integration

package
v0.0.0-...-5c79d48 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 15, 2024 License: AGPL-3.0 Imports: 44 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// RulerUserName is the name of the admin user.
	// Its client has full admin access to Teleport and can be used to setup
	// fixtures or approve requests in OSS tests
	RulerUserName = "admin"
	// RequesterOSSUserName is the user allowed to request RequestedRoleName.
	// Their role does not have any approval threshold and is compatible with
	// Teleport OSS.
	RequesterOSSUserName = "requester-oss@example.com"
	// Requester1UserName is the name of main role requester. They are allowed
	// to request RequestedRoleName, but require two approvals. This user is
	// only created in Enterprise tests.
	Requester1UserName = "requester1@example.com"
	// Requester2UserName is the name of secondary role requester.
	// Like Requester1UserName they need 2 approvals. This user is used in some
	// auto-approval race tests to see how the plugin behaves when several users
	// request the same role. This user is only created in Enterprise tests.
	Requester2UserName = "requester2@example.com"
	// Reviewer1UserName is one of the two access reviewers. This user is used
	// to test advanced approval workflows (multiple approvals required).
	// This user is only created in enterprise tests.
	Reviewer1UserName = "reviewer1@example.com"
	// Reviewer2UserName is exactly like Reviewer1UserName.
	// This user is only created in enterprise tests.
	Reviewer2UserName = "reviewer2@example.com"
	// PluginUserName is the Teleport user for the plugin.
	PluginUserName = "plugin"

	RequestedRoleName         = teleport.PresetEditorRoleName
	OSSRequesterRoleName      = "oss-requester"
	AdvancedRequesterRoleName = "advanced-requester"
	ReviewerRoleName          = "reviewer"
)
View Source 
const DefaultLicensePath = "/var/lib/teleport/license.pem"
View Source 
const IntegrationAdminRole = "integration-admin"

Variables

This section is empty.

Functions

This section is empty.

Types

type AccessRequestSuite 

type AccessRequestSuite struct {
	suite.Suite
	AuthHelper AuthHelper
	// contains filtered or unexported fields
}

AccessRequestSuite is the base test suite for access requests plugins. It sets up a single Teleport server for all the tests and creates the following fixtures: - Ruler user (admin client) - Requester1 and Requester2 users with the Requester role and an approval threshold of - reviewer users 1 and 2 with the reviewer role (only when running against teleport.e) - access plugin user and roles (a role for access requests, and another for access lists)

It also signs an identity for the plugin and generates a working teleport client configuration.

func (*AccessRequestSuite) AnnotateRequesterRoleAccessRequests 

func (s *AccessRequestSuite) AnnotateRequesterRoleAccessRequests(ctx context.Context, annotationKey string, annotationValue []string)

AnnotateRequesterRoleAccessRequests sets the access request annotations on both requester roles (OSS and Advanced workflows). Those annotations can then be used to route notifications to specific channels, or trigger automatic approval.

func (*AccessRequestSuite) ClientByName 

func (s *AccessRequestSuite) ClientByName(name string) *Client

ClientByName returns the AccessRequestClient for any user. While this can be done via the nice helper functions like Ruler(), there are cases where we want to get clients based on a username (see race tests where the username is in a variable)

func (*AccessRequestSuite) CreateAccessRequest 

func (s *AccessRequestSuite) CreateAccessRequest(ctx context.Context, userName string, suggestedReviewers []string) types.AccessRequest

CreateAccessRequest creates a new access request and submits it.

func (*AccessRequestSuite) NewAccessRequest 

func (s *AccessRequestSuite) NewAccessRequest(userName string, suggestedReviewers []string, padding int) types.AccessRequest

NewAccessRequest creates an access request. The access request reason can be padded with "A" by setting SetReasonPadding.

