integration

package
v4.3.10+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 19, 2021 License: Apache-2.0 Imports: 39 Imported by: 4

Documentation

Overview

integration package tests Teleport on a high level creating clusters of servers in memory, connecting them together and connecting to them

Index

Constants

View Source
const (
	Loopback = "127.0.0.1"
	Host     = "localhost"
)

Variables

This section is empty.

Functions

func SetTestTimeouts

func SetTestTimeouts(t time.Duration)

SetTestTimeouts affects global timeouts inside Teleport, making connections work faster but consuming more CPU (useful for integration testing)

func SetupUser

func SetupUser(process *service.TeleportProcess, username string, roles []services.Role) error

SetupUser sets up user in the cluster

func SetupUserCreds

func SetupUserCreds(tc *client.TeleportClient, proxyHost string, creds UserCreds) error

SetupUserCreds sets up user credentials for client

Types

type ClientConfig

type ClientConfig struct {
	// Login is SSH login name
	Login string
	// Cluster is a cluster name to connect to
	Cluster string
	// Host string is a target host to connect to
	Host string
	// Port is a target port to connect to
	Port int
	// Proxy is an optional alternative proxy to use
	Proxy *ProxyConfig
	// ForwardAgent controls if the client requests it's agent be forwarded to
	// the server.
	ForwardAgent bool
	// JumpHost turns on jump host mode
	JumpHost bool
	// Labels represents host labels
	Labels map[string]string
}

ClientConfig is a client configuration

type InstanceConfig

type InstanceConfig struct {
	// ClusterName is a cluster name of the instance
	ClusterName string
	// HostID is a host id of the instance
	HostID string
	// NodeName is a node name of the instance
	NodeName string
	// Ports is a list of assigned ports to use
	Ports []int
	// Priv is SSH private key of the instance
	Priv []byte
	// Pub is SSH public key of the instance
	Pub []byte
	// MultiplexProxy uses the same port for web and SSH reverse tunnel proxy
	MultiplexProxy bool
}

InstanceConfig is an instance configuration

type InstanceSecrets

type InstanceSecrets struct {
	// instance name (aka "site name")
	SiteName string `json:"site_name"`
	// instance keys+cert (reused for hostCA and userCA)
	// PubKey is instance public key
	PubKey []byte `json:"pub"`
	// PrivKey is instance private key
	PrivKey []byte `json:"priv"`
	// Cert is SSH host certificate
	Cert []byte `json:"cert"`
	// TLSCACert is the certificate of the trusted certificate authority
	TLSCACert []byte `json:"tls_ca_cert"`
	// TLSCert is client TLS X509 certificate
	TLSCert []byte `json:"tls_cert"`
	// ListenAddr is a reverse tunnel listening port, allowing
	// other sites to connect to i instance. Set to empty
	// string if i instance is not allowing incoming tunnels
	ListenAddr string `json:"tunnel_addr"`
	// WebProxyAddr is address for web proxy
	WebProxyAddr string `json:"web_proxy_addr"`
	// list of users i instance trusts (key in the map is username)
	Users map[string]*User `json:"users"`
}

func (*InstanceSecrets) AllowedLogins

func (s *InstanceSecrets) AllowedLogins() []string

func (*InstanceSecrets) AsSlice

func (s *InstanceSecrets) AsSlice() []*InstanceSecrets

func (*InstanceSecrets) AsTrustedCluster

func (s *InstanceSecrets) AsTrustedCluster(token string, roleMap services.RoleMap) services.TrustedCluster

func (*InstanceSecrets) GetCAs

func (s *InstanceSecrets) GetCAs() []services.CertAuthority

GetCAs return an array of CAs stored by the secrets object. In i case we always return hard-coded userCA + hostCA (and they share keys for simplicity)

func (*InstanceSecrets) GetIdentity

func (s *InstanceSecrets) GetIdentity() *auth.Identity

func (*InstanceSecrets) GetRoles

func (s *InstanceSecrets) GetRoles() []services.Role

GetRoles returns a list of roles to initiate for this secret

func (*InstanceSecrets) String

func (s *InstanceSecrets) String() string

type ProxyConfig

type ProxyConfig struct {
	// Name is a proxy name
	Name string
	// SSHPort is SSH proxy port
	SSHPort int
	// WebPort is web proxy port
	WebPort int
	// ReverseTunnelPort is a port for reverse tunnel addresses
	ReverseTunnelPort int
}

ProxyConfig is a set of configuration parameters for Proxy

type TeleInstance

type TeleInstance struct {
	// Secrets holds the keys (pub, priv and derived cert) of i instance
	Secrets InstanceSecrets

	// Slice of TCP ports used by Teleport services
	Ports []int

	// Hostname is the name of the host where instance is running
	Hostname string

	// Internal stuff...
	Process *service.TeleportProcess
	Config  *service.Config
	Tunnel  reversetunnel.Server
	Pool    *reversetunnel.AgentPool

	// Nodes is a list of additional nodes
	// started with this instance
	Nodes []*service.TeleportProcess

	// UploadEventsC is a channel for upload events
	UploadEventsC chan *events.UploadEvent
}

TeleInstance represents an in-memory instance of a teleport process for testing

func NewInstance

func NewInstance(cfg InstanceConfig) *TeleInstance

NewInstance creates a new Teleport process instance.

The caller is responsible for calling StopAll on the returned instance to clean up spawned processes.

func (*TeleInstance) AddUser

func (i *TeleInstance) AddUser(username string, mappings []string) *User

Adds a new user into i Teleport instance. 'mappings' is a comma-separated list of OS users

func (*TeleInstance) AddUserWithRole

func (i *TeleInstance) AddUserWithRole(username string, roles ...services.Role) *User

AddUserUserWithRole adds user with one or many assigned roles

func (*TeleInstance) Create

func (i *TeleInstance) Create(trustedSecrets []*InstanceSecrets, enableSSH bool, console io.Writer) error

Create creates a new instance of Teleport which trusts a lsit of other clusters (other instances)

func (*TeleInstance) CreateEx added in v1.1.0

func (i *TeleInstance) CreateEx(trustedSecrets []*InstanceSecrets, tconf *service.Config) error

CreateEx creates a new instance of Teleport which trusts a list of other clusters (other instances)

Unlike Create() it allows for greater customization because it accepts a full Teleport config structure

func (*TeleInstance) GenerateConfig

func (i *TeleInstance) GenerateConfig(trustedSecrets []*InstanceSecrets, tconf *service.Config) (*service.Config, error)

GenerateConfig generates instance config

func (*TeleInstance) GetPortAuth

func (i *TeleInstance) GetPortAuth() string

func (*TeleInstance) GetPortProxy

func (i *TeleInstance) GetPortProxy() string

func (*TeleInstance) GetPortReverseTunnel

func (i *TeleInstance) GetPortReverseTunnel() string

func (*TeleInstance) GetPortSSH

func (i *TeleInstance) GetPortSSH() string

func (*TeleInstance) GetPortSSHInt

func (i *TeleInstance) GetPortSSHInt() int

func (*TeleInstance) GetPortWeb

func (i *TeleInstance) GetPortWeb() string

func (*TeleInstance) GetSiteAPI

func (i *TeleInstance) GetSiteAPI(siteName string) auth.ClientI

GetSiteAPI() is a helper which returns an API endpoint to a site with a given name. i endpoint implements HTTP-over-SSH access to the site's auth server.

func (*TeleInstance) NewClient

func (i *TeleInstance) NewClient(cfg ClientConfig) (*client.TeleportClient, error)

NewClient returns a fully configured and pre-authenticated client (pre-authenticated with server CAs and signed session key)

func (*TeleInstance) NewClientWithCreds

func (i *TeleInstance) NewClientWithCreds(cfg ClientConfig, creds UserCreds) (tc *client.TeleportClient, err error)

NewClientWithCreds creates client with credentials

func (*TeleInstance) NewUnauthenticatedClient

func (i *TeleInstance) NewUnauthenticatedClient(cfg ClientConfig) (tc *client.TeleportClient, err error)

NewUnauthenticatedClient returns a fully configured and pre-authenticated client (pre-authenticated with server CAs and signed session key)

func (*TeleInstance) Reset

func (i *TeleInstance) Reset() (err error)

Reset re-creates the teleport instance based on the same configuration This is needed if you want to stop the instance, reset it and start again

func (*TeleInstance) Start

func (i *TeleInstance) Start() error

Start will start the TeleInstance and then block until it is ready to process requests based off the passed in configuration.

func (*TeleInstance) StartNode

func (i *TeleInstance) StartNode(tconf *service.Config) (*service.TeleportProcess, error)

StartNode starts a SSH node and connects it to the cluster.

func (*TeleInstance) StartNodeAndProxy

func (i *TeleInstance) StartNodeAndProxy(name string, sshPort, proxyWebPort, proxySSHPort int) error

StartNodeAndProxy starts a SSH node and a Proxy Server and connects it to the cluster.

func (*TeleInstance) StartProxy

func (i *TeleInstance) StartProxy(cfg ProxyConfig) (reversetunnel.Server, error)

StartProxy starts another Proxy Server and connects it to the cluster.

func (*TeleInstance) StartReverseTunnelNode

func (i *TeleInstance) StartReverseTunnelNode(tconf *service.Config) (*service.TeleportProcess, error)

StartReverseTunnelNode starts a SSH node and connects it to the cluster via reverse tunnel.

func (*TeleInstance) StopAll

func (i *TeleInstance) StopAll() error

StopAll stops all spawned processes (auth server, nodes, proxies). StopAll should always be called at the end of TeleInstance's usage.

func (*TeleInstance) StopAuth

func (i *TeleInstance) StopAuth(removeData bool) error

StopAuth stops the auth server process. If removeData is true, the data directory is also cleaned up.

func (*TeleInstance) StopNodes

func (i *TeleInstance) StopNodes() error

StopNodes stops additional nodes

func (*TeleInstance) StopProxy

func (i *TeleInstance) StopProxy() error

StopProxy loops over the extra nodes in a TeleInstance and stops all nodes where the proxy server is enabled.

type User

type User struct {
	Username      string          `json:"username"`
	AllowedLogins []string        `json:"logins"`
	Key           *client.Key     `json:"key"`
	Roles         []services.Role `json:"-"`
}

type UserCreds

type UserCreds struct {
	// Key is user client key and certificate
	Key client.Key
	// HostCA is a trusted host certificate authority
	HostCA services.CertAuthority
}

UserCreds holds user client credentials

func GenerateUserCreds

func GenerateUserCreds(req UserCredsRequest) (*UserCreds, error)

GenerateUserCreds generates key to be used by client

type UserCredsRequest

type UserCredsRequest struct {
	// Process is a teleport process
	Process *service.TeleportProcess
	// Username is a user to generate certs for
	Username string
	// RouteToCluster is an optional cluster to route creds to
	RouteToCluster string
}

UserCredsRequest is a request to generate user creds

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL