Skip to content

[Bastion] Fixing Bastion tunnel establishment issue #8952

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
yanzhudd merged 7 commits into from
Jul 10, 2025
Merged

[Bastion] Fixing Bastion tunnel establishment issue #8952

yanzhudd merged 7 commits into from
Jul 10, 2025

Conversation

@FumingZhang
Copy link
Member

@FumingZhang FumingZhang commented Jul 9, 2025

This checklist is used to make sure that common guidelines for a pull request are followed.

Related command

az aks bastion tunnel

When testing whether the local port is occupied, explicitly specify the local addr (127.0.0.1), otherwise it may fall back to 0.0.0.0 and cause an error.

Replacing #8916

General Guidelines

  • Have you run azdev style <YOUR_EXT> locally? (pip install azdev required)
  • Have you run python scripts/ci/test_index.py -q locally? (pip install wheel==0.30.0 required)
  • My extension version conforms to the Extension version schema

For new extensions:

About Extension Publish

There is a pipeline to automatically build, upload and publish extension wheels.
Once your pull request is merged into main branch, a new pull request will be created to update src/index.json automatically.
You only need to update the version information in file setup.py and historical information in file HISTORY.rst in your PR but do not modify src/index.json.

sabbour and others added 7 commits July 1, 2025 00:17
@sabbour
Fixing Bastion tunnel establishment issue
156f08b 
When running az network bastion tunnel inside WSL2, the command hangs for ~60 seconds before opening the tunnel. This is caused by a port availability check using socket.connect_ex(('', port)), which resolves to 0.0.0.0 and causes a timeout in WSL.

See examples

```
strace -f -tt python3 -c "import socket; import time; s=socket.socket(); s.settimeout(5); t=time.time(); r=s.connect_ex(('', 44444)); print(f'Result: {r}, Time: {time.time()-t:.2f}s')"
```

Output:
```
00:03:27.779861 socket(AF_INET, SOCK_STREAM|SOCK_CLOEXEC, IPPROTO_IP) = 3 00:03:27.780376 ioctl(3, FIONBIO, [1]) = 0 00:03:27.780642 connect(3, {sa_family=AF_INET, sin_port=htons(44444), sin_addr=inet_addr("0.0.0.0")}, 16) = -1 EINPROGRESS (Operation now in progress) 00:03:27.781179 poll([{fd=3, events=POLLOUT|POLLERR}], 1, 5000) = 0 (Timeout) 00:03:32.787945 write(1, "Result: 11, Time: 5.01s\n", 24Result: 11, Time: 5.01s ) = 24 00:03:32.788904 rt_sigaction(SIGINT, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK, sa_restorer=0x7db0bc045330}, {sa_handler=0x6e7170, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK, sa_restorer=0x7db0bc045330}, 8) = 0 00:03:32.792342 getsockname(3, {sa_family=AF_INET, sin_port=htons(47226), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
```
vs

```
strace -f -tt python3 -c "import socket; import time; s=socket.socket(); s.settimeout(5); t=time.time(); r=s.connect_ex(('127.0.0.1', 44444)); print(f'Result: {r}, Time: {time.time()-t:.2f}s')"
```

Output:
```
00:03:32.793450 getpeername(3, 0x7ffde75bdb70, [16]) = -1 ENOTCONN (Transport endpoint is not connected) 00:03:32.794071 close(3) = 0 00:03:32.800493 munmap(0x7db0bc531000, 16384) = 0 00:03:32.801438 exit_group(0) = ? 00:03:32.803541 +++ exited with 0 +++
```
@sabbour
Fixing is_port_open logic
b19cb03 
The logic was inverted. `sock.connect_ex` returns 0 if the connection is successful, hence when the port is open.
@sabbour
Revert "Fixing is_port_open logic"
3b1356b 
This reverts commit b19cb03.
@sabbour
Updated API version in test recording to 2024-07-01
340b3f6
@sabbour
Bump version to 1.4.2 and update HISTORY.rst with bug fix for tunnel
02fcc3c
@sabbour
Update test_bastion_host_crud.yaml
5866d33 
Attempting to fix the test case
@FumingZhang
fix
a8de4f8
Copilot AI review requested due to automatic review settings July 9, 2025 04:47
@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented Jul 9, 2025
edited
Loading

