{"id":20064348,"url":"https://github.com/cedws/iapc","last_synced_at":"2025-10-19T04:22:55.488Z","repository":{"id":101974136,"uuid":"607235882","full_name":"cedws/iapc","owner":"cedws","description":"Alternative client and Go library for Google Cloud's Identity-Aware Proxy","archived":false,"fork":false,"pushed_at":"2024-10-20T19:23:02.000Z","size":92,"stargazers_count":12,"open_issues_count":0,"forks_count":3,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-10-20T23:54:21.098Z","etag":null,"topics":["go","google-cloud","identity-aware-proxy"],"latest_commit_sha":null,"homepage":"https://pkg.go.dev/github.com/cedws/iapc","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cedws.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE-GPL","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-27T15:37:47.000Z","updated_at":"2024-10-20T19:23:06.000Z","dependencies_parsed_at":null,"dependency_job_id":"6bf05501-21d3-4bae-95ec-ff3ff1e9ef85","html_url":"https://github.com/cedws/iapc","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cedws%2Fiapc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cedws%2Fiapc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cedws%2Fiapc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cedws%2Fiapc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cedws","download_url":"https://codeload.github.com/cedws/iapc/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224458390,"owners_count":17314655,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["go","google-cloud","identity-aware-proxy"],"created_at":"2024-11-13T13:45:46.988Z","updated_at":"2025-10-19T04:22:55.479Z","avatar_url":"https://github.com/cedws.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# iapc\nAlternative client and Go library for Google Cloud's Identity-Aware Proxy. This is based on an implementation in [gartnera/gcloud](https://github.com/gartnera/gcloud) and the official gcloud source code. It aims to expose more functionality and have better performance. It's worth mentioning that the IAP speaks a slightly modified version of the SSH Relay v4 protocol documented [here](https://chromium.googlesource.com/apps/libapps/+/HEAD/nassh/docs/relay-protocol.md#corp-relay-v4).\n\n```mermaid\nflowchart LR\n    subgraph Client\n        Client1[Client 1] --- IAPC\n        Client2[Client 2] --- IAPC\n    end\n    subgraph Google Cloud\n        IAPC -- WebSocket --\u003e IAP(Identity-Aware Proxy)\n        IAP --- Instance\n        IAP --- HostIP[\"Host (requires BeyondCorp)\"]\n    end\n```\n\n## Installation\n\n### Brew\n\n```bash\nbrew install cedws/tap/iapc\n```\n\n### Scoop\n\n```bash\nscoop bucket add cedws https://github.com/cedws/scoop-bucket.git\nscoop install iapc\n```\n\n### Go\n\n```bash\ngo install github.com/cedws/iapc@latest\n```\n\n## CLI\nThe CLI needs to acquire Application Default Credentials (ADC) to authenticate with the proxy, so make sure you're logged in.\n\n```sh\n$ gcloud auth login --update-adc\n```\n\n\u003e [!IMPORTANT]\n\u003e Your VPC will need a firewall rule to allow traffic to the instance on the desired port (in this case 8080) from the well-known IAP range 35.235.240.0/20. See [Using IAP for TCP Forwarding](https://cloud.google.com/iap/docs/using-tcp-forwarding) for more information.\n\nHere's an example of how to create a tunnel to an instance on default port 22.\n\n```sh\n$ iapc to-instance prod-1 --project analog-figure-330721 --zone europe-west2-a\n```\n\nHere's an example of how to create a tunnel to a private IP or FQDN in a VPC. This **requires** BeyondCorp Enterprise and a TCP Destination Group.\n\n```sh\n$ iapc to-host 192.168.0.1 --project analog-figure-330721 --region europe-west2 --network prod --dest-group prod\n```\n\n## Example Code\nThis code example wires stdin/stdout to a port 8080 TCP connection on an instance. Run `nc -l 0.0.0.0 8080` on the instance to observe bidirectional communication.\n\n\u003e [!IMPORTANT]\n\u003e Your VPC will need a firewall rule to allow traffic to the instance on the desired port (in this case 8080) from the well-known IAP range 35.235.240.0/20. See [Using IAP for TCP Forwarding](https://cloud.google.com/iap/docs/using-tcp-forwarding) for more information.\n\n```go\npackage main\n\nimport (\n\t\"context\"\n\t\"io\"\n\t\"log\"\n\t\"os\"\n\n\t\"github.com/cedws/iapc/iap\"\n\t\"golang.org/x/oauth2/google\"\n)\n\nfunc main() {\n\ttokenSource, err := google.DefaultTokenSource(context.Background())\n\tif err != nil {\n\t\tlog.Fatal(err)\n\t}\n\n\topts := []iap.DialOption{\n\t\tiap.WithProject(\"analog-figure-330721\"),\n\t\tiap.WithInstance(\"prod-1\", \"europe-west2-a\", \"nic0\"),\n\t\tiap.WithPort(\"8080\"),\n\t\tiap.WithTokenSource(\u0026tokenSource),\n\t}\n\n\ttun, err := iap.Dial(context.Background(), opts...)\n\tif err != nil {\n\t\tlog.Fatal(err)\n\t}\n\tdefer tun.Close()\n\n\tlog.Println(\"Connected!\")\n\n\tgo io.Copy(tun, os.Stdout)\n\tio.Copy(os.Stdin, tun)\n}\n```\n\n## License\nThis project is licensed under your choice of MIT or GPLv3.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcedws%2Fiapc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcedws%2Fiapc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcedws%2Fiapc/lists"}