From 12ed0b96c64dccf2f5bb59bb160ca9a884c5091c Mon Sep 17 00:00:00 2001
From: Jacob Bednarz <jacob.bednarz@gmail.com>
Date: Wed, 24 May 2023 09:11:03 +1000
Subject: [PATCH] tunnels: add support for `access` and `http2Origin` keys

---
 .changelog/1291.txt |  3 +++
 tunnel.go           | 14 ++++++++++++++
 2 files changed, 17 insertions(+)
 create mode 100644 .changelog/1291.txt

diff --git a/.changelog/1291.txt b/.changelog/1291.txt
new file mode 100644
index 00000000000..60c5bf456c7
--- /dev/null
+++ b/.changelog/1291.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+tunnels: add support for `access` and `http2Origin` keys
+```
diff --git a/tunnel.go b/tunnel.go
index 702be8fbc84..30fa97896cb 100644
--- a/tunnel.go
+++ b/tunnel.go
@@ -153,6 +153,20 @@ type OriginRequestConfig struct {
 	ProxyType *string `json:"proxyType,omitempty"`
 	// IP rules for the proxy service
 	IPRules []IngressIPRule `json:"ipRules,omitempty"`
+	// Attempt to connect to origin with HTTP/2
+	Http2Origin *bool `json:"http2Origin,omitempty"`
+	// Access holds all access related configs
+	Access *AccessConfig `json:"access,omitempty"`
+}
+
+type AccessConfig struct {
+	// Required when set to true will fail every request that does not arrive
+	// through an access authenticated endpoint.
+	Required bool `yaml:"required" json:"required,omitempty"`
+	// TeamName is the organization team name to get the public key certificates for.
+	TeamName string `yaml:"teamName" json:"teamName"`
+	// AudTag is the AudTag to verify access JWT against.
+	AudTag []string `yaml:"audTag" json:"audTag"`
 }
 
 type IngressIPRule struct {