utils

package
v2.3.7+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 4, 2018 License: Apache-2.0 Imports: 42 Imported by: 974

Documentation

Index

Constants

View Source
const (
	// DefaultLRUCapacity is a capacity for LRU session cache
	DefaultLRUCapacity = 1024
	// DefaultCertTTL sets the TTL of the self-signed certificate (1 year)
	DefaultCertTTL = (24 * time.Hour) * 365
)
View Source
const (
	// HumanTimeFormatString is a human readable date formatting
	HumanTimeFormatString = "Mon Jan _2 15:04 UTC"
	// CertTeleportUser specifies teleport user
	CertTeleportUser = "x-teleport-user"
	// CertTeleportUserCA specifies teleport certificate authority
	CertTeleportUserCA = "x-teleport-user-ca"
	// CertExtensionRole specifies teleport role
	CertExtensionRole = "x-teleport-role"
	// CertExtensionAuthority specifies teleport authority's name
	// that signed this domain
	CertExtensionAuthority = "x-teleport-authority"
	// HostUUIDFile is the file name where the host UUID file is stored
	HostUUIDFile = "host_uuid"
	// CertTeleportClusterName  is a name of the teleport cluster
	CertTeleportClusterName = "x-teleport-cluster-name"
)
View Source
const (
	WebSocketBinaryMode = iota
	WebSocketTextMode
)

Variables

This section is empty.

Functions

func CheckCompatibilityFlag

func CheckCompatibilityFlag(s string) (string, error)

CheckCompatibilityFlag check that the compatibility flag is valid.

func Consolef added in v1.0.0

func Consolef(w io.Writer, msg string, params ...interface{})

Consolef prints the same message to a 'ui console' (if defined) and also to the logger with INFO priority

func CopyStringMap

func CopyStringMap(a map[string]string) map[string]string

CopyStringMap makes a deep copy of a map[string]string and returns the copy.

func CopyStringMapInterface

func CopyStringMapInterface(a map[string]interface{}) map[string]interface{}

CopyStringMapInterface makes a deep copy of the passed in map[string]interface{} and returns the copy.

func CopyStringMapSlices

func CopyStringMapSlices(a map[string][]string) map[string][]string

CopyStringMapSlices makes a deep copy of the passed in map[string][]string and returns the copy.

func CopyStrings

func CopyStrings(in []string) []string

CopyStrings makes a deep copy of the passed in string slice and returns the copy.

func CreateTLSConfiguration

func CreateTLSConfiguration(certFile, keyFile string) (*tls.Config, error)

CreateTLSConfiguration sets up default TLS configuration

func CryptoRandomHex added in v1.0.0

func CryptoRandomHex(len int) (string, error)

CryptoRandomHex returns hex encoded random string generated with crypto-strong pseudo random generator of the given bytes

func Deduplicate

func Deduplicate(in []string) []string

Deduplicate deduplicates list of strings

func FatalError added in v1.0.0

func FatalError(err error)

FatalError is for CLI front-ends: it detects gravitational/trace debugging information, sends it to the logger, strips it off and prints a clean message to stderr

func GenerateOTPURL

func GenerateOTPURL(typ string, label string, parameters map[string][]byte) string

GenerateOTPURL returns a OTP Key URL that can be used to construct a HOTP or TOTP key. For more details see: https://github.com/google/google-authenticator/wiki/Key-Uri-Format Example: otpauth://totp/foo:bar@baz.com?secret=qux

func GenerateQRCode

func GenerateQRCode(u string) ([]byte, error)

GenerateQRCode takes in a OTP Key URL and returns a PNG-encoded QR code.

func GenerateSelfSignedSigningCert

func GenerateSelfSignedSigningCert(entity pkix.Name, dnsNames []string, ttl time.Duration) ([]byte, []byte, error)

GenerateSelfSignedSigningCert generates self-signed certificate used for digital signatures

func GuessHostIP added in v1.0.0

func GuessHostIP() (ip net.IP, err error)

GuessIP tries to guess an IP address this machine is reachable at on the internal network, always picking IPv4 from the internal address space

If no internal IPs are found, it returns 127.0.0.1 but it never returns an address from the public IP space

func HumanTimeFormat

func HumanTimeFormat(d time.Time) string

HumanTimeFormat formats time as recognized by humans

func InitCLIParser added in v1.0.0

func InitCLIParser(appName, appHelp string) (app *kingpin.Application)

InitCLIParser configures kingpin command line args parser with some defaults common for all Teleport CLI tools

func InitLogger

func InitLogger(purpose LoggingPurpose, level log.Level)

InitLogger configures the global logger for a given purpose / verbosity level

func InitLoggerForTests added in v1.0.0

func InitLoggerForTests()

func InterfaceMapsEqual

func InterfaceMapsEqual(a, b map[string]interface{}) bool

InterfaceMapsEqual returns true if two interface maps are equal.

func IsDir added in v1.0.0

func IsDir(dirPath string) bool

IsDir is a helper function to quickly check if a given path is a valid directory

func IsFile added in v1.0.0

func IsFile(fp string) bool

IsFile returns true if a given file path points to an existing file

func IsHandshakeFailedError added in v1.0.0

func IsHandshakeFailedError(err error) bool

IsHandshakeFailedError specifies whether this error indicates failed handshake

func IsLocalhost added in v1.0.0

func IsLocalhost(host string) bool

IsLocalhost returns true if this is a local hostname or ip

func IsLoopback added in v1.0.0

func IsLoopback(host string) bool

IsLoopback returns 'true' if a given hostname resolves to local host's loopback interface

func IsSelfSigned

func IsSelfSigned(certificateChain []*x509.Certificate) bool

IsSelfSigned checks if the certificate is a self-signed certificate. To check if a certificate is self signed, we make sure that only one certificate is in the chain and that the SubjectKeyId and AuthorityKeyId match.

From RFC5280: https://tools.ietf.org/html/rfc5280#section-4.2.1.1

The signature on a self-signed certificate is generated with the private
key associated with the certificate's subject public key.  (This
proves that the issuer possesses both the public and private keys.)
In this case, the subject and authority key identifiers would be
identical, but only the subject key identifier is needed for
certification path building.

func IsShellFailedError added in v1.0.0

func IsShellFailedError(err error) bool

IsShellFailedError specifies whether this error indicates failed attempt to start shell

func ListenTLS added in v1.0.0

func ListenTLS(address string, certFile, keyFile string) (net.Listener, error)

ListenTLS sets up TLS listener for the http handler, starts listening on a TCP socket and returns the socket which is ready to be used for http.Serve

func MinTTL

func MinTTL(a, b time.Duration) time.Duration

MinTTL finds min non 0 TTL duration, if both durations are 0, fails

func MultiCloser

func MultiCloser(closers ...io.Closer) *multiCloser

MultiCloser implements io.Close, it sequentially calls Close() on each object

func NewChConn added in v1.0.0

func NewChConn(conn ssh.Conn, ch ssh.Channel) *chConn

func NormalizePath

func NormalizePath(path string) (string, error)

NormalizePath normalises path, evaluating symlinks and converting local paths to absolute

func ObeyIdleTimeout

func ObeyIdleTimeout(conn net.Conn, timeout time.Duration, ownerName string) net.Conn

ObeyIdleTimeout wraps an existing network connection with timeout-obeying Write() and Read() - it will drop the connection after 'timeout' on idle

Example: ObeyIdletimeout(conn, time.Second * 60, "api server").

func ObjectToStruct

func ObjectToStruct(in interface{}, out interface{}) error

ObjectToStruct is converts any structure into JSON and then unmarshalls it into another structure.

