feat: allow remote hostnames in ssh forward ports

cmd/ssh.go

@@ -10,6 +10,7 @@ import (
 	"os/exec"
 	"path"
 	"strings"
+	"sync"
 	"time"
 
 	"al.essio.dev/pkg/shellescape"
@@ -113,11 +114,11 @@ func NewSSHCmd(f *flags.GlobalFlags) *cobra.Command {
 	sshCmd.Flags().
 		StringArrayVarP(&cmd.ForwardPorts, "forward-ports", "L", []string{},
 			"Specifies that connections to the given TCP port or Unix socket on the local (client) "+
-				"host are to be forwarded to the given host and port, or Unix socket, on the remote side.")
+				"host are to be forwarded to the given host, service name, and port, or Unix socket, on the remote side.")
 	sshCmd.Flags().
 		StringArrayVarP(&cmd.ReverseForwardPorts, "reverse-forward-ports", "R", []string{},
-			"Specifies that connections to the given TCP port or Unix socket on the local (client) "+
-				"host are to be reverse forwarded to the given host and port, or Unix socket, on the remote side.")
+			"Specifies that connections to the given TCP port or Unix socket on the remote side "+
+				"are to be reverse forwarded to the given local host, service name, and port, or Unix socket.")
 	sshCmd.Flags().
 		StringArrayVarP(&cmd.SendEnvVars, "send-env", "", []string{},
 			"Specifies which local env variables shall be sent to the container.")
@@ -400,89 +401,101 @@ func (cmd *SSHCmd) reverseForwardPorts(
 	containerClient *ssh.Client,
 	log log.Logger,
 ) error {
-	timeout, err := cmd.forwardTimeout(log)
-	if err != nil {
-		return fmt.Errorf("parse forward ports timeout: %w", err)
-	}
-
-	errChan := make(chan error, len(cmd.ReverseForwardPorts))
-	for _, portMapping := range cmd.ReverseForwardPorts {
-		mapping, err := port.ParsePortSpec(portMapping)
-		if err != nil {
-			return fmt.Errorf("parse port mapping: %w", err)
-		}
-
-		// start the forwarding
-		log.Infof(
-			"Reverse forwarding local %s/%s to remote %s/%s",
-			mapping.Host.Protocol,
-			mapping.Host.Address,
-			mapping.Container.Protocol,
-			mapping.Container.Address,
-		)
-		go func(portMapping string) {
-			err := devssh.ReversePortForward(
-				ctx,
-				containerClient,
-				mapping.Host.Protocol,
-				mapping.Host.Address,
-				mapping.Container.Protocol,
-				mapping.Container.Address,
-				timeout,
-				log,
-			)
-			if !errors.Is(io.EOF, err) {
-				errChan <- fmt.Errorf("error forwarding %s: %w", portMapping, err)
-			}
-		}(portMapping)
-	}
-
-	return <-errChan
+	return cmd.runPortForwards(ctx, containerClient, portForwardConfig{
+		mappings:    cmd.ReverseForwardPorts,
+		logTemplate: "Reverse forwarding remote %s/%s to local %s/%s",
+		forwardFn:   devssh.ReversePortForward,
+	}, log)
 }
 
 func (cmd *SSHCmd) forwardPorts(
 	ctx context.Context,
 	containerClient *ssh.Client,
 	log log.Logger,
 ) error {
-	timeout, err := cmd.forwardTimeout(log)
+	return cmd.runPortForwards(ctx, containerClient, portForwardConfig{
+		mappings:    cmd.ForwardPorts,
+		logTemplate: "Forwarding local %s/%s to remote %s/%s",
+		forwardFn:   devssh.PortForward,
+	}, log)
+}
+
+type portForwardFunc func(
+	context.Context,
+	*ssh.Client,
+	string,
+	string,
+	string,
+	string,
+	time.Duration,
+	log.Logger,
+) error
+
+type portForwardConfig struct {
+	mappings    []string
+	logTemplate string
+	forwardFn   portForwardFunc
+}
+
+func (cmd *SSHCmd) runPortForwards(
+	ctx context.Context,
+	containerClient *ssh.Client,
+	config portForwardConfig,
+	logger log.Logger,
+) error {
+	timeout, err := cmd.forwardTimeout(logger)
 	if err != nil {
 		return fmt.Errorf("parse forward ports timeout: %w", err)
 	}
 
-	errChan := make(chan error, len(cmd.ForwardPorts))
-	for _, portMapping := range cmd.ForwardPorts {
+	errChan := make(chan error, len(config.mappings))
+	var waitGroup sync.WaitGroup
+	for _, portMapping := range config.mappings {
 		mapping, err := port.ParsePortSpec(portMapping)
 		if err != nil {
 			return fmt.Errorf("parse port mapping: %w", err)
 		}
 
 		// start the forwarding
-		log.Infof(
-			"Forwarding local %s/%s to remote %s/%s",
+		logger.Infof(
+			config.logTemplate,
 			mapping.Host.Protocol,
 			mapping.Host.Address,
 			mapping.Container.Protocol,
 			mapping.Container.Address,
 		)
-		go func(portMapping string) {
-			err := devssh.PortForward(
+		waitGroup.Add(1)
+		go func(portMapping string, mapping port.Mapping) {
+			defer waitGroup.Done()
+
+			err := config.forwardFn(
 				ctx,
 				containerClient,
 				mapping.Host.Protocol,
 				mapping.Host.Address,
 				mapping.Container.Protocol,
 				mapping.Container.Address,
 				timeout,
-				log,
+				logger,
 			)
-			if !errors.Is(io.EOF, err) {
+			if err != nil && !errors.Is(err, io.EOF) {
 				errChan <- fmt.Errorf("error forwarding %s: %w", portMapping, err)
 			}
-		}(portMapping)
+		}(portMapping, mapping)
 	}
 
