controller

package
v0.12.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 9, 2023 License: MPL-2.0 Imports: 121 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultOrgId                             = "o_1234567890"
	DefaultProjectId                         = "p_1234567890"
	DefaultTestPasswordAuthMethodId          = "ampw_1234567890"
	DefaultTestOidcAuthMethodId              = "amoidc_1234567890"
	DefaultTestLoginName                     = "admin"
	DefaultTestUnprivilegedLoginName         = "user"
	DefaultTestPassword                      = "passpass"
	DefaultTestUserId                        = "u_1234567890"
	DefaultTestPasswordAccountId             = intglobals.NewPasswordAccountPrefix + "_1234567890"
	DefaultTestOidcAccountId                 = "acctoidc_1234567890"
	DefaultTestUnprivilegedPasswordAccountId = intglobals.NewPasswordAccountPrefix + "_0987654321"
	DefaultTestUnprivilegedOidcAccountId     = "acctoidc_0987654321"
	DefaultTestPluginId                      = "pl_1234567890"
)

Variables

View Source 
var NonceCleanupInterval = 2 * time.Minute

This is exported so it can be tweaked in tests

Functions

This section is empty.

Types

type Config 

type Config struct {
	// The base Server object, containing things shared between Controllers and
	// Workers
	*base.Server
	// The underlying configuration, passed in here to avoid duplicating values
	// everywhere
	RawConfig *config.Config
	// If set, authorization checking occurrs but failures are ignored
	DisableAuthorizationFailures bool
}

func TestControllerConfig 

func TestControllerConfig(t testing.TB, ctx context.Context, tc *TestController, opts *TestControllerOpts) *Config

TestControllerConfig provides a way to create a config for a TestController. The tc passed as a parameter will be modified by this func.

type Controller 

type Controller struct {

	// Repo factory methods
	AuthTokenRepoFn         common.AuthTokenRepoFactory
	VaultCredentialRepoFn   common.VaultCredentialRepoFactory
	StaticCredentialRepoFn  common.StaticCredentialRepoFactory
	IamRepoFn               common.IamRepoFactory
	OidcRepoFn              common.OidcAuthRepoFactory
	PasswordAuthRepoFn      common.PasswordAuthRepoFactory
	ServersRepoFn           common.ServersRepoFactory
	SessionRepoFn           session.RepositoryFactory
	ConnectionRepoFn        common.ConnectionRepoFactory
	StaticHostRepoFn        common.StaticRepoFactory
	PluginHostRepoFn        common.PluginHostRepoFactory
	HostPluginRepoFn        common.HostPluginRepoFactory
	TargetRepoFn            target.RepositoryFactory
	WorkerAuthRepoStorageFn common.WorkerAuthRepoStorageFactory

	// Used to signal the Health Service to start
	// replying to queries with "503 Service Unavailable".
	HealthService *health.Service
	// contains filtered or unexported fields
}

func New 

func New(ctx context.Context, conf *Config) (*Controller, error)

func (*Controller) GetHealthHandler 

func (c *Controller) GetHealthHandler(lcfg *listenerutil.ListenerConfig) (http.Handler, error)

GetHealthHandler returns a gRPC Gateway mux that is registered against the controller's gRPC health service to make it accessible from an HTTP API.

func (*Controller) Shutdown 

func (c *Controller) Shutdown() error

func (*Controller) Start 

func (c *Controller) Start() error

func (*Controller) WorkerStatusUpdateTimes 

func (c *Controller) WorkerStatusUpdateTimes() *sync.Map

WorkerStatusUpdateTimes returns the map, which specifically is held in _this_ controller, not the DB. It's used in tests to verify that a given controller is receiving updates from an expected set of workers, to test out balancing and auto reconnection.

type HandlerProperties 

type HandlerProperties struct {
	ListenerConfig *listenerutil.ListenerConfig
	CancelCtx      context.Context
}

type TestController 

type TestController struct {
	// contains filtered or unexported fields
}

TestController wraps a base.Server and Controller to provide a fully-programmatic controller for tests. Error checking (for instance, for valid config) is not stringent at the moment.

func NewTestController 

func NewTestController(t testing.TB, opts *TestControllerOpts) *TestController

func (*TestController) AddClusterControllerMember 

func (tc *TestController) AddClusterControllerMember(t testing.TB, opts *TestControllerOpts) *TestController

func (*TestController) ApiAddrs 

func (tc *TestController) ApiAddrs() []string

func (*TestController) AuthTokenRepo 

func (tc *TestController) AuthTokenRepo() *authtoken.Repository

func (*TestController) Cancel 

func (tc *TestController) Cancel()

func (*TestController) Client 

func (tc *TestController) Client() *api.Client

func (*TestController) ClusterAddrs 

func (tc *TestController) ClusterAddrs() []string

func (*TestController) Config 

func (tc *TestController) Config() *Config

func (*TestController) ConnectionsRepo 

func (tc *TestController) ConnectionsRepo() *session.ConnectionRepository

func (*TestController) Context 

func (tc *TestController) Context() context.Context

func (*TestController) Controller 

func (tc *TestController) Controller() *Controller

Controller returns the underlying controller

func (*TestController) DbConn 

func (tc *TestController) DbConn() *db.DB

func (*TestController) IamRepo 

func (tc *TestController) IamRepo() *iam.Repository

func (*TestController) Kms 

func (tc *TestController) Kms() *kms.Kms

func (*TestController) Logger 

func (tc *TestController) Logger() hclog.Logger

func (*TestController) Name 

func (tc *TestController) Name() string

func (*TestController) PluginHostRepo added in v0.12.1 

func (tc *TestController) PluginHostRepo() *plugin.Repository

func (*TestController) Scheduler added in v0.12.1 

func (tc *TestController) Scheduler() *scheduler.Scheduler

func (*TestController) Server 

func (tc *TestController) Server() *base.Server

Server returns the underlying base server

func (*TestController) ServersRepo 

func (tc *TestController) ServersRepo() *server.Repository

func (*TestController) Shutdown 

func (tc *TestController) Shutdown()

