clusters

package
v0.0.0-...-5c79d48 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 15, 2024 License: AGPL-3.0 Imports: 46 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AddMetadataToRetryableError 

func AddMetadataToRetryableError(ctx context.Context, fn func() error) error

AddMetadataToRetryableError is Connect's equivalent of client.RetryWithRelogin. By adding the metadata to the error, we're letting the Electron app know that the given error was caused by expired certs and letting the user log in again should resolve the error upon another attempt.

func NewDBCLICmdBuilder 

func NewDBCLICmdBuilder(cluster *Cluster, routeToDb tlsca.RouteToDatabase, options ...dbcmd.ConnectCommandFunc) *dbcmd.CLICommandBuilder

NewDBCLICmdBuilder creates a dbcmd.CLICommandBuilder with provided cluster, db route, and options.

func UserTypeFromString 

func UserTypeFromString(userType types.UserType) (api.LoggedInUser_UserType, error)

UserTypeFromString converts a string representation of UserType used internally by Teleport to a proto representation used by TerminalService.

Types

type AccessRequest 

type AccessRequest struct {
	URI uri.ResourceURI
	types.AccessRequest
	ResourceDetails map[string]ResourceDetails
}

type App 

type App struct {
	// URI is the app URI
	URI uri.ResourceURI
	// FQDN is the hostname under which the app is accessible within the root cluster.
	// It is included in this struct because the callsite which constructs FQDN must have access to
	// clusters.Cluster.
	FQDN string
	// AWSRoles is a list of AWS IAM roles for the application representing AWS console.
	AWSRoles aws.Roles

	App types.Application
}

App describes an app resource.

type AppOrSAMLIdPServiceProvider 

type AppOrSAMLIdPServiceProvider struct {
	App                    *App
	SAMLIdPServiceProvider *SAMLIdPServiceProvider
}

AppOrSAMLIdPServiceProvider holds either App or SAMLIdPServiceProvider but not both. It is a teleterm version of proto.PaginatedResource_AppServerOrSAMLIdPServiceProvider.

type Cluster 

type Cluster struct {
	// URI is the cluster URI
	URI uri.ResourceURI
	// Name is the cluster name, AKA SiteName.
	Name string
	// ProfileName is the name of the tsh profile
	ProfileName string
	// Log is a component logger
	Log *logrus.Entry
	// contains filtered or unexported fields
}

Cluster describes user settings and access to various resources.

func (*Cluster) AssembleAppFQDN 

func (c *Cluster) AssembleAppFQDN(app types.Application) string

AssembleAppFQDN is a wrapper on top of utils.AssembleAppFQDN which encapsulates translation between lib/teleterm and lib/web terminology.

It assumes that app was fetched from c, as there's no way to check that in runtime.

func (*Cluster) AssumeRole 

func (c *Cluster) AssumeRole(ctx context.Context, req *api.AssumeRoleRequest) error

func (*Cluster) Connected 

func (c *Cluster) Connected() bool

Connected indicates if connection to the cluster can be established

func (*Cluster) CreateAccessRequest 

func (c *Cluster) CreateAccessRequest(ctx context.Context, req *api.CreateAccessRequestRequest) (*AccessRequest, error)

Creates an access request.

func (*Cluster) CreateGateway 

func (c *Cluster) CreateGateway(ctx context.Context, params CreateGatewayParams) (gateway.Gateway, error)

CreateGateway creates a gateway

func (*Cluster) DeleteAccessRequest 

func (c *Cluster) DeleteAccessRequest(ctx context.Context, req *api.DeleteAccessRequestRequest) error

func (*Cluster) GetAWSRoles 

func (c *Cluster) GetAWSRoles(app types.Application) aws.Roles

GetAWSRoles returns a list of allowed AWS role ARNs user can assume, associated with the app's AWS account ID.

func (*Cluster) GetAWSRolesARNs 

func (c *Cluster) GetAWSRolesARNs() []string

GetAWSRolesARNs returns a list of allowed AWS role ARNs user can assume.

func (*Cluster) GetAccessRequest 

func (c *Cluster) GetAccessRequest(ctx context.Context, req types.AccessRequestFilter) (*AccessRequest, error)

GetAccessRequest returns a specific access request by ID and includes resource details

func (*Cluster) GetAccessRequests 

func (c *Cluster) GetAccessRequests(ctx context.Context, req types.AccessRequestFilter) ([]AccessRequest, error)

Returns all access requests available to the user.

func (*Cluster) GetAllowedDatabaseUsers 

func (c *Cluster) GetAllowedDatabaseUsers(ctx context.Context, dbURI string) ([]string, error)

GetAllowedDatabaseUsers returns allowed users for the given database based on the role set.

func (*Cluster) GetApps 

func (c *Cluster) GetApps(ctx context.Context, r *api.GetAppsRequest) (*GetAppsResponse, error)

GetApps returns a paginated apps list

func (*Cluster) GetDatabase 

func (c *Cluster) GetDatabase(ctx context.Context, dbURI uri.ResourceURI) (*Database, error)

GetDatabase returns a database

func (*Cluster) GetDatabases 

func (c *Cluster) GetDatabases(ctx context.Context, r *api.GetDatabasesRequest) (*GetDatabasesResponse, error)

func (*Cluster) GetKubes 

func (c *Cluster) GetKubes(ctx context.Context, r *api.GetKubesRequest) (*GetKubesResponse, error)

GetKubes returns a paginated kubes list

func (*Cluster) GetLeafClusters 

func (c *Cluster) GetLeafClusters(ctx context.Context) ([]LeafCluster, error)

GetLeafClusters returns leaf clusters

func (*Cluster) GetLoggedInUser 

func (c *Cluster) GetLoggedInUser() LoggedInUser

GetLoggedInUser returns currently logged-in user

func (*Cluster) GetProxyHost 

func (c *Cluster) GetProxyHost() string

GetProxyHost returns proxy address (hostname:port) of the root cluster, even when called on a Cluster that represents a leaf cluster.

func (*Cluster) GetProxyHostname 

func (c *Cluster) GetProxyHostname() string

GetProxyHostname returns just the hostname part of the proxy address of the root cluster (without the port number), even when called on a Cluster that represents a leaf cluster.

func (*Cluster) GetRequestableRoles 

func (c *Cluster) GetRequestableRoles(ctx context.Context, req *api.GetRequestableRolesRequest) (*types.AccessCapabilities, error)

GetRequestableRoles returns the requestable roles for the currently logged-in user

func (*Cluster) GetRoles 

func (c *Cluster) GetRoles(ctx context.Context) ([]*types.Role, error)

GetRoles returns currently logged-in user roles

func (*Cluster) GetServers 

func (c *Cluster) GetServers(ctx context.Context, r *api.GetServersRequest) (*GetServersResponse, error)

GetServers returns a paginated list of servers.

func (*Cluster) GetWithDetails 

func (c *Cluster) GetWithDetails(ctx context.Context) (*ClusterWithDetails, error)

GetWithDetails makes requests to the auth server to return details of the current Cluster that cannot be found on the disk only, including details about the user and enabled enterprise features. This method requires a valid cert.

func (*Cluster) LocalLogin 

func (c *Cluster) LocalLogin(ctx context.Context, user, password, otpToken string) error

LocalLogin processes local logins for this cluster

func (*Cluster) Logout 

func (c *Cluster) Logout(ctx context.Context) error

Logout deletes all cluster certificates

func (*Cluster) PasswordlessLogin 

func (c *Cluster) PasswordlessLogin(ctx context.Context, stream api.TerminalService_LoginPasswordlessServer) error

PasswordlessLogin processes passwordless logins for this cluster.

func (*Cluster) ReissueGatewayCerts 

func (c *Cluster) ReissueGatewayCerts(ctx context.Context, g gateway.Gateway) (tls.Certificate, error)

ReissueGatewayCerts reissues certificate for the provided gateway.

At the moment, kube gateways reload their certs in memory while db gateways use the old approach of saving a cert to disk and only then loading it to memory. TODO(ravicious): Refactor db gateways to reload cert in memory and support MFA.

func (*Cluster) ReviewAccessRequest 

func (c *Cluster) ReviewAccessRequest(ctx context.Context, req *api.ReviewAccessRequestRequest) (*AccessRequest, error)

func (*Cluster) SSOLogin 

func (c *Cluster) SSOLogin(ctx context.Context, providerType, providerName string) error

SSOLogin logs in a user to the Teleport cluster using supported SSO provider

func (*Cluster) SyncAuthPreference 

func (c *Cluster) SyncAuthPreference(ctx context.Context) (*webclient.WebConfigAuthSettings, error)

