Documentation
¶
Overview ¶
Package app runs the application proxy process. It keeps dynamic labels updated, heart beats its presence, checks access controls, and forwards connections between the tunnel and the target host.
Index ¶
- func CopyAndConfigureTLS(log logrus.FieldLogger, client auth.AccessCache, config *tls.Config) *tls.Config
- func FindPublicAddr(client FindPublicAddrClient, appPublicAddr string, appName string) (string, error)
- type AWSSigninRequest
- type AWSSigninResponse
- type Cloud
- type CloudConfig
- type Config
- type ConnMonitor
- type FindPublicAddrClient
- type Server
- func (s *Server) Close() error
- func (s *Server) ForceHeartbeat() error
- func (s *Server) HandleConnection(conn net.Conn)
- func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request)
- func (s *Server) Shutdown(ctx context.Context) error
- func (s *Server) Start(ctx context.Context) (err error)
- func (s *Server) Wait() error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CopyAndConfigureTLS ¶
func CopyAndConfigureTLS(log logrus.FieldLogger, client auth.AccessCache, config *tls.Config) *tls.Config
CopyAndConfigureTLS can be used to copy and modify an existing *tls.Config for Teleport application proxy servers.
func FindPublicAddr ¶
func FindPublicAddr(client FindPublicAddrClient, appPublicAddr string, appName string) (string, error)
FindPublicAddr tries to resolve the public address of the proxy of this cluster.
Types ¶
type AWSSigninRequest ¶
type AWSSigninRequest struct {
// Identity is the identity of the user requesting signin URL.
Identity *tlsca.Identity
// TargetURL is the target URL within the console.
TargetURL string
// Issuer is the application public URL.
Issuer string
// ExternalID is the AWS external ID.
ExternalID string
}
AWSSigninRequest is a request to generate AWS console signin URL.
func (*AWSSigninRequest) CheckAndSetDefaults ¶
func (r *AWSSigninRequest) CheckAndSetDefaults() error
CheckAndSetDefaults validates the request.
type AWSSigninResponse ¶
type AWSSigninResponse struct {
// SigninURL is the console signin URL.
SigninURL string
}
AWSSigninResponse contains AWS console signin URL.
type Cloud ¶
type Cloud interface {
// GetAWSSigninURL generates AWS management console federation sign-in URL.
GetAWSSigninURL(AWSSigninRequest) (*AWSSigninResponse, error)
}
Cloud provides cloud provider access related methods such as generating sign in URLs for management consoles.
type CloudConfig ¶
type CloudConfig struct {
// Session is AWS session.
Session *awssession.Session
// Clock is used to override time in tests.
Clock clockwork.Clock
}
CloudConfig is the configuration for cloud service.
func (*CloudConfig) CheckAndSetDefaults ¶
func (c *CloudConfig) CheckAndSetDefaults() error
CheckAndSetDefaults validates the config.
type Config ¶
type Config struct {
// Clock is used to control time.
Clock clockwork.Clock
// DataDir is the path to the data directory for the server.
DataDir string
// AuthClient is a client directly connected to the Auth server.
AuthClient *auth.Client
// AccessPoint is a caching client connected to the Auth Server.
AccessPoint auth.AppsAccessPoint
// TLSConfig is the *tls.Config for this server.
TLSConfig *tls.Config
// CipherSuites is the list of TLS cipher suites that have been configured
// for this process.
CipherSuites []uint16
// Hostname is the hostname where this application agent is running.
Hostname string
// HostID is the id of the host where this application agent is running.
HostID string
// Authorizer is used to authorize requests.
Authorizer authz.Authorizer
// GetRotation returns the certificate rotation state.
GetRotation services.RotationGetter
// Apps is a list of statically registered apps this agent proxies.
Apps types.Apps
// CloudLabels is a service that imports labels from a cloud provider. The labels are shared
// between all apps.
CloudLabels labels.Importer
// OnHeartbeat is called after every heartbeat. Used to update process state.
OnHeartbeat func(error)
// Cloud provides cloud provider access related functionality.
Cloud Cloud
// ResourceMatchers is a list of app resource matchers.
ResourceMatchers []services.ResourceMatcher
// OnReconcile is called after each database resource reconciliation.
OnReconcile func(types.Apps)
// ConnectedProxyGetter gets the proxies teleport is connected to.
ConnectedProxyGetter *reversetunnel.ConnectedProxyGetter
// Emitter is an event emitter.
Emitter events.Emitter
// ConnectionMonitor monitors connections and terminates any if
// any session controls prevent them.
ConnectionMonitor ConnMonitor
}
Config is the configuration for an application server.
func (*Config) CheckAndSetDefaults ¶
CheckAndSetDefaults makes sure the configuration has the minimum required to function.
type ConnMonitor ¶
type ConnMonitor interface {
MonitorConn(ctx context.Context, authzCtx *authz.Context, conn net.Conn) (context.Context, net.Conn, error)
}
ConnMonitor monitors authorized connections and terminates them when session controls dictate so.
type FindPublicAddrClient ¶
type FindPublicAddrClient interface {
// GetProxies returns a list of proxy servers registered in the cluster
GetProxies() ([]types.Server, error)
// GetClusterName gets the name of the cluster from the backend.
GetClusterName(opts ...services.MarshalOption) (types.ClusterName, error)
}
FindPublicAddrClient is a client used for finding public addresses.
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server is an application server. It authenticates requests from the web proxy and forwards them to internal applications.
func (*Server) ForceHeartbeat ¶
ForceHeartbeat is used in tests to force updating of app servers.
func (*Server) HandleConnection ¶
HandleConnection takes a connection and wraps it in a listener, so it can be passed to http.Serve to process as a HTTP request.
func (*Server) ServeHTTP ¶
func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request)
ServeHTTP will forward the *http.Request to the target application.
Source Files
Directories