Shutdown runs any cleanup functions; be sure to run this after your test is done

func (*TestController) Token 

func (tc *TestController) Token() *authtokens.AuthToken

func (*TestController) UnprivilegedToken 

func (tc *TestController) UnprivilegedToken() *authtokens.AuthToken

func (*TestController) VaultCredentialRepo added in v0.12.1 

func (tc *TestController) VaultCredentialRepo() *vault.Repository

func (*TestController) WaitForNextWorkerStatusUpdate 

func (tc *TestController) WaitForNextWorkerStatusUpdate(workerStatusName string) error

WaitForNextWorkerStatusUpdate waits for the next status check from a worker to come in. If it does not come in within the default status grace period, this function returns an error.

type TestControllerOpts 

type TestControllerOpts struct {
	// ConfigHcl is the HCL to be parsed to generate the initial config.
	// Overrides Config if both are set.
	ConfigHcl string

	// Config; if not provided a dev one will be created, unless ConfigHcl is
	// set.
	Config *config.Config

	// DefaultPasswordAuthMethodId is the default password method ID to use, if set.
	DefaultPasswordAuthMethodId string

	// DefaultOidcAuthMethodId is the default OIDC method ID to use, if set.
	DefaultOidcAuthMethodId string

	// DefaultLoginName is the login name used when creating the default admin account.
	DefaultLoginName string

	// DefaultUnprivilegedLoginName is the login name used when creating the default unprivileged account.
	DefaultUnprivilegedLoginName string

	// DefaultPassword is the password used when creating the default accounts.
	DefaultPassword string

	// DisableInitialLoginRoleCreation can be set true to disable creating the
	// global scope login role automatically.
	DisableInitialLoginRoleCreation bool

	// DisableAuthMethodCreation can be set true to disable creating an auth
	// method automatically.
	DisableAuthMethodCreation bool

	// DisableOidcAuthMethodCreation can be set true to disable the built-in
	// OIDC listener. Useful for e.g. unix listener tests.
	DisableOidcAuthMethodCreation bool

	// DisableScopesCreation can be set true to disable creating scopes
	// automatically.
	DisableScopesCreation bool

	// DisableHostResourcesCreation can be set true to disable creating a host
	// catalog and related resources automatically.
	DisableHostResourcesCreation bool

	// DisableTargetCreation can be set true to disable creating a target
	// automatically.
	DisableTargetCreation bool

	// DisableDatabaseCreation can be set true to disable creating a dev
	// database
	DisableDatabaseCreation bool

	// DisableDatabaseDestruction can be set true to allow a database to be
	// created but examined after-the-fact
	DisableDatabaseDestruction bool

	// DatabaseUrl will cause the test controller to connect to an existing
	// database given the url instead of creating a new one
	DatabaseUrl string

	// DisableDatabaseTemplate forces using a fresh Postgres instance in Docker
	// instead of using a local templated version. Useful for CI of external
	// repos, like Terraform.
	DisableDatabaseTemplate bool

	// If true, the controller will not be started
	DisableAutoStart bool

	// DisableEventing, if true the test controller will not create events
	// You must not run the test in parallel (no calls to t.Parallel) since the
	// this option relies on modifying the system wide default eventer.
	DisableEventing bool

	// DisableAuthorizationFailures will still cause authz checks to be
	// performed but they won't cause 403 Forbidden. Useful for API-level
	// testing to avoid a lot of faff.
	DisableAuthorizationFailures bool

	// The controller KMS to use, or one will be created
	RootKms wrapping.Wrapper

	// The worker auth KMS to use, or one will be created
	WorkerAuthKms wrapping.Wrapper

	// The recovery KMS to use, or one will be created
	RecoveryKms wrapping.Wrapper

	// Disables KMS key creation. Only valid when a database url is specified,
	// at the moment.
	DisableKmsKeyCreation bool

	// The name to use for the controller, otherwise one will be randomly
	// generated, unless provided in a non-nil Config
	Name string

	// The suffix to use for initial resources
	InitialResourcesSuffix string

	// The logger to use, or one will be created
	Logger hclog.Logger

	// The registerer to use for registering all the collectors.  Nil means
	// no metrics are registered.
	PrometheusRegisterer prometheus.Registerer

	// A cluster address for overriding the advertised controller listener
	// (overrides address provided in config, if any)
	PublicClusterAddr string

	// The amount of time to wait before marking connections as canceling when a
	// worker has not reported in
	WorkerStatusGracePeriodDuration time.Duration

	// The period of time after which it will consider other controllers to be
	// no longer accessible, based on time since their last status update in the
	// database
	LivenessTimeToStaleDuration time.Duration

	// The amount of time between the scheduler waking up to run it's registered
	// jobs.
	SchedulerRunJobInterval time.Duration
}

Source Files

View all Source files

Directories

Path Synopsis
Package common contains types and helper functions that are used across the different packages under internal/server/controller.
 Package common contains types and helper functions that are used across the different packages under internal/server/controller.
scopeids
accounts
authmethods
authtokens
credentiallibraries
credentials
credentialstores
groups
health
host_catalogs
host_sets
hosts
managed_groups
roles
scopes
sessions
targets
targets/tcp
users
workers
internal
metric
Package metric provides functions to initialize the controller specific collectors and hooks to measure metrics and update the relevant collectors.
 Package metric provides functions to initialize the controller specific collectors and hooks to measure metrics and update the relevant collectors.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.