func (*AccessRequestSuite) Requester1 

func (s *AccessRequestSuite) Requester1() *Client

Requester1 returns the AccessRequestClient for the Requester1 user

func (*AccessRequestSuite) Requester2 

func (s *AccessRequestSuite) Requester2() *Client

Requester2 returns the AccessRequestClient for the Requester2 user

func (*AccessRequestSuite) RequesterOSS 

func (s *AccessRequestSuite) RequesterOSS() *Client

RequesterOSS returns the AccessRequestClient for the RequesterOSS user

func (*AccessRequestSuite) Reviewer1 

func (s *AccessRequestSuite) Reviewer1() *Client

Reviewer1 returns the AccessRequestClient for the Reviewer1 user

func (*AccessRequestSuite) Reviewer2 

func (s *AccessRequestSuite) Reviewer2() *Client

Reviewer2 returns the AccessRequestClient for the Reviewer2 user

func (*AccessRequestSuite) Ruler 

func (s *AccessRequestSuite) Ruler() *Client

Ruler returns the AccessRequestClient for the Ruler user

func (*AccessRequestSuite) RunAndWaitReady 

func (s *AccessRequestSuite) RunAndWaitReady(t *testing.T, app AppI)

RunAndWaitReady is a helper to start an app implementing AppI and wait for it to become ready. This is used to start plugins.

func (*AccessRequestSuite) SetReasonPadding 

func (s *AccessRequestSuite) SetReasonPadding(padding int)

SetReasonPadding sets the padding when creating access request. This is used to test how plugins are behaving when too large messages are sent.

func (*AccessRequestSuite) SetupSuite 

func (s *AccessRequestSuite) SetupSuite()

SetupSuite runs once for the whole test suite. It starts a Teleport instance, creates all the fixtures (users and roles).

func (*AccessRequestSuite) TeleportConfig 

func (s *AccessRequestSuite) TeleportConfig() lib.TeleportConfig

TeleportConfig returns a valid teleport config for the auth server the tests are running against. This config can then be passed to plugins.

func (*AccessRequestSuite) TeleportFeatures 

func (s *AccessRequestSuite) TeleportFeatures() *proto.Features

TeleportFeatures returns the teleport features of the auth server the tests are running against.

type Addr 

type Addr struct {
	Host string
	Port string
}

func (Addr) IsEmpty 

func (addr Addr) IsEmpty() bool

func (Addr) String 

func (addr Addr) String() string

type AppI 

type AppI interface {
	// Run starts the application
	Run(ctx context.Context) error
	// WaitReady waits till the application finishes initialization
	WaitReady(ctx context.Context) (bool, error)
	// Err returns last error
	Err() error
	// Shutdown shuts the application down
	Shutdown(ctx context.Context) error
}

AppI is an app that can be spawned along with running test.

type Auth 

type Auth interface {
	AuthAddr() Addr
}

type AuthHelper 

type AuthHelper interface {
	StartServer(t *testing.T) *client.Client
	ServerAddr() string
	CredentialsForUser(t *testing.T, ctx context.Context, user types.User) client.Credentials
	SignIdentityForUser(t *testing.T, ctx context.Context, user types.User) string
}

AuthHelper is the interface one must implement to run the AccessRequestSuite. It can be implemented by an OSS Auth server, or an Enterprise auth server (in teleport.e).

type AuthService 

type AuthService struct {
	// contains filtered or unexported fields
}

func (*AuthService) AuthAddr 

func (auth *AuthService) AuthAddr() Addr

AuthAddr returns auth service external address.

func (*AuthService) ConfigPath 

func (auth *AuthService) ConfigPath() string

ConfigPath returns auth service config file path.

func (*AuthService) Err 

func (auth *AuthService) Err() error

Err returns auth server error. It's nil If process is not done yet.

func (*AuthService) IsReady 

func (auth *AuthService) IsReady() bool

IsReady indicates if auth server is initialized properly.

func (*AuthService) Run 

func (auth *AuthService) Run(ctx context.Context) error

Run spawns an auth server instance.

func (*AuthService) Shutdown 

func (auth *AuthService) Shutdown(ctx context.Context) error

Shutdown terminates the auth server process and waits for its completion.

func (*AuthService) Stderr 

func (auth *AuthService) Stderr() string

Stderr returns a collected auth server process stderr.

func (*AuthService) Stdout 

func (auth *AuthService) Stdout() string

Stdout returns a collected auth server process stdout.

func (*AuthService) WaitReady 

func (auth *AuthService) WaitReady(ctx context.Context) (bool, error)

WaitReady waits for auth server initialization.

type AuthServiceOption 

type AuthServiceOption func(yaml string) string

func WithCache 

func WithCache() AuthServiceOption

type AuthSetup 

type AuthSetup struct {
	BaseSetup
	Auth         *AuthService
	CacheEnabled bool
}

func (*AuthSetup) SetupService 

func (s *AuthSetup) SetupService(authServiceOptions ...AuthServiceOption)

func (*AuthSetup) SetupSuite 

func (s *AuthSetup) SetupSuite(t *testing.T)

type BaseSetup 

type BaseSetup struct {
	Suite
	Integration *Integration
}

func (*BaseSetup) SetupService 

func (s *BaseSetup) SetupService()

func (*BaseSetup) SetupSuite 

func (s *BaseSetup) SetupSuite(t *testing.T)

type BinPaths 

type BinPaths struct {
	Teleport string
	Tctl     string
	Tsh      string
}

func GetEnterprise 

func GetEnterprise(ctx context.Context, ver, outDir string) (BinPaths, error)

GetEnterprise downloads a Teleport Enterprise distribution.

func GetOSS 

func GetOSS(ctx context.Context, ver, outDir string) (BinPaths, error)

GetOSS downloads a Teleport OSS distribution.

type Bootstrap 

type Bootstrap struct {
	// contains filtered or unexported fields
}

func (*Bootstrap) Add 

func (bootstrap *Bootstrap) Add(resource types.Resource)

func (*Bootstrap) AddRole 

func (bootstrap *Bootstrap) AddRole(name string, spec types.RoleSpecV6) (types.Role, error)

func (*Bootstrap) AddUserWithRoles 

func (bootstrap *Bootstrap) AddUserWithRoles(name string, roles ...string) (types.User, error)

func (*Bootstrap) Resources 

func (bootstrap *Bootstrap) Resources() []types.Resource

type Client 

type Client struct {
	*client.Client
}

Client is a wrapper around *client.Client with some additional methods helpful for testing.

func NewAccessRequestClient 

func NewAccessRequestClient(client *client.Client) *Client

NewAccessRequestClient returns a new integration.Client.

func (*Client) ApproveAccessRequest 

func (api *Client) ApproveAccessRequest(ctx context.Context, reqID, reason string) error

ApproveAccessRequest sets an access request state to APPROVED.

func (*Client) DenyAccessRequest 

func (api *Client) DenyAccessRequest(ctx context.Context, reqID, reason string) error

ApproveAccessRequest sets an access request state to DENIED.

func (*Client) GetAccessRequest 

func (api *Client) GetAccessRequest(ctx context.Context, reqID string) (types.AccessRequest, error)

GetAccessRequest loads an access request.

func (*Client) PollAccessRequestPluginData 

func (api *Client) PollAccessRequestPluginData(ctx context.Context, plugin, reqID string) (map[string]string, error)

PollAccessRequestPluginData waits until plugin data for a give request became available.

func (*Client) SearchAccessRequestEvents 

func (api *Client) SearchAccessRequestEvents(ctx context.Context, reqID string) ([]*events.AccessRequestCreate, error)

SearchAccessRequestEvents searches for recent access request events in audit log.

func (*Client) SubmitAccessRequestReview 

func (api *Client) SubmitAccessRequestReview(ctx context.Context, reqID string, review types.AccessReview) error

SubmitAccessRequestReview is a simpler version of SubmitAccessReview.

type FakeStatusSink 

type FakeStatusSink struct {
	// contains filtered or unexported fields
}

FakeStatusSink is a fake status sink that can be used when testing plugins.

func (*FakeStatusSink) Emit 

func (s *FakeStatusSink) Emit(_ context.Context, status types.PluginStatus) error

Emit implements the common.StatusSink interface.

func (*FakeStatusSink) Get 

func (s *FakeStatusSink) Get() types.PluginStatus

Get returns the last status stored by the plugin.

type Integration 

type Integration struct {
	// contains filtered or unexported fields
}

func New 

func New(ctx context.Context, paths BinPaths, licenseStr string) (*Integration, error)

New initializes a Teleport installation.

func NewFromEnv 

func NewFromEnv(ctx context.Context) (*Integration, error)

NewFromEnv initializes Teleport installation reading binary paths from environment variables such as TELEPORT_BINARY, TELEPORT_BINARY_TCTL or just PATH.

func (*Integration) Bootstrap 

func (integration *Integration) Bootstrap(ctx context.Context, auth *AuthService, resources []types.Resource) error

func (*Integration) Close 

func (integration *Integration) Close()

Close stops all the spawned processes and does a cleanup.

func (*Integration) MakeAdmin 

func (integration *Integration) MakeAdmin(ctx context.Context, auth *AuthService, userName string) (*Client, error)

func (*Integration) NewAuthService 

func (integration *Integration) NewAuthService(opts ...AuthServiceOption) (*AuthService, error)

NewAuthService creates a new auth server instance.

func (*Integration) NewClient 

func (integration *Integration) NewClient(ctx context.Context, auth *AuthService, userName string) (*Client, error)

NewClient builds an API client for a given user.

func (*Integration) NewProxyService 

func (integration *Integration) NewProxyService(auth Auth) (*ProxyService, error)

NewProxyService creates a new auth server instance.

func (*Integration) NewSSHService 

func (integration *Integration) NewSSHService(auth Auth) (*SSHService, error)

NewSSHService creates a new auth server instance.

func (*Integration) NewSignedClient 

func (integration *Integration) NewSignedClient(ctx context.Context, auth Auth, identityPath, userName string) (*Client, error)

NewSignedClient builds a client for a given user given the identity file.

func (*Integration) NewTsh 

func (integration *Integration) NewTsh(proxyAddr, identityPath string) tsh.Tsh

NewTsh makes a new tsh runner.

func (*Integration) SetCAPin 

func (integration *Integration) SetCAPin(ctx context.Context, auth *AuthService) error

SetCAPin sets integration with the auth service's CA Pin.

func (*Integration) Sign 

func (integration *Integration) Sign(ctx context.Context, auth *AuthService, userName string) (string, error)

Sign generates a credentials file for the user and returns an identity file path.

func (*Integration) SignTLS 

func (integration *Integration) SignTLS(ctx context.Context, auth *AuthService, userName string) (*SignTLSPaths, error)

SignTLS generates a set of files to be used for generating the TLS Config: Cert, Key and RootCAs

func (*Integration) Version 

func (integration *Integration) Version() Version

Version returns an auth server version.

type ProxyService 

type ProxyService struct {
	// contains filtered or unexported fields
}

func (*ProxyService) AuthAddr 

func (proxy *ProxyService) AuthAddr() Addr

AuthAddr returns auth service external address.

func (*ProxyService) Err 

func (proxy *ProxyService) Err() error

Err returns proxy service error. It's nil If process is not done yet.

func (*ProxyService) IsReady 

func (proxy *ProxyService) IsReady() bool

IsReady indicates if proxy service is initialized properly.

func (*ProxyService) ReverseTunnelAddr 

func (proxy *ProxyService) ReverseTunnelAddr() Addr

ReverseTunnelAddr returns reverse tunnel external address.

func (*ProxyService) Run 

func (proxy *ProxyService) Run(ctx context.Context) error

Run spawns an proxy service instance.

func (*ProxyService) SSHProxyAddr 

func (proxy *ProxyService) SSHProxyAddr() Addr

SSHProxyAddr returns SSH Proxy external address.

func (*ProxyService) Shutdown 

func (proxy *ProxyService) Shutdown(ctx context.Context) error

Shutdown terminates the proxy service process and waits for its completion.

func (*ProxyService) Stderr 

func (proxy *ProxyService) Stderr() string

Stderr returns a collected proxy service process stderr.

func (*ProxyService) Stdout 

func (proxy *ProxyService) Stdout() string

Stdout returns a collected proxy service process stdout.

func (*ProxyService) WaitReady 

func (proxy *ProxyService) WaitReady(ctx context.Context) (bool, error)

WaitReady waits for proxy service initialization.

func (*ProxyService) WebAndSSHProxyAddr 

func (proxy *ProxyService) WebAndSSHProxyAddr() string

WebAndSSHProxyAddr returns string in a format "host:webport,sshport" needed as tsh --proxy option.

func (*ProxyService) WebProxyAddr 

func (proxy *ProxyService) WebProxyAddr() Addr

WebProxyAddr returns Web Proxy external address.

type ProxySetup 

type ProxySetup struct {
	AuthSetup
	Proxy *ProxyService
}

func (*ProxySetup) SetupService 

func (s *ProxySetup) SetupService()

func (*ProxySetup) SetupSuite 

func (s *ProxySetup) SetupSuite(t *testing.T)

type SSHService 

type SSHService struct {
	// contains filtered or unexported fields
}

func (*SSHService) Addr 

func (ssh *SSHService) Addr() Addr

Addr returns SSH external address.

func (*SSHService) Err 

func (ssh *SSHService) Err() error

Err returns ssh service error. It's nil If process is not done yet.

func (*SSHService) IsReady 

func (ssh *SSHService) IsReady() bool

IsReady indicates if ssh service is initialized properly.

func (*SSHService) Run 

func (ssh *SSHService) Run(ctx context.Context) error

Run spawns an ssh service instance.

func (*SSHService) Shutdown 

func (ssh *SSHService) Shutdown(ctx context.Context) error

Shutdown terminates the ssh service process and waits for its completion.

func (*SSHService) Stderr 

func (ssh *SSHService) Stderr() string

Stderr returns a collected ssh service process stderr.

func (*SSHService) Stdout 

func (ssh *SSHService) Stdout() string

Stdout returns a collected ssh service process stdout.

func (*SSHService) WaitReady 

func (ssh *SSHService) WaitReady(ctx context.Context) (bool, error)

WaitReady waits for ssh service initialization.

type SSHSetup 

type SSHSetup struct {
	ProxySetup
	SSH *SSHService
}

func (*SSHSetup) SetupService 

func (s *SSHSetup) SetupService()

func (*SSHSetup) SetupSuite 

func (s *SSHSetup) SetupSuite(t *testing.T)

type Service 

type Service interface {
	Run(context.Context) error
	WaitReady(ctx context.Context) (bool, error)
	Err() error
	Shutdown(context.Context) error
}

type SignTLSPaths 

type SignTLSPaths struct {
	CertPath   string
	KeyPath    string
	RootCAPath string
}

type Suite 

type Suite struct {
	suite.Suite
	// contains filtered or unexported fields
}

Suite is a basic testing suite enhanced with context management.

func (*Suite) Context 

func (s *Suite) Context() context.Context

Context returns a current test context.

func (*Suite) NewTmpFile 

func (s *Suite) NewTmpFile(pattern string) *os.File

NewTmpFile creates a new temporary file.

func (*Suite) SetContextTimeout 

func (s *Suite) SetContextTimeout(timeout time.Duration) context.Context

SetContextTimeout limits the lifetime of test and app contexts.

func (*Suite) SetT 

func (s *Suite) SetT(t *testing.T)

SetT sets the current *testing.T context.

func (*Suite) StartApp 

func (s *Suite) StartApp(app AppI)

StartApp spawns an app in parallel with the running test/suite.

type Version 

type Version struct {
	*version.Version
	IsEnterprise bool
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.