cedws/iapc

# iapc Alternative client and Go library for Google Cloud's Identity-Aware Proxy. This is based on an implementation in [gartnera/gcloud](https://github.com/gartnera/gcloud) and the official gcloud source code. It aims to expose more functionality and have better performance. It's worth mentioning that the IAP speaks a slightly modified version of the SSH Relay v4 protocol documented [here](https://chromium.googlesource.com/apps/libapps/+/HEAD/nassh/docs/relay-protocol.md#corp-relay-v4). flowchart LR subgraph Client Client1[Client 1] --- IAPC Client2[Client 2] --- IAPC end subgraph Google Cloud IAPC -- WebSocket --> IAP(Identity-Aware Proxy) IAP --- Instance IAP --- HostIP["Host (requires BeyondCorp)"] end ## Installation ### Brew brew install cedws/tap/iapc ### Scoop scoop bucket add cedws https://github.com/cedws/scoop-bucket.git scoop install iapc ### Go go install github.com/cedws/iapc@latest ## CLI The CLI needs to acquire Application Default Credentials (ADC) to authenticate with the proxy, so make sure you're logged in. $ gcloud auth login --update-adc Here's an example of how to create a tunnel to an instance on default port 22. $ iapc to-instance prod-1 --project analog-figure-330721 --zone europe-west2-a Here's an example of how to create a tunnel to a private IP or FQDN in a VPC. This **requires** BeyondCorp Enterprise and a TCP Destination Group. $ iapc to-host 192.168.0.1 --project analog-figure-330721 --region europe-west2 --network prod --dest-group prod ## Example Code This code example wires stdin/stdout to a port 8080 TCP connection on an instance. Run `nc -l 0.0.0.0 8080` on the instance to observe bidirectional communication. package main import ( "context" "io" "log" "os" "github.com/cedws/iapc/iap" "golang.org/x/oauth2/google" ) func main() { tokenSource, err := google.DefaultTokenSource(context.Background()) if err != nil { log.Fatal(err) } opts := []iap.DialOption{ iap.WithProject("analog-figure-330721"), iap.WithInstance("prod-1", "europe-west2-a", "nic0"), iap.WithPort("8080"), iap.WithTokenSource(&tokenSource), } tun, err := iap.Dial(context.Background(), opts...) if err != nil { log.Fatal(err) } defer tun.Close() log.Println("Connected!") go io.Copy(tun, os.Stdout) io.Copy(os.Stdin, tun) } ## License This project is licensed under your choice of MIT or GPLv3.

标签：EVTX分析