Teleport configuration uses this (strange, at first) trick to convert from one struct type to another, if their fields are loosely compatible via their `json` tags

Example: assume you have two structs:

type A struct {
    Name string `json:"name"`
	   Age  int    `json:"age"`
}
type B struct {
	   FullName string `json:"name"`
}

Now you can convert B to A:

		b := &B{ FullName: "Bob Dilan"}
		var a *A
		utils.ObjectToStruct(b, &a)
		fmt.Println(a.Name)

 > "Bob Dilan"

func OpenFile

func OpenFile(path string) (*os.File, error)

OpenFile opens file and returns file handle

func ParseCertificatePEM

func ParseCertificatePEM(bytes []byte) (*x509.Certificate, error)

ParseCertificatePEM parses PEM-encoded certificate

func ParseCertificateRequestPEM

func ParseCertificateRequestPEM(bytes []byte) (*x509.CertificateRequest, error)

ParseCertificateRequestPEM parses PEM-encoded certificate signing request

func ParsePrivateKeyDER

func ParsePrivateKeyDER(der []byte) (crypto.Signer, error)

ParsePrivateKeyDER parses unencrypted DER-encoded private key

func ParsePrivateKeyPEM

func ParsePrivateKeyPEM(bytes []byte) (crypto.Signer, error)

ParsePrivateKeyPEM parses PEM-encoded private key

func PrintVersion added in v1.0.0

func PrintVersion(distro teleport.DistroType)

PrintVersion prints human readable version.

  • distro: name of the distribution. Empty string for OSS or "enterprise"

func RandomDuration added in v1.0.0

func RandomDuration(max time.Duration) time.Duration

RandomDuration returns a duration in a range [0, max)

func ReadAll added in v1.0.0

func ReadAll(r io.Reader, bufsize int) (out []byte, err error)

ReadAll is similarl to ioutil.ReadAll, except it doesn't use ever-increasing internal buffer, instead asking for the exact buffer size.

This is useful when you want to limit the sze of Read/Writes (websockets)

func ReadCertificateChain

func ReadCertificateChain(certificateChainBytes []byte) ([]*x509.Certificate, error)

ReadCertificateChain parses PEM encoded bytes that can contain one or multiple certificates and returns a slice of x509.Certificate.

func ReadEnvironmentFile

func ReadEnvironmentFile(filename string) ([]string, error)

ReadEnvironmentFile will read environment variables from a passed in location. Lines that start with "#" or empty lines are ignored. Assignments are in the form name=value and no variable expansion occurs.

func ReadHostUUID added in v1.0.0

func ReadHostUUID(dataDir string) (string, error)

ReadHostUUID reads host UUID from the file in the data dir

func ReadOrMakeHostUUID added in v1.0.0

func ReadOrMakeHostUUID(dataDir string) (string, error)

ReadOrMakeHostUUID looks for a hostid file in the data dir. If present, returns the UUID from it, otherwise generates one

func ReadPath

func ReadPath(path string) ([]byte, error)

func ReplaceLocalhost added in v1.0.0

func ReplaceLocalhost(addr, replaceWith string) string

ReplaceLocalhost checks if a given address is link-local (like 0.0.0.0 or 127.0.0.1) and replaces it with the IP taken from replaceWith, preserving the original port

Both addresses are in "host:port" format The function returns the original value if it encounters any problems with parsing

func ResetInterruptSignalHandler

func ResetInterruptSignalHandler()

ResetInterruptSignal will reset the handler for SIGINT back to the default handler. We need to do this because when sysvinit launches Teleport on some operating systems (like CentOS 6.8) it configures Teleport to ignore SIGINT signals. See the following for more details:

http://garethrees.org/2015/08/07/ping/ https://github.com/openssh/openssh-portable/commit/4e0f5e1ec9b6318ef251180dbca50eaa01f74536

func SliceContainsStr

func SliceContainsStr(slice []string, value string) bool

SliceContainsStr returns 'true' if the slice contains the given value

func SplitHostPort

func SplitHostPort(hostname string) (string, string, error)

SplitHostPort splits host and port and checks that host is not empty

func SplitReaders

func SplitReaders(r1 io.Reader, r2 io.Reader) io.Reader

func StartHTTPServer

func StartHTTPServer(addr NetAddr, h http.Handler) error

func StatDir

func StatDir(path string) (os.FileInfo, error)

StatDir stats directory, returns error if file exists, but not a directory

func StringMapSlicesEqual

func StringMapSlicesEqual(a, b map[string][]string) bool

StringMapSlicesEqual returns true if two maps of string slices are equal

func StringMapsEqual

func StringMapsEqual(a, b map[string]string) bool

StringMapsEqual returns true if two strings maps are equal

func StringSlicesEqual

func StringSlicesEqual(a, b []string) bool

StringSlicesEqual returns true if string slices equal

func SwitchLoggingtoSyslog

func SwitchLoggingtoSyslog()

SwitchLoggingtoSyslog tells the logger to send the output to syslog

func ToJSON

func ToJSON(data []byte) ([]byte, error)

ToJSON converts a single YAML document into a JSON document or returns an error. If the document appears to be JSON the YAML decoding path is not used (so that error messages are JSON specific). Creds to: k8s.io for the code

func ToTTL

func ToTTL(c clockwork.Clock, tm time.Time) time.Duration

ToTTL converts expiration time to TTL duration relative to current time as provided by clock

func UTC

func UTC(t *time.Time)

UTC converts time to UTC timezone

func UnmarshalWithSchema

func UnmarshalWithSchema(schemaDefinition string, object interface{}, data []byte) error

UnmarshalWithSchema processes YAML or JSON encoded object with JSON schema, sets defaults and unmarshals resulting object into given struct

func UserMessageFromError added in v1.0.0

func UserMessageFromError(err error) string

UserMessageFromError returns user friendly error message from error

func VerifyCertificateChain

func VerifyCertificateChain(certificateChain []*x509.Certificate) error

VerifyCertificateChain reads in chain of certificates and makes sure the chain from leaf to root is valid. This ensures that clients (web browsers and CLI) won't have problem validating the chain.

func WriteHostUUID added in v1.0.0

func WriteHostUUID(dataDir string, id string) error

WriteHostUUID writes host UUID into a file

Types

type AddrStorage added in v1.0.0

type AddrStorage interface {
	// SetAddresses saves addresses
	SetAddresses([]NetAddr) error
	// GetAddresses
	GetAddresses() ([]NetAddr, error)
}

AddrStorage is used to store information locally for every client that connects in the cluster, so it can always have up-to-date info about auth servers

type CloseBroadcaster added in v1.0.0

type CloseBroadcaster struct {
	sync.Once
	C chan struct{}
}

CloseBroadcaster is a helper struct that implements io.Closer and uses channel to broadcast it's closed state once called

func NewCloseBroadcaster added in v1.0.0

func NewCloseBroadcaster() *CloseBroadcaster

NewCloseBroadcaster returns new instance of close broadcaster

func (*CloseBroadcaster) Close added in v1.0.0

func (b *CloseBroadcaster) Close() error

Close closes channel (once) to start broadcasting it's closed state

type FileAddrStorage added in v1.0.0

type FileAddrStorage struct {
	// contains filtered or unexported fields
}

FileAddrStorage is a file based address storage

func NewFileAddrStorage added in v1.0.0

func NewFileAddrStorage(filePath string) *FileAddrStorage

NewFileAddrStorage returns new instance of file-based address storage

func (*FileAddrStorage) GetAddresses added in v1.0.0

func (fs *FileAddrStorage) GetAddresses() ([]NetAddr, error)

GetAddresses returns saved address list

func (*FileAddrStorage) SetAddresses added in v1.0.0

func (fs *FileAddrStorage) SetAddresses(addrs []NetAddr) error

SetAddresses updates storage with new address list

type FileNode

type FileNode struct {
	Parent string `json:"parent"`
	Name   string `json:"name"`
	Dir    bool   `json:"bool"`
	Size   int64  `json:"size"`
	Mode   int64  `json:"mode"`
}

type HostKeyCallback added in v1.0.0

type HostKeyCallback func(hostID string, remote net.Addr, key ssh.PublicKey) error

type LoggingPurpose

type LoggingPurpose int
const (
	LoggingForDaemon LoggingPurpose = iota
	LoggingForCLI
	LoggingForTests
)

type NetAddr

type NetAddr struct {
	// Addr is the host:port address, like "localhost:22"
	Addr string `json:"addr"`
	// AddrNetwork is the type of a network socket, like "tcp" or "unix"
	AddrNetwork string `json:"network,omitempty"`
	// Path is a socket file path, like '/var/path/to/socket' in "unix:///var/path/to/socket"
	Path string `json:"path,omitempty"`
}

NetAddr is network address that includes network, optional path and host port

func MustParseAddr added in v1.0.0

func MustParseAddr(a string) *NetAddr

MustParseAddr parses the provided string into NetAddr or panics on an error

func ParseAddr

func ParseAddr(a string) (*NetAddr, error)

ParseAddr takes strings like "tcp://host:port/path" and returns *NetAddr or an error

func ParseHostPortAddr added in v1.0.0

func ParseHostPortAddr(hostport string, defaultPort int) (*NetAddr, error)

ParseHostPortAddr takes strings like "host:port" and returns *NetAddr or an error

If defaultPort == -1 it expects 'hostport' string to have it

func (*NetAddr) FullAddress

func (a *NetAddr) FullAddress() string

FullAddress returns full address including network and address (tcp://0.0.0.0:1243)

func (*NetAddr) IsEmpty

func (a *NetAddr) IsEmpty() bool

IsEmpty returns true if address is empty

func (*NetAddr) IsLocal added in v1.0.0

func (a *NetAddr) IsLocal() bool

IsLocal returns true if this is a local address

func (*NetAddr) IsLoopback added in v1.0.0

func (a *NetAddr) IsLoopback() bool

IsLoopback returns true if this is a loopback address

func (*NetAddr) MarshalYAML added in v1.0.0

func (a *NetAddr) MarshalYAML() (interface{}, error)

MarshalYAML defines how a network address should be marshalled to a string

func (*NetAddr) Network

func (a *NetAddr) Network() string

Network returns the scheme for this network address (tcp or unix)

func (*NetAddr) Set

func (a *NetAddr) Set(s string) error

func (*NetAddr) String

func (a *NetAddr) String() string

String returns address without network (0.0.0.0:1234)

func (*NetAddr) UnmarshalYAML

func (a *NetAddr) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML defines how a string can be unmarshalled into a network address

type NetAddrList

type NetAddrList []NetAddr

NetAddrList is a list of NetAddrs that supports helper methods for parsing from CLI tools

func (*NetAddrList) Addresses added in v1.0.0

func (nl *NetAddrList) Addresses() []string

Addresses returns a slice of strings converted from the addresses

func (*NetAddrList) Set

func (nl *NetAddrList) Set(s string) error

Set is called by CLI tools

func (*NetAddrList) String

func (nl *NetAddrList) String() string

String returns debug-friendly representation of the tool

type NetAddrVal

type NetAddrVal NetAddr

NetAddrVal can be used with flag package

func NewNetAddrVal

func NewNetAddrVal(defaultVal NetAddr, val *NetAddr) *NetAddrVal

func (*NetAddrVal) Get

func (a *NetAddrVal) Get() interface{}

func (*NetAddrVal) Set

func (a *NetAddrVal) Set(s string) error

func (*NetAddrVal) String

func (a *NetAddrVal) String() string

type PipeNetConn

type PipeNetConn struct {
	// contains filtered or unexported fields
}

PipeNetConn implemetns net.Conn from io.Reader,io.Writer and io.Closer

func NewPipeNetConn

func NewPipeNetConn(reader io.Reader,
	writer io.Writer,
	closer io.Closer,
	fakelocalAddr net.Addr,
	fakeRemoteAddr net.Addr) *PipeNetConn

func (*PipeNetConn) Close

func (nc *PipeNetConn) Close() error

func (*PipeNetConn) LocalAddr

func (nc *PipeNetConn) LocalAddr() net.Addr

func (*PipeNetConn) Read

func (nc *PipeNetConn) Read(buf []byte) (n int, e error)

func (*PipeNetConn) RemoteAddr

func (nc *PipeNetConn) RemoteAddr() net.Addr

func (*PipeNetConn) SetDeadline

func (nc *PipeNetConn) SetDeadline(t time.Time) error

func (*PipeNetConn) SetReadDeadline

func (nc *PipeNetConn) SetReadDeadline(t time.Time) error

func (*PipeNetConn) SetWriteDeadline

func (nc *PipeNetConn) SetWriteDeadline(t time.Time) error

func (*PipeNetConn) Write

func (nc *PipeNetConn) Write(buf []byte) (n int, e error)

type PortList added in v1.0.0

type PortList []string

PortList is a list of TCP port

func GetFreeTCPPorts added in v1.0.0

func GetFreeTCPPorts(n int) (PortList, error)

