bastion: Default resource_port to 443 for managed clusters

[Copilot]

az network bastion tunnel required --resource-port for all targets, including AKS managed clusters which always use port 443. This made the command unnecessarily verbose for the common AKS use case.

Changes

• Made --resource-port optional for tunnel command
• Auto-detect managed clusters via resource ID pattern matching (Microsoft.ContainerService/managedClusters)
• Default to port 443 for managed clusters when not specified
• Maintained existing behavior: resource_port still required for VMs and IP-based connections
• Added integer validation for resource_port across all code paths

Usage

Before:

az network bastion tunnel --name MyBastion --resource-group MyRG \
  --target-resource-id /subscriptions/.../managedClusters/myAKS \
  --resource-port 443 --port 50443

After:

az network bastion tunnel --name MyBastion --resource-group MyRG \
  --target-resource-id /subscriptions/.../managedClusters/myAKS \
  --port 50443

Port 443 is used by default for managed clusters. Override remains available via --resource-port flag.

---

Related command

az network bastion tunnel

General Guidelines

• Have you run azdev style <YOUR_EXT> locally? (pip install azdev required)
• Have you run python scripts/ci/test_index.py -q locally? (pip install wheel==0.30.0 required)
• My extension version conforms to the Extension version schema

For new extensions:

• My extension description/summary conforms to the Extension Summary Guidelines.

About Extension Publish

There is a pipeline to automatically build, upload and publish extension wheels.
Once your pull request is merged into main branch, a new pull request will be created to update src/index.json automatically.
You only need to update the version information in file setup.py and historical information in file HISTORY.rst in your PR but do not modify src/index.json.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>resource port for managed cluster should default to 443</issue_title>
<issue_description>### Describe the bug

managed cluster input for az network bastion tunnel should not accept resource port and should default to 443

Related command

az network bastion tunnel

Errors

n/a

Issue script & Debug output

n/a

Expected behavior

default to 443

Environment Summary

azure cli 2.48.1

Additional context

No response</issue_description>

<agent_instructions>az network bastion tunnel should default to use port 443 and does not need to accept input for resource port</agent_instructions>

Comments on the Issue (you are @copilot in this section)

• Fixes resource port for managed cluster should default to 443 #1

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.