gateway

type App interface {
	Gateway

	// LocalProxyURL returns the URL of the local proxy.
	LocalProxyURL() string
}

type Config struct {
	// URI is the gateway URI
	URI uri.ResourceURI
	// TargetName is the remote resource name
	TargetName string
	// TargetURI is the remote resource URI
	TargetURI uri.ResourceURI
	// TargetUser is the target user name
	TargetUser string
	// TargetGroups is a list of target groups
	TargetGroups []string
	// TargetSubresourceName points at a subresource of the remote resource, for example a database
	// name on a database server. It is used only for generating the CLI command.
	TargetSubresourceName string

	// Port is the gateway port
	LocalPort string
	// LocalAddress is the local address
	LocalAddress string
	// Protocol is the gateway protocol
	Protocol string
	// CertPath is deprecated, use the Cert field instead.
	// CertPath specifies the path to the user certificate that the local proxy
	// uses to connect to the Teleport Proxy. The path may depend on the type
	// and the parameters of the gateway.
	// TODO(ravicious): Refactor db gateways to use Cert and support MFA.
	CertPath string
	// KeyPath is deprecated, use the Cert field instead.
	// KeyPath specifies the path to the private key of the cert specified in
	// the CertPath. This is usually the private key of the user profile.
	// TODO(ravicious): Refactor db gateways to use Cert and support MFA.
	KeyPath string
	// Cert is used by the local proxy to connect to the Teleport proxy.
	Cert tls.Certificate
	// Insecure
	Insecure bool
	// ClusterName is the Teleport cluster name.
	ClusterName string
	// Username is the username of the profile.
	Username string
	// WebProxyAddr
	WebProxyAddr string
	// Log is a component logger
	Log *logrus.Entry
	// TCPPortAllocator creates listeners on the given ports. This interface lets us avoid occupying
	// hardcoded ports in tests.
	TCPPortAllocator TCPPortAllocator
	// Clock is used by Gateway.localProxy to check cert expiration.
	Clock clockwork.Clock
	// OnExpiredCert is called when a new downstream connection is accepted by the
	// gateway but cannot be proxied because the cert used by the gateway has expired.
	//
	// Returns a fresh valid cert.
	//
	// Handling of the connection is blocked until OnExpiredCert returns.
	OnExpiredCert OnExpiredCertFunc
	// TLSRoutingConnUpgradeRequired indicates that ALPN connection upgrades
	// are required for making TLS routing requests.
	TLSRoutingConnUpgradeRequired bool
	// RootClusterCACertPoolFunc is callback function to fetch Root cluster CAs
	// when ALPN connection upgrade is required.
	RootClusterCACertPoolFunc alpnproxy.GetClusterCACertPoolFunc
	// KubeconfigsDir is the directory containing kubeconfigs for kube gateways.
	KubeconfigsDir string
}

type Database interface {
	Gateway

	// RouteToDatabase returns tlsca.RouteToDatabase based on the config of the gateway.
	//
	// The tlsca.RouteToDatabase.Database field is skipped, as it's an optional field and gateways can
	// change their Config.TargetSubresourceName at any moment.
	RouteToDatabase() tlsca.RouteToDatabase
}

type Gateway interface {
	// Serve starts the underlying ALPN proxy. Blocks until closeContext is
	// canceled.
	Serve() error
	// Close terminates gateway connection.
	Close() error
	// ReloadCert loads the key pair from cfg.CertPath & cfg.KeyPath and
	// updates the cert of the running local proxy.
	ReloadCert() error

	URI() uri.ResourceURI
	TargetURI() uri.ResourceURI
	TargetName() string
	Protocol() string
	TargetUser() string
	TargetSubresourceName() string
	SetTargetSubresourceName(value string)
	Log() *logrus.Entry
	LocalAddress() string
	LocalPort() string
	LocalPortInt() int
}

type Kube interface {
	Gateway

	// KubeconfigPath returns the path to the kubeconfig used to connect the
	// local proxy.
	KubeconfigPath() string
}

type NetTCPPortAllocator struct{}

type OnExpiredCertFunc func(context.Context, Gateway) (tls.Certificate, error)

type TCPPortAllocator interface {
	Listen(localAddress, port string) (net.Listener, error)
}