-	return <-errChan
+	go func() {
+		waitGroup.Wait()
+		close(errChan)
+	}()
+
+	for err := range errChan {
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
 }
 
 func (cmd *SSHCmd) startTunnel(

cmd/ssh_test.go

@@ -1,12 +1,16 @@
 package cmd
 
 import (
+	"context"
 	"os"
 	"path/filepath"
 	"testing"
+	"time"
 
 	"github.com/skevetter/log"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"golang.org/x/crypto/ssh"
 )
 
 func writeGitConfig(t *testing.T, content string) {
@@ -57,3 +61,28 @@ func TestGpgSigningKey_TildeKeyPath_Skipped(t *testing.T) {
 	result := gpgSigningKey(log.Discard)
 	assert.Empty(t, result)
 }
+
+func TestRunPortForwards_ReturnsOnCleanExit(t *testing.T) {
+	cmd := &SSHCmd{}
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
+	defer cancel()
+
+	err := cmd.runPortForwards(ctx, nil, portForwardConfig{
+		mappings:    []string{"8080:80"},
+		logTemplate: "test %s/%s %s/%s",
+		forwardFn: func(
+			context.Context,
+			*ssh.Client,
+			string,
+			string,
+			string,
+			string,
+			time.Duration,
+			log.Logger,
+		) error {
+			return nil
+		},
+	}, log.Discard)
+
+	require.NoError(t, err)
+}

docs/pages/developing-in-workspaces/connect-to-a-workspace.mdx

@@ -92,6 +92,21 @@ Optionally you can also define a command to run:
 devpod ssh my-workspace --command "echo Hello World"
 ```
 
+You can also forward ports while using `devpod ssh`.
+Target hosts can be service names or hostnames that are resolvable from the side that dials them.
+For `--forward-ports`, that is the workspace.
+For `--reverse-forward-ports`, that is the machine running `devpod ssh`.
+
+To forward a local port to a host or service reachable from the workspace:
+```
+devpod ssh my-workspace --forward-ports 18080:nginx:8080
+```
+
+To expose a port inside the workspace that forwards back to a host or service reachable from the machine running `devpod ssh`:
+```
+devpod ssh my-workspace --reverse-forward-ports 15432:postgres.internal:5432
+```
+
 ## IDE Commands
 
 This section shows additional commands to configure DevPod's behavior when opening a workspace.

e2e/tests/up-docker-compose/up_docker_compose.go

@@ -7,6 +7,7 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"net"
 	"net/http"
 	"os"
 	"os/exec"
@@ -161,6 +162,77 @@ var _ = ginkgo.Describe(
 			))
 		}, ginkgo.SpecTimeout(framework.GetTimeout()))
 
+		ginkgo.It("ssh forward ports support remote service names", func(ctx context.Context) {
+			_, workspace, err := tc.setupAndStartWorkspace(
+				ctx,
+				"tests/up-docker-compose/testdata/docker-compose-forward-ports",
+				"--debug",
+			)
+			framework.ExpectNoError(err)
+
+			ids, err := findComposeContainer(
+				ctx,
+				tc.dockerHelper,
+				tc.composeHelper,
+				workspace.UID,
+				"app",
+			)
+			framework.ExpectNoError(err)
+			gomega.Expect(ids).To(gomega.HaveLen(1), "1 compose container to be created")
+
+			listener, err := net.Listen("tcp", "127.0.0.1:0")
+			framework.ExpectNoError(err)
+			localPort := listener.Addr().(*net.TCPAddr).Port
+			framework.ExpectNoError(listener.Close())
+
+			done := make(chan error)
+			sshContext, sshCancel := context.WithCancel(context.Background())
+			go func() {
+				// #nosec G204 -- test command with controlled arguments
+				cmd := exec.CommandContext(
+					sshContext,
+					filepath.Join(tc.f.DevpodBinDir, tc.f.DevpodBinName),
+					"ssh",
+					"--forward-ports",
+					fmt.Sprintf("%d:nginx:8080", localPort),
+					workspace.ID,
+				)
+
+				if err := cmd.Start(); err != nil {
+					done <- err
+					return
+				}
+
+				if err := cmd.Wait(); err != nil {
+					done <- err
+					return
+				}
+
+				done <- nil
+			}()
+
+			gomega.Eventually(func(g gomega.Gomega) {
+				response, err := http.Get(fmt.Sprintf("http://127.0.0.1:%d", localPort))
+				g.Expect(err).NotTo(gomega.HaveOccurred())
+				defer func() { _ = response.Body.Close() }()
+
+				body, err := io.ReadAll(response.Body)
+				g.Expect(err).NotTo(gomega.HaveOccurred())
+				g.Expect(body).To(gomega.ContainSubstring("Thank you for using nginx."))
+			}).
+				WithPolling(1 * time.Second).
+				WithTimeout(20 * time.Second).
+				Should(gomega.Succeed())
+
+			sshCancel()
+			err = <-done
+
+			gomega.Expect(err).To(gomega.Or(
+				gomega.MatchError("signal: killed"),
+				gomega.MatchError(context.Canceled),
+			))
+		}, ginkgo.SpecTimeout(framework.GetTimeout()))
+
 		ginkgo.It("features", func(ctx context.Context) {
 			tempDir, workspace, err := tc.setupAndStartWorkspace(
 				ctx,