cache

package
v1.2.3-fred.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 19, 2022 License: Apache-2.0 Imports: 26 Imported by: 12

Documentation

Overview

Package cache implements event-driven cache layer that is used by auth servers, proxies and nodes.

The cache fetches resources and then subscribes to the events watcher to receive updates.

This approach allows cache to be up to date without time based expiration and avoid re-fetching all resources reducing bandwidth.

There are two types of cache backends used:

* SQLite-based in-memory used for auth nodes * SQLite-based on disk persistent cache for nodes and proxies providing resilliency in the face of auth servers failures.

Index

Constants

View Source
const (
	// EventProcessed is emitted whenever event is processed
	EventProcessed = "event_processed"
	// WatcherStarted is emitted when a new event watcher is started
	WatcherStarted = "watcher_started"
	// WatcherFailed is emitted when event watcher has failed
	WatcherFailed = "watcher_failed"
	// Reloading is emitted when an error occurred watching events
	// and the cache is waiting to create a new watcher
	Reloading = "reloading_cache"
	// RelativeExpiry notifies that relative expiry operations have
	// been run.
	RelativeExpiry = "relative_expiry"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Cache

type Cache struct {
	Config

	// Entry is a logging entry
	*log.Entry
	// contains filtered or unexported fields
}

Cache implements auth.Cache interface and remembers the previously returned upstream value for each API call.

This which can be used if the upstream AccessPoint goes offline

func New

func New(config Config) (*Cache, error)

New creates a new instance of Cache

func (*Cache) Close

func (c *Cache) Close() error

Close closes all outstanding and active cache operations

func (*Cache) GetAllTunnelConnections

func (c *Cache) GetAllTunnelConnections(opts ...services.MarshalOption) (conns []types.TunnelConnection, err error)

GetAllTunnelConnections is a part of auth.Cache implementation

func (*Cache) GetApp

func (c *Cache) GetApp(ctx context.Context, name string) (types.Application, error)

GetApp returns the specified application resource.

func (*Cache) GetAppSession

func (c *Cache) GetAppSession(ctx context.Context, req types.GetAppSessionRequest) (types.WebSession, error)

GetAppSession gets an application web session.

func (*Cache) GetApplicationServers

func (c *Cache) GetApplicationServers(ctx context.Context, namespace string) ([]types.AppServer, error)

GetApplicationServers returns all registered application servers.

func (*Cache) GetApps

func (c *Cache) GetApps(ctx context.Context) ([]types.Application, error)

GetApps returns all application resources.

func (*Cache) GetAuthPreference

func (c *Cache) GetAuthPreference(ctx context.Context) (types.AuthPreference, error)

GetAuthPreference gets the cluster authentication config.

func (*Cache) GetAuthServers

func (c *Cache) GetAuthServers() ([]types.Server, error)

GetAuthServers returns a list of registered servers

func (*Cache) GetCertAuthorities

func (c *Cache) GetCertAuthorities(ctx context.Context, caType types.CertAuthType, loadSigningKeys bool, opts ...services.MarshalOption) ([]types.CertAuthority, error)

GetCertAuthorities returns a list of authorities of a given type loadSigningKeys controls whether signing keys should be loaded or not

func (*Cache) GetCertAuthority

func (c *Cache) GetCertAuthority(ctx context.Context, id types.CertAuthID, loadSigningKeys bool, opts ...services.MarshalOption) (types.CertAuthority, error)

GetCertAuthority returns certificate authority by given id. Parameter loadSigningKeys controls if signing keys are loaded

func (*Cache) GetClusterAuditConfig

func (c *Cache) GetClusterAuditConfig(ctx context.Context, opts ...services.MarshalOption) (types.ClusterAuditConfig, error)

GetClusterAuditConfig gets ClusterAuditConfig from the backend.

func (*Cache) GetClusterName

func (c *Cache) GetClusterName(opts ...services.MarshalOption) (types.ClusterName, error)

GetClusterName gets the name of the cluster from the backend.

func (*Cache) GetClusterNetworkingConfig

func (c *Cache) GetClusterNetworkingConfig(ctx context.Context, opts ...services.MarshalOption) (types.ClusterNetworkingConfig, error)

GetClusterNetworkingConfig gets ClusterNetworkingConfig from the backend.

func (*Cache) GetDatabase

func (c *Cache) GetDatabase(ctx context.Context, name string) (types.Database, error)

GetDatabase returns the specified database resource.

func (*Cache) GetDatabaseServers

func (c *Cache) GetDatabaseServers(ctx context.Context, namespace string, opts ...services.MarshalOption) ([]types.DatabaseServer, error)

GetDatabaseServers returns all registered database proxy servers.

func (*Cache) GetDatabases

func (c *Cache) GetDatabases(ctx context.Context) ([]types.Database, error)

GetDatabases returns all database resources.

func (*Cache) GetInstaller

func (c *Cache) GetInstaller(ctx context.Context, name string) (types.Installer, error)

GetInstaller gets the installer script resource for the cluster

func (*Cache) GetInstallers

func (c *Cache) GetInstallers(ctx context.Context) ([]types.Installer, error)

GetInstallers gets all the installer script resources for the cluster

func (*Cache) GetKubeServices

func (c *Cache) GetKubeServices(ctx context.Context) ([]types.Server, error)

GetKubeServices is a part of auth.Cache implementation

DELETE IN 12.0.0 Deprecated, use GetKubernetesServers.

func (*Cache) GetKubernetesCluster

func (c *Cache) GetKubernetesCluster(ctx context.Context, name string) (types.KubeCluster, error)

GetKubernetesCluster returns the specified kubernetes cluster resource.

func (*Cache) GetKubernetesClusters

func (c *Cache) GetKubernetesClusters(ctx context.Context) ([]types.KubeCluster, error)

GetKubernetesClusters returns all kubernetes cluster resources.

func (*Cache) GetKubernetesServers

func (c *Cache) GetKubernetesServers(ctx context.Context) ([]types.KubeServer, error)

GetKubernetesServers is a part of auth.Cache implementation

func (*Cache) GetLock

func (c *Cache) GetLock(ctx context.Context, name string) (types.Lock, error)

GetLock gets a lock by name.

func (*Cache) GetLocks

func (c *Cache) GetLocks(ctx context.Context, inForceOnly bool, targets ...types.LockTarget) ([]types.Lock, error)

GetLocks gets all/in-force locks that match at least one of the targets when specified.

func (*Cache) GetNamespace

func (c *Cache) GetNamespace(name string) (*types.Namespace, error)

GetNamespace returns namespace

func (*Cache) GetNamespaces

func (c *Cache) GetNamespaces() ([]types.Namespace, error)

GetNamespaces is a part of auth.Cache implementation

func (*Cache) GetNetworkRestrictions

func (c *Cache) GetNetworkRestrictions(ctx context.Context) (types.NetworkRestrictions, error)

GetNetworkRestrictions gets the network restrictions.

func (*Cache) GetNode

func (c *Cache) GetNode(ctx context.Context, namespace, name string) (types.Server, error)

GetNode finds and returns a node by name and namespace.

func (*Cache) GetNodes

func (c *Cache) GetNodes(ctx context.Context, namespace string) ([]types.Server, error)

GetNodes is a part of auth.Cache implementation

func (*Cache) GetProxies

func (c *Cache) GetProxies() ([]types.Server, error)

GetProxies is a part of auth.Cache implementation

func (*Cache) GetRemoteCluster

func (c *Cache) GetRemoteCluster(clusterName string) (types.RemoteCluster, error)

GetRemoteCluster returns a remote cluster by name

func (*Cache) GetRemoteClusters

func (c *Cache) GetRemoteClusters(opts ...services.MarshalOption) ([]types.RemoteCluster, error)

GetRemoteClusters returns a list of remote clusters

func (*Cache) GetReverseTunnels

func (c *Cache) GetReverseTunnels(ctx context.Context, opts ...services.MarshalOption) ([]types.ReverseTunnel, error)

GetReverseTunnels is a part of auth.Cache implementation

func (*Cache) GetRole

func (c *Cache) GetRole(ctx context.Context, name string) (types.Role, error)

GetRole is a part of auth.Cache implementation

func (*Cache) GetRoles

func (c *Cache) GetRoles(ctx context.Context) ([]types.Role, error)

GetRoles is a part of auth.Cache implementation

func (*Cache) GetSessionRecordingConfig

func (c *Cache) GetSessionRecordingConfig(ctx context.Context, opts ...services.MarshalOption) (types.SessionRecordingConfig, error)

GetSessionRecordingConfig gets session recording configuration.

func (*Cache) GetSnowflakeSession

func (c *Cache) GetSnowflakeSession(ctx context.Context, req types.GetSnowflakeSessionRequest) (types.WebSession, error)

GetSnowflakeSession gets Snowflake web session.

func (*Cache) GetStaticTokens

func (c *Cache) GetStaticTokens() (types.StaticTokens, error)

GetStaticTokens gets the list of static tokens used to provision nodes.

func (*Cache) GetToken

func (c *Cache) GetToken(ctx context.Context, name string) (types.ProvisionToken, error)

GetToken finds and returns token by ID

func (*Cache) GetTokens

func (c *Cache) GetTokens(ctx context.Context) ([]types.ProvisionToken, error)

GetTokens returns all active (non-expired) provisioning tokens

func (*Cache) GetTunnelConnections

func (c *Cache) GetTunnelConnections(clusterName string, opts ...services.MarshalOption) ([]types.TunnelConnection, error)

GetTunnelConnections is a part of auth.Cache implementation

func (*Cache) GetUser

func (c *Cache) GetUser(name string, withSecrets bool) (user types.User, err error)

GetUser is a part of auth.Cache implementation.

func (*Cache) GetUsers

func (c *Cache) GetUsers(withSecrets bool) (users []types.User, err error)

GetUsers is a part of auth.Cache implementation

func (*Cache) GetWebSession

func (c *Cache) GetWebSession(ctx context.Context, req types.GetWebSessionRequest) (types.WebSession, error)

GetWebSession gets a regular web session.

func (*Cache) GetWebToken

func (c *Cache) GetWebToken(ctx context.Context, req types.GetWebTokenRequest) (types.WebToken, error)

GetWebToken gets a web token.

func (*Cache) GetWindowsDesktopService

func (c *Cache) GetWindowsDesktopService(ctx context.Context, name string) (types.WindowsDesktopService, error)

GetWindowsDesktopService returns a registered Windows desktop service by name.

func (*Cache) GetWindowsDesktopServices

func (c *Cache) GetWindowsDesktopServices(ctx context.Context) ([]types.WindowsDesktopService, error)

GetWindowsDesktopServices returns all registered Windows desktop services.

func (*Cache) GetWindowsDesktops

func (c *Cache) GetWindowsDesktops(ctx context.Context, filter types.WindowsDesktopFilter) ([]types.WindowsDesktop, error)

GetWindowsDesktops returns all registered Windows desktop hosts.

func (*Cache) ListResources

ListResources is a part of auth.Cache implementation

func (*Cache) ListWindowsDesktopServices

ListWindowsDesktopServices returns all registered Windows desktop hosts.

func (*Cache) ListWindowsDesktops

ListWindowsDesktops returns all registered Windows desktop hosts.

func (*Cache) NewWatcher

func (c *Cache) NewWatcher(ctx context.Context, watch types.Watch) (types.Watcher, error)

NewWatcher returns a new event watcher. In case of a cache this watcher will return events as seen by the cache, not the backend. This feature allows auth server to handle subscribers connected to the in-memory caches instead of reading from the backend.

func (*Cache) Start

func (c *Cache) Start() error

Starts the cache. Should only be called once.

