Documentation ¶
Overview ¶
integration package tests Teleport on a high level creating clusters of servers in memory, connecting them together and connecting to them
Index ¶
- func SetTestTimeouts(t time.Duration)
- func SetupUser(process *service.TeleportProcess, username string, roles []services.Role) error
- func SetupUserCreds(tc *client.TeleportClient, proxyHost string, creds UserCreds) error
- type ClientConfig
- type InstanceConfig
- type InstanceSecrets
- func (s *InstanceSecrets) AllowedLogins() []string
- func (s *InstanceSecrets) AsSlice() []*InstanceSecrets
- func (s *InstanceSecrets) AsTrustedCluster(token string, roleMap services.RoleMap) services.TrustedCluster
- func (s *InstanceSecrets) GetCAs() []services.CertAuthority
- func (s *InstanceSecrets) GetIdentity() *auth.Identity
- func (s *InstanceSecrets) GetRoles() []services.Role
- func (s *InstanceSecrets) String() string
- type ProxyConfig
- type TeleInstance
- func (i *TeleInstance) AddUser(username string, mappings []string) *User
- func (i *TeleInstance) AddUserWithRole(username string, roles ...services.Role) *User
- func (i *TeleInstance) Create(trustedSecrets []*InstanceSecrets, enableSSH bool, console io.Writer) error
- func (i *TeleInstance) CreateEx(trustedSecrets []*InstanceSecrets, tconf *service.Config) error
- func (i *TeleInstance) GenerateConfig(trustedSecrets []*InstanceSecrets, tconf *service.Config) (*service.Config, error)
- func (i *TeleInstance) GetPortAuth() string
- func (i *TeleInstance) GetPortProxy() string
- func (i *TeleInstance) GetPortReverseTunnel() string
- func (i *TeleInstance) GetPortSSH() string
- func (i *TeleInstance) GetPortSSHInt() int
- func (i *TeleInstance) GetPortWeb() string
- func (i *TeleInstance) GetSiteAPI(siteName string) auth.ClientI
- func (i *TeleInstance) NewClient(cfg ClientConfig) (*client.TeleportClient, error)
- func (i *TeleInstance) NewClientWithCreds(cfg ClientConfig, creds UserCreds) (tc *client.TeleportClient, err error)
- func (i *TeleInstance) NewUnauthenticatedClient(cfg ClientConfig) (tc *client.TeleportClient, err error)
- func (i *TeleInstance) Reset() (err error)
- func (i *TeleInstance) Start() error
- func (i *TeleInstance) StartNode(tconf *service.Config) (*service.TeleportProcess, error)
- func (i *TeleInstance) StartNodeAndProxy(name string, sshPort, proxyWebPort, proxySSHPort int) error
- func (i *TeleInstance) StartProxy(cfg ProxyConfig) (reversetunnel.Server, error)
- func (i *TeleInstance) Stop(removeData bool) error
- func (i *TeleInstance) StopNodes() error
- func (i *TeleInstance) StopProxy() error
- type User
- type UserCreds
- type UserCredsRequest
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func SetTestTimeouts ¶
SetTestTimeouts affects global timeouts inside Teleport, making connections work faster but consuming more CPU (useful for integration testing)
func SetupUserCreds ¶
func SetupUserCreds(tc *client.TeleportClient, proxyHost string, creds UserCreds) error
SetupUserCreds sets up user credentials for client
Types ¶
type ClientConfig ¶
type ClientConfig struct { // Login is SSH login name Login string // Cluster is a cluster name to connect to Cluster string // Host string is a target host to connect to Host string // Port is a target port to connect to Port int // Proxy is an optional alternative proxy to use Proxy *ProxyConfig // ForwardAgent controls if the client requests it's agent be forwarded to // the server. ForwardAgent bool // JumpHost turns on jump host mode JumpHost bool }
ClientConfig is a client configuration
type InstanceConfig ¶
type InstanceConfig struct { // ClusterName is a cluster name of the instance ClusterName string // HostID is a host id of the instance HostID string // NodeName is a node name of the instance NodeName string // Ports is a list of assigned ports to use Ports []int // Priv is SSH private key of the instance Priv []byte // Pub is SSH public key of the instance Pub []byte // MultiplexProxy uses the same port for web and SSH reverse tunnel proxy MultiplexProxy bool }
InstanceConfig is an instance configuration
type InstanceSecrets ¶
type InstanceSecrets struct { // instance name (aka "site name") SiteName string `json:"site_name"` // instance keys+cert (reused for hostCA and userCA) // PubKey is instance public key PubKey []byte `json:"pub"` // PrivKey is instance private key PrivKey []byte `json:"priv"` // Cert is SSH host certificate Cert []byte `json:"cert"` // TLSCACert is the certificate of the trusted certificate authority TLSCACert []byte `json:"tls_ca_cert"` // TLSCert is client TLS X509 certificate TLSCert []byte `json:"tls_cert"` // ListenAddr is a reverse tunnel listening port, allowing // other sites to connect to i instance. Set to empty // string if i instance is not allowing incoming tunnels ListenAddr string `json:"tunnel_addr"` // WebProxyAddr is address for web proxy WebProxyAddr string `json:"web_proxy_addr"` // list of users i instance trusts (key in the map is username) Users map[string]*User `json:"users"` }
func (*InstanceSecrets) AllowedLogins ¶
func (s *InstanceSecrets) AllowedLogins() []string
func (*InstanceSecrets) AsSlice ¶
func (s *InstanceSecrets) AsSlice() []*InstanceSecrets
func (*InstanceSecrets) AsTrustedCluster ¶
func (s *InstanceSecrets) AsTrustedCluster(token string, roleMap services.RoleMap) services.TrustedCluster
func (*InstanceSecrets) GetCAs ¶
func (s *InstanceSecrets) GetCAs() []services.CertAuthority
GetCAs return an array of CAs stored by the secrets object. In i case we always return hard-coded userCA + hostCA (and they share keys for simplicity)
func (*InstanceSecrets) GetIdentity ¶
func (s *InstanceSecrets) GetIdentity() *auth.Identity
func (*InstanceSecrets) GetRoles ¶
func (s *InstanceSecrets) GetRoles() []services.Role
GetRoles returns a list of roles to initiate for this secret
func (*InstanceSecrets) String ¶
func (s *InstanceSecrets) String() string
type ProxyConfig ¶
type ProxyConfig struct { // Name is a proxy name Name string // SSHPort is SSH proxy port SSHPort int // WebPort is web proxy port WebPort int // ReverseTunnelPort is a port for reverse tunnel addresses ReverseTunnelPort int }
ProxyConfig is a set of configuration parameters for Proxy
type TeleInstance ¶
type TeleInstance struct { // Secrets holds the keys (pub, priv and derived cert) of i instance Secrets InstanceSecrets // Slice of TCP ports used by Teleport services Ports []int // Hostname is the name of the host where instance is running Hostname string // Internal stuff... Process *service.TeleportProcess Config *service.Config Tunnel reversetunnel.Server Pool *reversetunnel.AgentPool // Nodes is a list of additional nodes // started with this instance Nodes []*service.TeleportProcess // UploadEventsC is a channel for upload events UploadEventsC chan *events.UploadEvent }
TeleInstance represents an in-memory instance of a teleport process for testing
func NewInstance ¶
func NewInstance(cfg InstanceConfig) *TeleInstance
NewInstance creates a new Teleport process instance
func (*TeleInstance) AddUser ¶
func (i *TeleInstance) AddUser(username string, mappings []string) *User
Adds a new user into i Teleport instance. 'mappings' is a comma-separated list of OS users
func (*TeleInstance) AddUserWithRole ¶
func (i *TeleInstance) AddUserWithRole(username string, roles ...services.Role) *User
AddUserUserWithRole adds user with one or many assigned roles
func (*TeleInstance) Create ¶
func (i *TeleInstance) Create(trustedSecrets []*InstanceSecrets, enableSSH bool, console io.Writer) error
Create creates a new instance of Teleport which trusts a lsit of other clusters (other instances)
func (*TeleInstance) CreateEx ¶ added in v1.1.0
func (i *TeleInstance) CreateEx(trustedSecrets []*InstanceSecrets, tconf *service.Config) error
CreateEx creates a new instance of Teleport which trusts a list of other clusters (other instances)
Unlike Create() it allows for greater customization because it accepts a full Teleport config structure
func (*TeleInstance) GenerateConfig ¶
func (i *TeleInstance) GenerateConfig(trustedSecrets []*InstanceSecrets, tconf *service.Config) (*service.Config, error)
GenerateConfig generates instance config
func (*TeleInstance) GetPortAuth ¶
func (i *TeleInstance) GetPortAuth() string
func (*TeleInstance) GetPortProxy ¶
func (i *TeleInstance) GetPortProxy() string
func (*TeleInstance) GetPortReverseTunnel ¶
func (i *TeleInstance) GetPortReverseTunnel() string
func (*TeleInstance) GetPortSSH ¶
func (i *TeleInstance) GetPortSSH() string
func (*TeleInstance) GetPortSSHInt ¶
func (i *TeleInstance) GetPortSSHInt() int
func (*TeleInstance) GetPortWeb ¶
func (i *TeleInstance) GetPortWeb() string
func (*TeleInstance) GetSiteAPI ¶
func (i *TeleInstance) GetSiteAPI(siteName string) auth.ClientI
GetSiteAPI() is a helper which returns an API endpoint to a site with a given name. i endpoint implements HTTP-over-SSH access to the site's auth server.
func (*TeleInstance) NewClient ¶
func (i *TeleInstance) NewClient(cfg ClientConfig) (*client.TeleportClient, error)
NewClient returns a fully configured and pre-authenticated client (pre-authenticated with server CAs and signed session key)
func (*TeleInstance) NewClientWithCreds ¶
func (i *TeleInstance) NewClientWithCreds(cfg ClientConfig, creds UserCreds) (tc *client.TeleportClient, err error)
NewClientWithCreds creates client with credentials
func (*TeleInstance) NewUnauthenticatedClient ¶
func (i *TeleInstance) NewUnauthenticatedClient(cfg ClientConfig) (tc *client.TeleportClient, err error)
NewUnauthenticatedClient returns a fully configured and pre-authenticated client (pre-authenticated with server CAs and signed session key)
func (*TeleInstance) Reset ¶
func (i *TeleInstance) Reset() (err error)
Reset re-creates the teleport instance based on the same configuration This is needed if you want to stop the instance, reset it and start again
func (*TeleInstance) Start ¶
func (i *TeleInstance) Start() error
Start will start the TeleInstance and then block until it is ready to process requests based off the passed in configuration.
func (*TeleInstance) StartNode ¶
func (i *TeleInstance) StartNode(tconf *service.Config) (*service.TeleportProcess, error)
StartNode starts a SSH node and connects it to the cluster.
func (*TeleInstance) StartNodeAndProxy ¶
func (i *TeleInstance) StartNodeAndProxy(name string, sshPort, proxyWebPort, proxySSHPort int) error
StartNodeAndProxy starts a SSH node and a Proxy Server and connects it to the cluster.
func (*TeleInstance) StartProxy ¶
func (i *TeleInstance) StartProxy(cfg ProxyConfig) (reversetunnel.Server, error)
StartProxy starts another Proxy Server and connects it to the cluster.
func (*TeleInstance) Stop ¶
func (i *TeleInstance) Stop(removeData bool) error
func (*TeleInstance) StopNodes ¶
func (i *TeleInstance) StopNodes() error
StopNodes stops additional nodes
func (*TeleInstance) StopProxy ¶
func (i *TeleInstance) StopProxy() error
StopProxy loops over the extra nodes in a TeleInstance and stops all nodes where the proxy server is enabled.
type UserCreds ¶
type UserCreds struct { // Key is user client key and certificate Key client.Key // HostCA is a trusted host certificate authority HostCA services.CertAuthority }
UserCreds holds user client credentials
func GenerateUserCreds ¶
func GenerateUserCreds(req UserCredsRequest) (*UserCreds, error)
GenerateUserCreds generates key to be used by client
type UserCredsRequest ¶
type UserCredsRequest struct { // Process is a teleport process Process *service.TeleportProcess // Username is a user to generate certs for Username string // RouteToCluster is an optional cluster to route creds to RouteToCluster string }
UserCredsRequest is a request to generate user creds