[management,proxy,client] Add L4 capabilities (TLS/TCP/UDP) (#5530)

shared/management/proto/management.pb.go

@@ -228,6 +228,7 @@ const (
 	ExposeProtocol_EXPOSE_HTTPS ExposeProtocol = 1
 	ExposeProtocol_EXPOSE_TCP   ExposeProtocol = 2
 	ExposeProtocol_EXPOSE_UDP   ExposeProtocol = 3
+	ExposeProtocol_EXPOSE_TLS   ExposeProtocol = 4
 )
 
 // Enum value maps for ExposeProtocol.
@@ -237,12 +238,14 @@ var (
 		1: "EXPOSE_HTTPS",
 		2: "EXPOSE_TCP",
 		3: "EXPOSE_UDP",
+		4: "EXPOSE_TLS",
 	}
 	ExposeProtocol_value = map[string]int32{
 		"EXPOSE_HTTP":  0,
 		"EXPOSE_HTTPS": 1,
 		"EXPOSE_TCP":   2,
 		"EXPOSE_UDP":   3,
+		"EXPOSE_TLS":   4,
 	}
 )
 
@@ -4047,6 +4050,7 @@ type ExposeServiceRequest struct {
 	UserGroups []string       `protobuf:"bytes,5,rep,name=user_groups,json=userGroups,proto3" json:"user_groups,omitempty"`
 	Domain     string         `protobuf:"bytes,6,opt,name=domain,proto3" json:"domain,omitempty"`
 	NamePrefix string         `protobuf:"bytes,7,opt,name=name_prefix,json=namePrefix,proto3" json:"name_prefix,omitempty"`
+	ListenPort uint32         `protobuf:"varint,8,opt,name=listen_port,json=listenPort,proto3" json:"listen_port,omitempty"`
 }
 
 func (x *ExposeServiceRequest) Reset() {
@@ -4130,14 +4134,22 @@ func (x *ExposeServiceRequest) GetNamePrefix() string {
 	return ""
 }
 
+func (x *ExposeServiceRequest) GetListenPort() uint32 {
+	if x != nil {
+		return x.ListenPort
+	}
+	return 0
+}
+
 type ExposeServiceResponse struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	ServiceName string `protobuf:"bytes,1,opt,name=service_name,json=serviceName,proto3" json:"service_name,omitempty"`
-	ServiceUrl  string `protobuf:"bytes,2,opt,name=service_url,json=serviceUrl,proto3" json:"service_url,omitempty"`
-	Domain      string `protobuf:"bytes,3,opt,name=domain,proto3" json:"domain,omitempty"`
+	ServiceName      string `protobuf:"bytes,1,opt,name=service_name,json=serviceName,proto3" json:"service_name,omitempty"`
+	ServiceUrl       string `protobuf:"bytes,2,opt,name=service_url,json=serviceUrl,proto3" json:"service_url,omitempty"`
+	Domain           string `protobuf:"bytes,3,opt,name=domain,proto3" json:"domain,omitempty"`
+	PortAutoAssigned bool   `protobuf:"varint,4,opt,name=port_auto_assigned,json=portAutoAssigned,proto3" json:"port_auto_assigned,omitempty"`
 }
 
 func (x *ExposeServiceResponse) Reset() {
@@ -4193,6 +4205,13 @@ func (x *ExposeServiceResponse) GetDomain() string {
 	return ""
 }
 
+func (x *ExposeServiceResponse) GetPortAutoAssigned() bool {
+	if x != nil {
+		return x.PortAutoAssigned
+	}
+	return false
+}
+
 type RenewExposeRequest struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -4996,7 +5015,7 @@ var file_management_proto_rawDesc = []byte{
 	0x64, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6d, 0x61,
 	0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x49, 0x6e, 0x66,
 	0x6f, 0x52, 0x0e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x6c, 0x61, 0x74, 0x65, 0x64, 0x50, 0x6f, 0x72,
-	0x74, 0x22, 0xea, 0x01, 0x0a, 0x14, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x53, 0x65, 0x72, 0x76,
+	0x74, 0x22, 0x8b, 0x02, 0x0a, 0x14, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x53, 0x65, 0x72, 0x76,
 	0x69, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f,
 	0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x36,
 	0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e,
@@ -5010,15 +5029,20 @@ var file_management_proto_rawDesc = []byte{
 	0x72, 0x6f, 0x75, 0x70, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18,
 	0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x1f, 0x0a,
 	0x0b, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x07, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x0a, 0x6e, 0x61, 0x6d, 0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x22, 0x73,
-	0x0a, 0x15, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x65, 0x72, 0x76, 0x69,
-	0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x73,
-	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x65,
-	0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x0a, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x55, 0x72, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x64,
-	0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x6f, 0x6d,
-	0x61, 0x69, 0x6e, 0x22, 0x2c, 0x0a, 0x12, 0x52, 0x65, 0x6e, 0x65, 0x77, 0x45, 0x78, 0x70, 0x6f,
+	0x28, 0x09, 0x52, 0x0a, 0x6e, 0x61, 0x6d, 0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x1f,
+	0x0a, 0x0b, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x08, 0x20,
+	0x01, 0x28, 0x0d, 0x52, 0x0a, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x50, 0x6f, 0x72, 0x74, 0x22,
+	0xa1, 0x01, 0x0a, 0x15, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
+	0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x0b, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b,
+	0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x0a, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x55, 0x72, 0x6c, 0x12, 0x16, 0x0a,
+	0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64,
+	0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x2c, 0x0a, 0x12, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x61, 0x75,
+	0x74, 0x6f, 0x5f, 0x61, 0x73, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28,
+	0x08, 0x52, 0x10, 0x70, 0x6f, 0x72, 0x74, 0x41, 0x75, 0x74, 0x6f, 0x41, 0x73, 0x73, 0x69, 0x67,
+	0x6e, 0x65, 0x64, 0x22, 0x2c, 0x0a, 0x12, 0x52, 0x65, 0x6e, 0x65, 0x77, 0x45, 0x78, 0x70, 0x6f,
 	0x73, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x6f, 0x6d,
 	0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69,
 	0x6e, 0x22, 0x15, 0x0a, 0x13, 0x52, 0x65, 0x6e, 0x65, 0x77, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65,
@@ -5039,12 +5063,13 @@ var file_management_proto_rawDesc = []byte{
 	0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x06, 0x0a, 0x02, 0x49, 0x4e, 0x10, 0x00, 0x12, 0x07,
 	0x0a, 0x03, 0x4f, 0x55, 0x54, 0x10, 0x01, 0x2a, 0x22, 0x0a, 0x0a, 0x52, 0x75, 0x6c, 0x65, 0x41,
 	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x0a, 0x0a, 0x06, 0x41, 0x43, 0x43, 0x45, 0x50, 0x54, 0x10,
-	0x00, 0x12, 0x08, 0x0a, 0x04, 0x44, 0x52, 0x4f, 0x50, 0x10, 0x01, 0x2a, 0x53, 0x0a, 0x0e, 0x45,
+	0x00, 0x12, 0x08, 0x0a, 0x04, 0x44, 0x52, 0x4f, 0x50, 0x10, 0x01, 0x2a, 0x63, 0x0a, 0x0e, 0x45,
 	0x78, 0x70, 0x6f, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x0f, 0x0a,
 	0x0b, 0x45, 0x58, 0x50, 0x4f, 0x53, 0x45, 0x5f, 0x48, 0x54, 0x54, 0x50, 0x10, 0x00, 0x12, 0x10,
 	0x0a, 0x0c, 0x45, 0x58, 0x50, 0x4f, 0x53, 0x45, 0x5f, 0x48, 0x54, 0x54, 0x50, 0x53, 0x10, 0x01,
 	0x12, 0x0e, 0x0a, 0x0a, 0x45, 0x58, 0x50, 0x4f, 0x53, 0x45, 0x5f, 0x54, 0x43, 0x50, 0x10, 0x02,
 	0x12, 0x0e, 0x0a, 0x0a, 0x45, 0x58, 0x50, 0x4f, 0x53, 0x45, 0x5f, 0x55, 0x44, 0x50, 0x10, 0x03,
+	0x12, 0x0e, 0x0a, 0x0a, 0x45, 0x58, 0x50, 0x4f, 0x53, 0x45, 0x5f, 0x54, 0x4c, 0x53, 0x10, 0x04,
 	0x32, 0xfd, 0x06, 0x0a, 0x11, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53,
 	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x45, 0x0a, 0x05, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12,
 	0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63,

shared/management/proto/management.proto

@@ -652,6 +652,7 @@ enum ExposeProtocol {
   EXPOSE_HTTPS = 1;
   EXPOSE_TCP = 2;
   EXPOSE_UDP = 3;
+  EXPOSE_TLS = 4;
 }
 
 message ExposeServiceRequest {
@@ -662,12 +663,14 @@ message ExposeServiceRequest {
   repeated string user_groups = 5;
   string domain = 6;
   string name_prefix = 7;
+  uint32 listen_port = 8;
 }
 
 message ExposeServiceResponse {
   string service_name = 1;
   string service_url = 2;
   string domain = 3;
+  bool port_auto_assigned = 4;
 }
 
 message RenewExposeRequest {

shared/management/proto/proxy_service.proto

@@ -27,12 +27,19 @@ service ProxyService {
   rpc ValidateSession(ValidateSessionRequest) returns (ValidateSessionResponse);
 }
 
+// ProxyCapabilities describes what a proxy can handle.
+message ProxyCapabilities {
+  // Whether the proxy can bind arbitrary ports for TCP/UDP/TLS services.
+  optional bool supports_custom_ports = 1;
+}
+
 // GetMappingUpdateRequest is sent to initialise a mapping stream.
 message GetMappingUpdateRequest {
   string proxy_id = 1;
   string version = 2;
   google.protobuf.Timestamp started_at = 3;
   string address = 4;
+  ProxyCapabilities capabilities = 5;
 }
 
 // GetMappingUpdateResponse contains zero or more ProxyMappings.
@@ -61,6 +68,10 @@ message PathTargetOptions {
   google.protobuf.Duration request_timeout = 2;
   PathRewriteMode path_rewrite = 3;
   map<string, string> custom_headers = 4;
+  // Send PROXY protocol v2 header to this backend.
+  bool proxy_protocol = 5;
+  // Idle timeout before a UDP session is reaped.
+  google.protobuf.Duration session_idle_timeout = 6;
 }
 
 message PathMapping {
@@ -91,6 +102,10 @@ message ProxyMapping {
   // When true, Location headers in backend responses are rewritten to replace
   // the backend address with the public-facing domain.
   bool rewrite_redirects = 9;
+  // Service mode: "http", "tcp", "udp", or "tls".
+  string mode = 10;
+  // For L4/TLS: the port the proxy listens on.
+  int32 listen_port = 11;
 }
 
 // SendAccessLogRequest consists of one or more AccessLogs from a Proxy.
@@ -117,6 +132,7 @@ message AccessLog {
   bool auth_success = 13;
   int64 bytes_upload = 14;
   int64 bytes_download = 15;
+  string protocol = 16;
 }
 
 message AuthenticateRequest {