️✔️Azure CLI Extensions Breaking Change Test
️✔️Non Breaking Changes

@yonzhan
Copy link
Collaborator

yonzhan commented Jul 9, 2025

Thank you for your contribution! We will review the pull request and get back to you soon.

@github-actions
Copy link

github-actions bot commented Jul 9, 2025

The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR.

Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions).
After that please run the following commands to enable git hooks:

pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>

Copilot AI reviewed Jul 9, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the bastion extension to v1.4.2 and fixes the tunnel port check by explicitly specifying the local address to avoid falling back to 0.0.0.0.

  • Bump extension version to 1.4.2.
  • Change connect_ex call to use self.local_addr when checking port availability.
  • Add HISTORY entry for the new version.

Reviewed Changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated no comments.

File Description
src/bastion/setup.py Updated VERSION constant to 1.4.2.
src/bastion/azext_bastion/tunnel.py Changed port check to connect_ex((self.local_addr, local_port)).
src/bastion/HISTORY.rst Added 1.4.2 release notes.
Comments suppressed due to low confidence (2)

src/bastion/azext_bastion/tunnel.py:73

  • Add unit tests for is_port_open to verify behavior when specifying local_addr (e.g., 127.0.0.1) and ensure it avoids fallback to 0.0.0.0 as intended.
            if sock.connect_ex((self.local_addr, self.local_port)) == 0:

src/bastion/HISTORY.rst:7

  • [nitpick] Consider expanding this release note to describe the specific issue resolved (explicitly specifying local_addr to avoid fallback to 0.0.0.0 causing errors) for better clarity.
* Bug fix for tunnel.

@github-actions
Copy link

github-actions bot commented Jul 9, 2025

CodeGen Tools Feedback Collection

Thank you for using our CodeGen tool. We value your feedback, and we would like to know how we can improve our product. Please take a few minutes to fill our codegen survey

@FumingZhang FumingZhang mentioned this pull request Jul 9, 2025
Closed
4 tasks
@github-actions
Copy link

github-actions bot commented Jul 9, 2025

@yanzhudd yanzhudd changed the title [Bug] Fixing Bastion tunnel establishment issue [Bastion] Fixing Bastion tunnel establishment issue Jul 10, 2025
@yanzhudd yanzhudd merged commit 576883c into Azure:main Jul 10, 2025
44 checks passed
@azclibot
Copy link
Collaborator

azclibot commented Jul 10, 2025

[Release] Update index.json for extension [ bastion-1.4.2 ] : https://dev.azure.com/msazure/One/_build/results?buildId=129866627&view=results

@FumingZhang FumingZhang deleted the fuming/fix-bastion-0709 branch September 10, 2025 03:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@yanzhudd yanzhudd yanzhudd approved these changes

@zhoxing-ms zhoxing-ms Awaiting requested review from zhoxing-ms

@yonzhan yonzhan Awaiting requested review from yonzhan

@jsntcy jsntcy Awaiting requested review from jsntcy

@kairu-ms kairu-ms Awaiting requested review from kairu-ms

@necusjz necusjz Awaiting requested review from necusjz

+1 more reviewer

@anvrao1 anvrao1 anvrao1 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@zhoxing-ms zhoxing-ms

@yanzhudd yanzhudd

Labels

AKS Auto-Assign Auto assign by bot Network

Projects

None yet

Milestone

August 2025 (2025-08-05)

Development

Successfully merging this pull request may close these issues.

8 participants

@FumingZhang @yonzhan @azclibot @yanzhudd @anvrao1 @necusjz @zhoxing-ms @sabbour