Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ZT] Add warp-cli target list #17382

Merged
merged 5 commits into from
Oct 14, 2024
Merged

[ZT] Add warp-cli target list #17382

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
4879e59
add list-targets
ranbel Oct 7, 2024
8304277
update target list output
ranbel Oct 8, 2024
75fb6d7
update feature availability
ranbel Oct 8, 2024
c63960b
no mobile support
ranbel Oct 14, 2024
f2162d0
add back mobile support
ranbel Oct 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions src/content/changelogs/warp.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ entries:
A new GA release for the Linux WARP client is now available in the [package repository](https://pkg.cloudflareclient.com/). This release contains minor fixes and minor improvements.

Notable updates:
- Added `list targets` to the `warp-cli` to enhance the user experience with the [Access for Infrastructure SSH](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/) solution.
- Added `target list` to the `warp-cli` to enhance the user experience with the [Access for Infrastructure SSH](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/) solution.
- Added the ability to customize PCAP options in the `warp-cli`.
- Added a list of installed applications in `warp-diag`.
- Added a `tunnel reset mtu` subcommand to the `warp-cli`.
Expand All @@ -36,7 +36,7 @@ entries:
A new GA release for the Windows WARP client is now available in the [App Center](https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution_groups/release). This release contains minor fixes and improvements.

Notable updates:
- Added `list targets` to the `warp-cli` to enhance the user experience with the [Access for Infrastructure SSH](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/) solution.
- Added `target list` to the `warp-cli` to enhance the user experience with the [Access for Infrastructure SSH](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/) solution.
- Added [pre-login](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-prelogin/) configuration details to the `warp-diag` output.
- Added a `tunnel reset mtu` subcommand to the `warp-cli`.
- Added a JSON output option to the `warp-cli`.
Expand All @@ -57,7 +57,7 @@ entries:
All customers running macOS Ventura 13.0 and above (including Sequoia) are advised to upgrade to this release. This release fixes an incompatibility with the firewall found on macOS Sonoma 14.4 and above that could result in the firewall being disabled.

Notable updates:
- Added `list targets` to the `warp-cli` to enhance the user experience with the [Access for Infrastructure SSH](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/) solution.
- Added `target list` to the `warp-cli` to enhance the user experience with the [Access for Infrastructure SSH](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/) solution.
- Added a `tunnel reset mtu` subcommand to the `warp-cli`.
- Added the ability for `warp-cli` to use the team name provided in the MDM file for initial registration.
- Added a JSON output option to the `warp-cli`.
Expand Down
49 changes: 49 additions & 0 deletions src/content/docs/cloudflare-one/applications/non-http/infrastructure-apps.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,23 @@ sidebar:

import { Badge, Details, Tabs, TabItem, Render } from "~/components";

<Details header="Feature availability">

| [WARP modes](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/) | [Zero Trust plans](https://www.cloudflare.com/teams-pricing/) |
| ----------------------------------------------------------------------------------------- | ------------------------------------------------------------- |
| <ul><li> Gateway with WARP</li><li> Secure Web Gateway without DNS filtering </li></ul> | All plans |

| System | Availability |
| -------- | ------------ |
| Windows | ✅ |
| macOS | ✅ |
| Linux | ✅ |
| iOS | ✅ |
| Android | ✅ |
| ChromeOS | ✅ |

</Details>

Access for Infrastructure allows you to have granular control over how users access individual servers, clusters, or databases in your private network. By adding an infrastructure application to Cloudflare Access, you can configure how users authenticate to the resource as well as control and authorize the ports, protocols, and usernames that they can connect with. Access and command logs ensure regulatory compliance and allow for auditing of user activity in case of a security breach.

:::note
Expand Down Expand Up @@ -64,6 +81,38 @@ To connect to targets that are in different VNETS, users will need to [switch th
If a user is connected to a target in VNET-A and needs to connect to a target in VNET-B, switching their VNET will not break any existing connections to targets within VNET-A. At present, connections are maintained between VNETs.
:::

### Display available targets

<Details header="Feature availability">

| System | Availability | Minimum WARP version |
| -------- | ------------ | -------------------- |
| Windows | ✅ | 2024.9.346.0 |
| macOS | ✅ | 2024.9.346.0 |
| Linux | ✅ | 2024.9.346.0 |
| iOS | ❌ | |
| Android | ❌ | |
| ChromeOS | ❌ | |


</Details>

Users can use `warp-cli` to display a list of targets they can access. On the WARP device, open a terminal and run the following command:

```sh
warp-cli target list
```

```sh output
╭──────────────────────────────────────┬──────────┬──────┬────────────────────────────────┬───────────────────────────────────────────────────┬───────────╮
│ Target ID │ Protocol │ Port │ Attributes │ IP (Virtual Network) │ Usernames │
├──────────────────────────────────────┼──────────┼──────┼────────────────────────────────┼───────────────────────────────────────────────────┼───────────┤
│ 0192027a-ef8a-7966-aff6-4576475db365 │ SSH │ 22 │ hostname: digital-ocean-target │ 10.116.0.3 (a663a21c-76e5-4e3c-8296-d856682269f9) │ root │
├──────────────────────────────────────┼──────────┼──────┼────────────────────────────────┼───────────────────────────────────────────────────┼───────────┤
│ 0192027a-ef8a-7966-aff6-4576475db365 │ SSH │ 23 │ hostname: digital-ocean-target │ 10.116.0.3 (a663a21c-76e5-4e3c-8296-d856682269f9) │ root │
╰──────────────────────────────────────┴──────────┴──────┴────────────────────────────────┴───────────────────────────────────────────────────┴───────────╯
```

## Revoke a user's session

To revoke a user's access to all infrastructure targets, you can either [revoke the user from Zero Trust](/cloudflare-one/identity/users/session-management/#per-user) or revoke their device. Cloudflare does not currently support revoking a user's session for a specific target.
Loading