[Bastion] fixing azure cli experience for ip connect (Azure#6222)

* fixing azure cli experience for ip connect

* stlying fixes

* removing debug lines

src/bastion/HISTORY.rst

@@ -2,6 +2,12 @@
 
 Release History
 ===============
+0.2.4
+++++++
+* Fixing blocking of IP connect with AZ CLI tunnel to allow only standard ports.
+* documentation update
+* security fixes
+
 0.2.3
 ++++++
 * Fixes for IP address connect

src/bastion/README.md

@@ -1,6 +1,12 @@
 # Azure CLI Bastion Extension #
 This is an extension to Azure CLI to manage Bastion resources.
 
+Documentation References: 
+
+https://learn.microsoft.com/en-us/azure/bastion/connect-ip-address#connect-to-vm---native-client
+
+https://learn.microsoft.com/en-us/azure/bastion/connect-native-client-windows#connect-IP
+
 ## How to use ##
 Manage Azure Bastion host machines.
 

src/bastion/azext_bastion/custom.py

@@ -154,6 +154,9 @@ def ssh_bastion_host(cmd, auth_type, target_resource_id, target_ip_address, reso
     if ip_connect:
         target_resource_id = f"/subscriptions/{get_subscription_id(cmd.cli_ctx)}/resourceGroups/{resource_group_name}/providers/Microsoft.Network/bh-hostConnect/{target_ip_address}"
 
+    if ip_connect and int(resource_port) not in [22, 3389]:
+        raise UnrecognizedArgumentError("Custom ports are not allowed. Allowed ports for Tunnel with IP connect is 22, 3389.")
+
     _validate_resourceid(cmd, bastion, resource_group_name, target_resource_id, target_ip_address)
     bastion_endpoint = _get_bastion_endpoint(cmd, bastion, resource_port, target_resource_id)
 
@@ -244,6 +247,9 @@ def rdp_bastion_host(cmd, target_resource_id, target_ip_address, resource_group_
     if ip_connect:
         target_resource_id = f"/subscriptions/{get_subscription_id(cmd.cli_ctx)}/resourceGroups/{resource_group_name}/providers/Microsoft.Network/bh-hostConnect/{target_ip_address}"
 
+    if ip_connect and int(resource_port) not in [22, 3389]:
+        raise UnrecognizedArgumentError("Custom ports are not allowed. Allowed ports for Tunnel with IP connect is 22, 3389.")
+
     _validate_resourceid(cmd, bastion, resource_group_name, target_resource_id, target_ip_address)
     bastion_endpoint = _get_bastion_endpoint(cmd, bastion, resource_port, target_resource_id)
 
@@ -312,8 +318,7 @@ def _get_bastion_endpoint(cmd, bastion, resource_port, target_resource_id):
 def _write_to_file(response):
     with open("conn.rdp", "w", encoding="utf-8") as f:
         for line in response.text.splitlines():
-            if not line.startswith('signscope'):
-                f.write(line + "\n")
+            f.write(line + "\n")
 
 
 def _get_tunnel(cmd, bastion, bastion_endpoint, vm_id, resource_port, port=None):
@@ -353,6 +358,9 @@ def create_bastion_tunnel(cmd, target_resource_id, target_ip_address, resource_g
     if ip_connect:
         target_resource_id = f"/subscriptions/{get_subscription_id(cmd.cli_ctx)}/resourceGroups/{resource_group_name}/providers/Microsoft.Network/bh-hostConnect/{target_ip_address}"
 
+    if ip_connect and int(resource_port) not in [22, 3389]:
+        raise UnrecognizedArgumentError("Custom ports are not allowed. Allowed ports for Tunnel with IP connect is 22, 3389.")
+
     _validate_resourceid(cmd, bastion, resource_group_name, target_resource_id, target_ip_address)
     bastion_endpoint = _get_bastion_endpoint(cmd, bastion, resource_port, target_resource_id)
 

src/bastion/azext_bastion/tunnel.py

@@ -220,5 +220,4 @@ def get_port(self):
         return self.local_port
 
     def set_host_name(self, hostname):
-        logger.debug("hereeeeeee")
         self.host_name = hostname

src/bastion/setup.py

@@ -10,7 +10,7 @@
 
 
 # HISTORY.rst entry.
-VERSION = '0.2.3'
+VERSION = '0.2.4'
 
 # The full list of classifiers is available at
 # https://pypi.python.org/pypi?%3Aaction=list_classifiers