GetFreeTCPPorts returns a lit of available ports on localhost used for testing

func (*PortList) Pop added in v1.0.0

func (p *PortList) Pop() string

Pop returns a value from the list, it panics if the value is not there

type RemoveDirCloser

type RemoveDirCloser struct {
	Path string
}

RemoveDirCloser removes directory and all it's contents when Close is called

func (*RemoveDirCloser) Close

func (r *RemoveDirCloser) Close() error

Close removes directory and all it's contents

type SigningKeyStore

type SigningKeyStore struct {
	// contains filtered or unexported fields
}

SigningKeyStore is used to sign using X509 digital signatures

func ParseSigningKeyStorePEM

func ParseSigningKeyStorePEM(keyPEM, certPEM string) (*SigningKeyStore, error)

ParseSigningKeyStore parses signing key store from PEM encoded key pair

func (*SigningKeyStore) GetKeyPair

func (ks *SigningKeyStore) GetKeyPair() (*rsa.PrivateKey, []byte, error)

type TLSCredentials added in v1.0.0

type TLSCredentials struct {
	// PublicKey in PEM format
	PublicKey []byte
	// PrivateKey in PEM format
	PrivateKey []byte
	Cert       []byte
}

TLSCredentials keeps the typical 3 components of a proper HTTPS configuration

func GenerateSelfSignedCert added in v1.0.0

func GenerateSelfSignedCert(hostNames []string) (*TLSCredentials, error)

GenerateSelfSignedCert generates a self signed certificate that is valid for given domain names and ips, returns PEM-encoded bytes with key and cert

type TimeoutConn added in v1.2.6

type TimeoutConn struct {
	net.Conn
	TimeoutDuration time.Duration

	// Name is only useful for debugging/logging, it's a convenient
	// way to tag every idle connection
	OwnerName string
}

TimeoutConn wraps an existing net.Conn and adds read/write timeouts for it, allowing to implement "disconnect after XX of idle time" policy

Usage example: tc := utils.ObeyIdleTimeout(conn, time.Second * 30, "ssh connection") io.Copy(tc, xxx)

func (*TimeoutConn) Read added in v1.2.6

func (tc *TimeoutConn) Read(p []byte) (n int, err error)

func (*TimeoutConn) Write added in v1.2.6

func (tc *TimeoutConn) Write(p []byte) (n int, err error)

type WebSockWrapper added in v1.0.0

type WebSockWrapper struct {
	io.ReadWriteCloser
	sync.Mutex
	// contains filtered or unexported fields
}

WebSockWrapper wraps the raw websocket and converts Write() calls to proper websocket.Send() working in binary or text mode. If text mode is selected, it converts the data passed to Write() into UTF8 bytes

We need this to make sure that the entire buffer in io.Writer.Write(buffer) is delivered as a single chunk to the web browser, instead of being split into multiple frames. This wrapper basically substitues every Write() with Send() and every Read() with Receive()

func NewWebSockWrapper added in v1.0.0

func NewWebSockWrapper(ws *websocket.Conn, m WebSocketMode) *WebSockWrapper

func (*WebSockWrapper) Close added in v1.0.0

func (w *WebSockWrapper) Close() error

func (*WebSockWrapper) Read added in v1.0.0

func (w *WebSockWrapper) Read(out []byte) (n int, err error)

Read does the opposite of write: it replaces websocket's raw "Read" with

It replaces raw Read() with "Message.Receive()"

func (*WebSockWrapper) Write added in v1.0.0

func (w *WebSockWrapper) Write(data []byte) (n int, err error)

Write implements io.WriteCloser for WebSockWriter (that's the reason we're wrapping the websocket)

It replaces raw Write() with "Message.Send()"

type WebSocketMode added in v1.0.0

type WebSocketMode int

WebSocketMode allows to create WebSocket wrappers working in text or binary mode

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL