Documentation ¶
Index ¶
- Constants
- func NoCache(clt auth.ClientI, cacheName []string) (auth.AccessPoint, error)
- type CachingAuditLog
- func (ll *CachingAuditLog) Close() error
- func (ll *CachingAuditLog) EmitAuditEvent(eventType string, fields events.EventFields) error
- func (ll *CachingAuditLog) GetSessionChunk(string, session.ID, int, int) ([]byte, error)
- func (ll *CachingAuditLog) GetSessionEvents(string, session.ID, int) ([]events.EventFields, error)
- func (ll *CachingAuditLog) PostSessionChunk(namespace string, sid session.ID, reader io.Reader) error
- func (ll *CachingAuditLog) PostSessionSlice(slice events.SessionSlice) error
- func (ll *CachingAuditLog) SearchEvents(time.Time, time.Time, string) ([]events.EventFields, error)
- type CachingAuditLogConfig
- type CachingAuthClient
- func (cs *CachingAuthClient) GetCertAuthorities(ct services.CertAuthType, loadKeys bool) (cas []services.CertAuthority, err error)
- func (cs *CachingAuthClient) GetDomainName() (clusterName string, err error)
- func (cs *CachingAuthClient) GetNamespace(name string) (namespace *services.Namespace, err error)
- func (cs *CachingAuthClient) GetNamespaces() (namespaces []services.Namespace, err error)
- func (cs *CachingAuthClient) GetNodes(namespace string) (nodes []services.Server, err error)
- func (cs *CachingAuthClient) GetProxies() (proxies []services.Server, err error)
- func (cs *CachingAuthClient) GetReverseTunnels() (tunnels []services.ReverseTunnel, err error)
- func (cs *CachingAuthClient) GetRole(name string) (role services.Role, err error)
- func (cs *CachingAuthClient) GetRoles() (roles []services.Role, err error)
- func (cs *CachingAuthClient) GetUsers() (users []services.User, err error)
- func (cs *CachingAuthClient) UpsertNode(s services.Server) error
- func (cs *CachingAuthClient) UpsertProxy(s services.Server) error
- type Config
- type NewCachingAccessPoint
Constants ¶
const ( // DefaultQueueLen determines how many logging events to queue in-memory // before start dropping them (probably because logging server is down) DefaultQueueLen = 300 // DefaultFlushTimeout is a period to flush after no other events have been received DefaultFlushTimeout = time.Second // DefaultFlushChunks is a max chunks accumulated over period to flush DefaultFlushChunks = 250 // DefaultFlushBytes is a max bytes of the chunks before the flush will be triggered DefaultFlushBytes = 100000 // DefaultThrottleTimeout is a latency after we will DefaultThrottleTimeout = 500 * time.Millisecond // DefaultThrottleDuration is a period that we will throttle the slow network for // before trying to send again DefaultThrottleDuration = 10 * time.Second // DefaultBackoffInitialInterval is initial interval for backoff DefaultBackoffInitialInterval = 100 * time.Millisecond // DefaultBackoffMaxInterval is maximum interval for backoff DefaultBackoffMaxInterval = DefaultThrottleDuration )
Variables ¶
This section is empty.
Functions ¶
Types ¶
type CachingAuditLog ¶
type CachingAuditLog struct { CachingAuditLogConfig // contains filtered or unexported fields }
CachingAuditLog implements events.IAuditLog on the recording machine (SSH server) It captures the local recording and forwards it to the AuditLog network server Some important properties of this implementation:
- Without back pressure on posting session chunks, audit log was loosing events because produce was much faster than consume and buffer was oveflowing
- Throttle is important to continue the session in case if audit log slowness, as the session output will block and timeout on every request
- It is important to pack chunnks, because ls -laR / would otherwise generate about 10K requests per second. With this packing approach we reduced this number to about 40-50 requests per second, we can now tweak this parameter now by setting queue size and flush buffers.
* Current implementation attaches audit log forwarder per session
func NewCachingAuditLog ¶
func NewCachingAuditLog(cfg CachingAuditLogConfig) (*CachingAuditLog, error)
NewCachingAuditLog creaets a new & fully initialized instance of the alog
func (*CachingAuditLog) Close ¶
func (ll *CachingAuditLog) Close() error
func (*CachingAuditLog) EmitAuditEvent ¶
func (ll *CachingAuditLog) EmitAuditEvent(eventType string, fields events.EventFields) error
func (*CachingAuditLog) GetSessionChunk ¶
func (*CachingAuditLog) GetSessionEvents ¶
func (ll *CachingAuditLog) GetSessionEvents(string, session.ID, int) ([]events.EventFields, error)
func (*CachingAuditLog) PostSessionChunk ¶
func (*CachingAuditLog) PostSessionSlice ¶
func (ll *CachingAuditLog) PostSessionSlice(slice events.SessionSlice) error
func (*CachingAuditLog) SearchEvents ¶
func (ll *CachingAuditLog) SearchEvents(time.Time, time.Time, string) ([]events.EventFields, error)
type CachingAuditLogConfig ¶
type CachingAuditLogConfig struct { // Namespace is session namespace Namespace string // SessionID is session ID this log forwards for SessionID string // Server is the server receiving audit events Server events.IAuditLog // QueueLen is length of the caching queue QueueLen int // FlushChunks controls how many chunks to aggregate before submit FlushChunks int // Context is an optional context Context context.Context // ThrottleTimeout is a timeout that triggers throttling ThrottleTimeout time.Duration // ThrottleDuration is a duration for throttling ThrottleDuration time.Duration // FlushTimeout is a period to flush buffered chunks if the queue // has not filled up yet FlushTimeout time.Duration // FlushBytes sets amount of bytes per slice that triggers // the flush to the server FlushBytes int64 // BackoffInitialInterval is initial interval for backoff BackoffInitialInterval time.Duration // BackoffMaxInterval is maximum interval for backoff BackoffMaxInterval time.Duration }
CachingAuditLogConifig sets configuration for caching audit log
func (*CachingAuditLogConfig) CheckAndSetDefaults ¶
func (c *CachingAuditLogConfig) CheckAndSetDefaults() error
CheckAndSetDefaults checks and sets defaults
type CachingAuthClient ¶
type CachingAuthClient struct { Config // contains filtered or unexported fields }
CachingAuthClient implements auth.AccessPoint interface and remembers the previously returned upstream value for each API call.
This which can be used if the upstream AccessPoint goes offline
func NewCachingAuthClient ¶
func NewCachingAuthClient(config Config) (*CachingAuthClient, error)
NewCachingAuthClient creates a new instance of CachingAuthClient using a live connection to the auth server (ap)
func (*CachingAuthClient) GetCertAuthorities ¶
func (cs *CachingAuthClient) GetCertAuthorities(ct services.CertAuthType, loadKeys bool) (cas []services.CertAuthority, err error)
GetCertAuthorities is a part of auth.AccessPoint implementation
func (*CachingAuthClient) GetDomainName ¶
func (cs *CachingAuthClient) GetDomainName() (clusterName string, err error)
GetDomainName is a part of auth.AccessPoint implementation
func (*CachingAuthClient) GetNamespace ¶
func (cs *CachingAuthClient) GetNamespace(name string) (namespace *services.Namespace, err error)
GetNamespace returns namespace
func (*CachingAuthClient) GetNamespaces ¶
func (cs *CachingAuthClient) GetNamespaces() (namespaces []services.Namespace, err error)
GetNamespaces is a part of auth.AccessPoint implementation
func (*CachingAuthClient) GetNodes ¶
func (cs *CachingAuthClient) GetNodes(namespace string) (nodes []services.Server, err error)
GetNodes is a part of auth.AccessPoint implementation
func (*CachingAuthClient) GetProxies ¶
func (cs *CachingAuthClient) GetProxies() (proxies []services.Server, err error)
GetProxies is a part of auth.AccessPoint implementation
func (*CachingAuthClient) GetReverseTunnels ¶
func (cs *CachingAuthClient) GetReverseTunnels() (tunnels []services.ReverseTunnel, err error)
func (*CachingAuthClient) GetRole ¶
func (cs *CachingAuthClient) GetRole(name string) (role services.Role, err error)
GetRole is a part of auth.AccessPoint implementation
func (*CachingAuthClient) GetRoles ¶
func (cs *CachingAuthClient) GetRoles() (roles []services.Role, err error)
GetRoles is a part of auth.AccessPoint implementation
func (*CachingAuthClient) GetUsers ¶
func (cs *CachingAuthClient) GetUsers() (users []services.User, err error)
GetUsers is a part of auth.AccessPoint implementation
func (*CachingAuthClient) UpsertNode ¶
func (cs *CachingAuthClient) UpsertNode(s services.Server) error
UpsertNode is part of auth.AccessPoint implementation
func (*CachingAuthClient) UpsertProxy ¶
func (cs *CachingAuthClient) UpsertProxy(s services.Server) error
UpsertProxy is part of auth.AccessPoint implementation
type Config ¶
type Config struct { // CacheTTL sets maximum TTL the cache keeps the value CacheTTL time.Duration // NeverExpires if set, never expires cache values NeverExpires bool // AccessPoint is access point for this AccessPoint auth.AccessPoint // Backend is cache backend Backend backend.Backend // Clock can be set to control time Clock clockwork.Clock // SkipPreload turns off preloading on start SkipPreload bool }
Config is CachingAuthClient config
func (*Config) CheckAndSetDefaults ¶
CheckAndSetDefaults checks parameters and sets default values
type NewCachingAccessPoint ¶
NewCachingAcessPoint returns new caching access point using access point policy