SyncAuthPreference fetches Teleport auth preferences and stores it in the cluster profile

func (*Cluster) TransferFile 

func (c *Cluster) TransferFile(ctx context.Context, request *api.FileTransferRequest, sendProgress FileTransferProgressSender) error

func (*Cluster) UpdateHeadlessAuthenticationState 

func (c *Cluster) UpdateHeadlessAuthenticationState(ctx context.Context, headlessID string, state types.HeadlessAuthenticationState) error

UpdateHeadlessAuthenticationState updates the headless authentication matching the given id to the given state. MFA will be prompted when updating to the approve state.

func (*Cluster) WatchHeadlessAuthentications 

func (c *Cluster) WatchHeadlessAuthentications(ctx context.Context) (watcher types.Watcher, close func(), err error)

WatchHeadlessAuthentications watches the backend for headless authentication events for the user.

func (*Cluster) WatchPendingHeadlessAuthentications 

func (c *Cluster) WatchPendingHeadlessAuthentications(ctx context.Context) (watcher types.Watcher, close func(), err error)

WatchPendingHeadlessAuthentications watches the backend for pending headless authentication requests for the user.

type ClusterWithDetails 

type ClusterWithDetails struct {
	*Cluster
	// Auth server features
	Features *proto.Features
	// AuthClusterID is the unique cluster ID that is set once
	// during the first auth server startup.
	AuthClusterID string
	// SuggestedReviewers for the given user.
	SuggestedReviewers []string
	// RequestableRoles for the given user.
	RequestableRoles []string
	// ACL contains user access control list.
	ACL *api.ACL
	// UserType identifies whether the user is a local user or comes from an SSO provider.
	UserType types.UserType
	// ProxyVersion is the cluster proxy's service version.
	ProxyVersion string
}

type Config 

type Config struct {
	// Dir is the directory to store cluster profiles
	Dir string
	// Clock is a clock for time-related operations
	Clock clockwork.Clock
	// InsecureSkipVerify is an option to skip TLS cert check
	InsecureSkipVerify bool
	// Log is a component logger
	Log *logrus.Entry
	// WebauthnLogin allows tests to override the Webauthn Login func.
	// Defaults to wancli.Login.
	WebauthnLogin client.WebauthnLoginFunc
}

Config is the cluster service config

func (*Config) CheckAndSetDefaults 

func (c *Config) CheckAndSetDefaults() error

CheckAndSetDefaults checks the configuration for its validity and sets default values if needed

type CreateGatewayParams 

type CreateGatewayParams struct {
	// TargetURI is the cluster resource URI
	TargetURI uri.ResourceURI
	// TargetUser is the target user name
	TargetUser string
	// TargetSubresourceName points at a subresource of the remote resource, for example a database
	// name on a database server.
	TargetSubresourceName string
	// LocalPort is the gateway local port
	LocalPort            string
	TCPPortAllocator     gateway.TCPPortAllocator
	OnExpiredCert        gateway.OnExpiredCertFunc
	KubeconfigsDir       string
	MFAPromptConstructor func(cfg *libmfa.PromptConfig) mfa.Prompt
}

type Database 

type Database struct {
	// URI is the database URI
	URI uri.ResourceURI
	types.Database
}

Database describes database

type FileTransferProgressSender 

type FileTransferProgressSender = func(progress *api.FileTransferProgress) error

type GatewayCreator 

type GatewayCreator struct {
	// contains filtered or unexported fields
}

func NewGatewayCreator 

func NewGatewayCreator(resolver Resolver) GatewayCreator

func (GatewayCreator) CreateGateway 

func (g GatewayCreator) CreateGateway(ctx context.Context, params CreateGatewayParams) (gateway.Gateway, error)

type GetAppsResponse 

type GetAppsResponse struct {
	Apps []AppOrSAMLIdPServiceProvider
	// StartKey is the next key to use as a starting point.
	StartKey string
	// TotalCount is the total number of resources available as a whole.
	TotalCount int
}

type GetDatabasesResponse 

type GetDatabasesResponse struct {
	Databases []Database
	// StartKey is the next key to use as a starting point.
	StartKey string
	// // TotalCount is the total number of resources available as a whole.
	TotalCount int
}

type GetKubesResponse 

type GetKubesResponse struct {
	Kubes []Kube
	// StartKey is the next key to use as a starting point.
	StartKey string
	// // TotalCount is the total number of resources available as a whole.
	TotalCount int
}

type GetServersResponse 

type GetServersResponse struct {
	Servers []Server
	// StartKey is the next key to use as a starting point.
	StartKey string
	// TotalCount is the total number of resources available as a whole.
	TotalCount int
}

type Kube 

type Kube struct {
	// URI is the kube URI
	URI uri.ResourceURI

	KubernetesCluster types.KubeCluster
}

Kube describes kubernetes service

type LeafCluster 

type LeafCluster struct {
	// URI is the leaf cluster URI
	URI uri.ResourceURI
	// LoggedInUser is the logged in user
	LoggedInUser LoggedInUser
	// Name is the leaf cluster name
	Name string
	// Connected indicates if this leaf cluster is connected
	Connected bool
}

LeafCluster describes a leaf (trusted) cluster

type LoggedInUser 

type LoggedInUser struct {
	// Name is the user name
	Name string
	// SSHLogins is the user sshlogins
	SSHLogins []string
	// Roles is the user roles
	Roles []string
	// ActiveRequests is the user active requests
	ActiveRequests []string
}

LoggedInUser is the currently logged-in user

type Resolver 

type Resolver interface {
	// ResolveCluster returns a cluster from storage given the URI. See [Storage.ResolveCluster].
	ResolveCluster(uri.ResourceURI) (*Cluster, *client.TeleportClient, error)
}

Resolver is a subset of Storage, mostly so that it's possible to provide a mock implementation in tests.

type ResourceDetails 

type ResourceDetails struct {
	Hostname     string
	FriendlyName string
}

type SAMLIdPServiceProvider 

type SAMLIdPServiceProvider struct {
	// URI is the app URI
	URI uri.ResourceURI

	Provider types.SAMLIdPServiceProvider
}

SAMLIdPServiceProvider describes a SAML IdP resource.

type SSHLoginFunc 

type SSHLoginFunc func(context.Context, *keys.PrivateKey) (*auth.SSHLoginResponse, error)

type Server 

type Server struct {
	// URI is the database URI
	URI uri.ResourceURI

	types.Server
}

Database describes database

type Storage 

type Storage struct {
	Config
}

Storage is the cluster storage

func NewStorage 

func NewStorage(cfg Config) (*Storage, error)

NewStorage creates an instance of Cluster profile storage.

func (*Storage) Add 

func (s *Storage) Add(ctx context.Context, webProxyAddress string) (*Cluster, *client.TeleportClient, error)

Add adds a cluster

clusterClient being returned as the second return value is a stopgap in an effort to make clusters.Cluster a regular struct with no extra behavior and a much smaller interface. https://github.com/gravitational/teleport/issues/13278

func (*Storage) GetByResourceURI 

func (s *Storage) GetByResourceURI(resourceURI uri.ResourceURI) (*Cluster, *client.TeleportClient, error)

GetByResourceURI returns a cluster by a URI of its resource. Accepts both root and leaf cluster resources and will return a root or a leaf cluster accordingly.

clusterClient being returned as the second return value is a stopgap in an effort to make clusters.Cluster a regular struct with no extra behavior and a much smaller interface. https://github.com/gravitational/teleport/issues/13278

func (*Storage) GetByURI 

func (s *Storage) GetByURI(clusterURI uri.ResourceURI) (*Cluster, *client.TeleportClient, error)

GetByURI returns a cluster by URI. Assumes the URI has been successfully parsed and is of a cluster.

clusterClient being returned as the second return value is a stopgap in an effort to make clusters.Cluster a regular struct with no extra behavior and a much smaller interface. https://github.com/gravitational/teleport/issues/13278

func (*Storage) ReadAll 

func (s *Storage) ReadAll() ([]*Cluster, error)

ReadAll reads clusters from profiles

func (*Storage) Remove 

func (s *Storage) Remove(ctx context.Context, profileName string) error

Remove removes a cluster

func (*Storage) ResolveCluster 

func (s *Storage) ResolveCluster(resourceURI uri.ResourceURI) (*Cluster, *client.TeleportClient, error)

ResolveCluster is an alias for GetByResourceURI.

clusterClient being returned as the second return value is a stopgap in an effort to make clusters.Cluster a regular struct with no extra behavior and a much smaller interface. https://github.com/gravitational/teleport/issues/13278

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.