviewed Jun 14, 2022
View reviewed changes
Comment thread lib/srv/app/tcpserver.go Outdated
Comment thread lib/srv/app/tcpserver.go
Comment thread lib/utils/proxyconn.go Outdated
Comment thread lib/utils/proxyconn.go Outdated
smallinsky
smallinsky reviewed Jun 14, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@smallinsky smallinsky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

First pass, I have left some suggestions.

Comment thread integration/app_integration_test.go
Comment thread tool/tsh/proxy.go Outdated
Comment thread lib/utils/proxyconn.go Outdated
Comment thread lib/web/apps.go
@r0mant r0mant requested review from alistanis and removed request for capnspacehook and nklaassen June 15, 2022 16:44
alistanis
alistanis reviewed Jun 15, 2022
View reviewed changes
Comment thread lib/web/app/handler.go
@r0mant
Copy link
Copy Markdown
Collaborator Author

r0mant commented Jun 24, 2022

@rosstimothy @smallinsky @alistanis Sorry about the delay folks, just got a chance to address your comments. PTAL.

rosstimothy
rosstimothy reviewed Jun 27, 2022
View reviewed changes
Comment thread lib/utils/proxyconn.go
@greedy52 greedy52 mentioned this pull request Jul 4, 2022
Closed
@stereobutter stereobutter mentioned this pull request Jul 6, 2022
Closed
@r0mant r0mant requested a review from rosstimothy July 11, 2022 18:43
nklaassen
nklaassen reviewed Jul 11, 2022
View reviewed changes
Comment thread lib/utils/proxyconn.go Outdated
@r0mant r0mant enabled auto-merge (squash) July 19, 2022 22:33
@r0mant r0mant merged commit 38b8bb4 into master Jul 26, 2022
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jul 26, 2022

@r0mant See the table below for backport results.

Branch Result
branch/v10 Failed

@r0mant r0mant deleted the roman/tcp branch July 26, 2022 19:17
@r0mant r0mant mentioned this pull request Jul 26, 2022
Merged
r0mant added a commit that referenced this pull request Jul 27, 2022
@r0mant
Add support for proxying TCP apps (#13455)
6b4b112 
Add support for proxying tcp apps
@r0mant r0mant mentioned this pull request Jul 28, 2022
Merged
@jingsunnews
Copy link
Copy Markdown

jingsunnews commented Sep 1, 2022

This method can be used to connect Redshift with Redshift jdbc driver (not postgres driver).

@rosstimothy rosstimothy mentioned this pull request Nov 30, 2022
Merged
@programmerq programmerq mentioned this pull request Dec 3, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gabrielcorado gabrielcorado gabrielcorado approved these changes

@nklaassen nklaassen nklaassen approved these changes

@smallinsky smallinsky smallinsky approved these changes

@rosstimothy rosstimothy rosstimothy approved these changes

+1 more reviewer

@alistanis alistanis alistanis approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

application-access audit-log Issues related to Teleports Audit Log tsh tsh - Teleport's command line tool for logging into nodes running Teleport.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add the application name to the audit log description in Web UI Application access for TCP applications

7 participants

@r0mant @jingsunnews @alistanis @gabrielcorado @nklaassen @smallinsky @rosstimothy