type Config

type Config struct {

	// Context is context for parent operations
	Context context.Context
	// Watches provides a list of resources
	// for the cache to watch
	Watches []types.WatchKind
	// Events provides events watchers
	Events types.Events
	// Trust is a service providing information about certificate
	// authorities
	Trust services.Trust
	// ClusterConfig is a cluster configuration service
	ClusterConfig services.ClusterConfiguration
	// Provisioner is a provisioning service
	Provisioner services.Provisioner
	// Users is a users service
	Users services.UsersService
	// Access is an access service
	Access services.Access
	// DynamicAccess is a dynamic access service
	DynamicAccess services.DynamicAccessCore
	// Presence is a presence service
	Presence services.Presence
	// Restrictions is a restrictions service
	Restrictions services.Restrictions
	// Apps is an apps service.
	Apps services.Apps
	// Kubernetes is an kubernetes service.
	Kubernetes services.Kubernetes
	// Databases is a databases service.
	Databases services.Databases
	// SnowflakeSession holds Snowflake sessions.
	SnowflakeSession services.SnowflakeSession
	// AppSession holds application sessions.
	AppSession services.AppSession
	// WebSession holds regular web sessions.
	WebSession types.WebSessionInterface
	// WebToken holds web tokens.
	WebToken types.WebTokenInterface
	// WindowsDesktops is a windows desktop service.
	WindowsDesktops services.WindowsDesktops
	// Backend is a backend for local cache
	Backend backend.Backend
	// MaxRetryPeriod is the maximum period between cache retries on failures
	MaxRetryPeriod time.Duration
	// WatcherInitTimeout is the maximum acceptable delay for an
	// OpInit after a watcher has been started (default=1m).
	WatcherInitTimeout time.Duration
	// CacheInitTimeout is the maximum amount of time that cache.New
	// will block, waiting for initialization (default=20s).
	CacheInitTimeout time.Duration
	// RelativeExpiryCheckInterval determines how often the cache performs special
	// "relative expiration" checks which are used to compensate for real backends
	// that have suffer from overly lazy ttl'ing of resources.
	RelativeExpiryCheckInterval time.Duration
	// RelativeExpiryLimit determines the maximum number of nodes that may be
	// removed during relative expiration.
	RelativeExpiryLimit int
	// EventsC is a channel for event notifications,
	// used in tests
	EventsC chan Event
	// Clock can be set to control time,
	// uses runtime clock by default
	Clock clockwork.Clock
	// Component is a component used in logs
	Component string
	// MetricComponent is a component used in metrics
	MetricComponent string
	// QueueSize is a desired queue Size
	QueueSize int

	// Tracer is used to create spans
	Tracer oteltrace.Tracer
	// Unstarted indicates that the cache should not be started during New. The
	// cache is usable before it's started, but it will always hit the backend.
	Unstarted bool
	// contains filtered or unexported fields
}

Config defines cache configuration parameters

func ForApps

func ForApps(cfg Config) Config

ForApps sets up watch configuration for apps.

func ForAuth

func ForAuth(cfg Config) Config

ForAuth sets up watch configuration for the auth server

func ForDatabases

func ForDatabases(cfg Config) Config

ForDatabases sets up watch configuration for database proxy servers.

func ForDiscovery

func ForDiscovery(cfg Config) Config

ForDiscovery sets up watch configuration for discovery servers.

func ForKubernetes

func ForKubernetes(cfg Config) Config

ForKubernetes sets up watch configuration for a kubernetes service.

func ForNode

func ForNode(cfg Config) Config

ForNode sets up watch configuration for node

func ForOldRemoteProxy

func ForOldRemoteProxy(cfg Config) Config

ForOldRemoteProxy sets up watch configuration for older remote proxies. The Watches defined here are a copy of those defined in ForRemoteProxy in the v10 branch.

func ForProxy

func ForProxy(cfg Config) Config

ForProxy sets up watch configuration for proxy

func ForRemoteProxy

func ForRemoteProxy(cfg Config) Config

ForRemoteProxy sets up watch configuration for remote proxies.

func ForWindowsDesktop

func ForWindowsDesktop(cfg Config) Config

ForWindowsDesktop sets up watch configuration for a Windows desktop service.

func (*Config) CheckAndSetDefaults

func (c *Config) CheckAndSetDefaults() error

CheckAndSetDefaults checks parameters and sets default values

type Event

type Event struct {
	// Type is event type
	Type string
	// Event is event processed
	// by the event cycle
	Event types.Event
}

Event is event used in tests

type SetupConfigFn

type SetupConfigFn func(c Config) Config

SetupConfigFn is a function that sets up configuration for cache

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL