Merge pull request #123 from lbrlabs/azure_bugfixed

feat(IP-routing): Enable IP forwarding and support multiple routes

provider/pkg/provider/azure/userdata.tmpl

@@ -1,5 +1,8 @@
 #!/bin/sh
 
+echo "set some kernel values"
+sudo sysctl -w net.ipv4.ip_forward=1
+
 echo "Installing Tailscale"
 curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/focal.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
 curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/focal.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list

schema.yaml

@@ -26,9 +26,11 @@ resources:
  subnetId:
  type: string
  description: "The subnet Ids to launch instances in."
- route:
- type: string
- description: "The route you'd like to advertise via tailscale."
+ routes:
+ type: array
+ items:
+ type: string
+ description: "The routes you'd like to advertise via tailscale."
  location:
  type: string
  description: "The Azure region you're using."
@@ -52,7 +54,7 @@ resources:
  - highAvailability
  - resourceGroupName
  - subnetId
- - route
+ - routes
  - location
  - tailscaleTags
  properties:

sdk/dotnet/TailscaleBastion/Azure/Bastion.cs

@@ -90,11 +90,17 @@ public sealed class BastionArgs : global::Pulumi.ResourceArgs
  [Input("resourceGroupName", required: true)]
  public Input<string> ResourceGroupName { get; set; } = null!;
 
+ [Input("routes", required: true)]
+ private InputList<string>? _routes;
+
  /// <summary>
- /// The route you'd like to advertise via tailscale.
+ /// The routes you'd like to advertise via tailscale.
  /// </summary>
- [Input("route", required: true)]
- public Input<string> Route { get; set; } = null!;
+ public InputList<string> Routes
+ {
+ get => _routes ?? (_routes = new InputList<string>());
+ set => _routes = value;
+ }
 
  /// <summary>
  /// The subnet Ids to launch instances in.

sdk/nodejs/azure/bastion.ts

@@ -48,8 +48,8 @@ export class Bastion extends pulumi.ComponentResource {
  if ((!args || args.resourceGroupName === undefined) && !opts.urn) {
  throw new Error("Missing required property 'resourceGroupName'");
  }
- if ((!args || args.route === undefined) && !opts.urn) {
- throw new Error("Missing required property 'route'");
+ if ((!args || args.routes === undefined) && !opts.urn) {
+ throw new Error("Missing required property 'routes'");
  }
  if ((!args || args.subnetId === undefined) && !opts.urn) {
  throw new Error("Missing required property 'subnetId'");
@@ -63,7 +63,7 @@ export class Bastion extends pulumi.ComponentResource {
  resourceInputs["location"] = args ? args.location : undefined;
  resourceInputs["public"] = (args ? args.public : undefined) ?? false;
  resourceInputs["resourceGroupName"] = args ? args.resourceGroupName : undefined;
- resourceInputs["route"] = args ? args.route : undefined;
+ resourceInputs["routes"] = args ? args.routes : undefined;
  resourceInputs["subnetId"] = args ? args.subnetId : undefined;
  resourceInputs["tailscaleTags"] = args ? args.tailscaleTags : undefined;
  resourceInputs["privateKey"] = undefined /*out*/;
@@ -106,9 +106,9 @@ export interface BastionArgs {
  */
  resourceGroupName: pulumi.Input<string>;
  /**
- * The route you'd like to advertise via tailscale.
+ * The routes you'd like to advertise via tailscale.
  */
- route: pulumi.Input<string>;
+ routes: pulumi.Input<pulumi.Input<string>[]>;
  /**
  * The subnet Ids to launch instances in.
  */

sdk/python/lbrlabs_pulumi_tailscalebastion/azure/bastion.py

@@ -17,7 +17,7 @@ def __init__(__self__, *,
  high_availability: Optional[pulumi.Input[bool]] = None,
  location: pulumi.Input[str],
  resource_group_name: pulumi.Input[str],
- route: pulumi.Input[str],
+ routes: pulumi.Input[Sequence[pulumi.Input[str]]],
  subnet_id: pulumi.Input[str],
  tailscale_tags: pulumi.Input[Sequence[pulumi.Input[str]]],
  enable_ssh: Optional[pulumi.Input[bool]] = None,
@@ -28,7 +28,7 @@ def __init__(__self__, *,
  :param pulumi.Input[bool] high_availability: Whether the bastion should be highly available.
  :param pulumi.Input[str] location: The Azure region you're using.
  :param pulumi.Input[str] resource_group_name: The Azure resource group to create the bastion in.
- :param pulumi.Input[str] route: The route you'd like to advertise via tailscale.
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] routes: The routes you'd like to advertise via tailscale.
  :param pulumi.Input[str] subnet_id: The subnet Ids to launch instances in.
  :param pulumi.Input[Sequence[pulumi.Input[str]]] tailscale_tags: The tags to apply to the tailnet device andauth key. This tag should be added to your oauth key and ACL.
  :param pulumi.Input[bool] enable_ssh: Whether to enable SSH access to the bastion.
@@ -40,7 +40,7 @@ def __init__(__self__, *,
  pulumi.set(__self__, "high_availability", high_availability)
  pulumi.set(__self__, "location", location)
  pulumi.set(__self__, "resource_group_name", resource_group_name)
- pulumi.set(__self__, "route", route)
+ pulumi.set(__self__, "routes", routes)
  pulumi.set(__self__, "subnet_id", subnet_id)
  pulumi.set(__self__, "tailscale_tags", tailscale_tags)
  if enable_ssh is None:
@@ -92,15 +92,15 @@ def resource_group_name(self, value: pulumi.Input[str]):
 
  @property
  @pulumi.getter
- def route(self) -> pulumi.Input[str]:
+ def routes(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
  """
- The route you'd like to advertise via tailscale.
+ The routes you'd like to advertise via tailscale.
  """
- return pulumi.get(self, "route")
+ return pulumi.get(self, "routes")
 
- @route.setter
- def route(self, value: pulumi.Input[str]):
- pulumi.set(self, "route", value)
+ @routes.setter
+ def routes(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
+ pulumi.set(self, "routes", value)
 
  @property
  @pulumi.getter(name="subnetId")
@@ -174,7 +174,7 @@ def __init__(__self__,
  location: Optional[pulumi.Input[str]] = None,
  public: Optional[pulumi.Input[bool]] = None,
  resource_group_name: Optional[pulumi.Input[str]] = None,
- route: Optional[pulumi.Input[str]] = None,
+ routes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
  subnet_id: Optional[pulumi.Input[str]] = None,
  tailscale_tags: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
  __props__=None):
@@ -188,7 +188,7 @@ def __init__(__self__,
  :param pulumi.Input[str] location: The Azure region you're using.
  :param pulumi.Input[bool] public: Whether the bastion should have a public IP.
  :param pulumi.Input[str] resource_group_name: The Azure resource group to create the bastion in.
- :param pulumi.Input[str] route: The route you'd like to advertise via tailscale.
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] routes: The routes you'd like to advertise via tailscale.
  :param pulumi.Input[str] subnet_id: The subnet Ids to launch instances in.
  :param pulumi.Input[Sequence[pulumi.Input[str]]] tailscale_tags: The tags to apply to the tailnet device andauth key. This tag should be added to your oauth key and ACL.
  """
@@ -221,7 +221,7 @@ def _internal_init(__self__,
  location: Optional[pulumi.Input[str]] = None,
  public: Optional[pulumi.Input[bool]] = None,
  resource_group_name: Optional[pulumi.Input[str]] = None,
- route: Optional[pulumi.Input[str]] = None,
+ routes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
  subnet_id: Optional[pulumi.Input[str]] = None,
  tailscale_tags: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
  __props__=None):
@@ -253,9 +253,9 @@ def _internal_init(__self__,
  if resource_group_name is None and not opts.urn:
  raise TypeError("Missing required property 'resource_group_name'")
  __props__.__dict__["resource_group_name"] = resource_group_name
- if route is None and not opts.urn:
- raise TypeError("Missing required property 'route'")
- __props__.__dict__["route"] = route
+ if routes is None and not opts.urn:
+ raise TypeError("Missing required property 'routes'")
+ __props__.__dict__["routes"] = routes
  if subnet_id is None and not opts.urn:
  raise TypeError("Missing required property 'subnet_id'")
  __props__.__dict__["subnet_id"] = subnet_id