controller

package
v0.13.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 14, 2023 License: MPL-2.0 Imports: 130 Imported by: 0

Documentation

Index

Constants

View Source
const (
	DefaultOrgId                             = "o_1234567890"
	DefaultProjectId                         = "p_1234567890"
	DefaultTestPasswordAuthMethodId          = "ampw_1234567890"
	DefaultTestOidcAuthMethodId              = "amoidc_1234567890"
	DefaultTestLdapAuthMethodId              = globals.LdapAuthMethodPrefix + "_1234567890"
	DefaultTestLoginName                     = "admin"
	DefaultTestUnprivilegedLoginName         = "user"
	DefaultTestPassword                      = "passpass"
	DefaultTestUserId                        = "u_1234567890"
	DefaultTestPasswordAccountId             = globals.PasswordAccountPrefix + "_1234567890"
	DefaultTestOidcAccountId                 = "acctoidc_1234567890"
	DefaultTestUnprivilegedPasswordAccountId = globals.PasswordAccountPrefix + "_0987654321"
	DefaultTestUnprivilegedOidcAccountId     = "acctoidc_0987654321"
	DefaultTestPluginId                      = "pl_1234567890"
)

Variables

View Source
var NonceCleanupInterval = 2 * time.Minute

This is exported so it can be tweaked in tests

Functions

This section is empty.

Types

type Config

type Config struct {
	// The base Server object, containing things shared between Controllers and
	// Workers
	*base.Server
	// The underlying configuration, passed in here to avoid duplicating values
	// everywhere
	RawConfig *config.Config
	// If set, authorization checking occurrs but failures are ignored
	DisableAuthorizationFailures bool
	// Override worker auth CA certificate lifetime for testing
	TestOverrideWorkerAuthCaCertificateLifetime time.Duration
}

func TestControllerConfig

func TestControllerConfig(t testing.TB, ctx context.Context, tc *TestController, opts *TestControllerOpts) *Config

TestControllerConfig provides a way to create a config for a TestController. The tc passed as a parameter will be modified by this func.

type Controller

type Controller struct {

	// Repo factory methods
	AuthTokenRepoFn           common.AuthTokenRepoFactory
	VaultCredentialRepoFn     common.VaultCredentialRepoFactory
	StaticCredentialRepoFn    common.StaticCredentialRepoFactory
	IamRepoFn                 common.IamRepoFactory
	OidcRepoFn                common.OidcAuthRepoFactory
	LdapRepoFn                common.LdapAuthRepoFactory
	PasswordAuthRepoFn        common.PasswordAuthRepoFactory
	ServersRepoFn             common.ServersRepoFactory
	SessionRepoFn             session.RepositoryFactory
	ConnectionRepoFn          common.ConnectionRepoFactory
	StaticHostRepoFn          common.StaticRepoFactory
	PluginHostRepoFn          common.PluginHostRepoFactory
	PluginStorageBucketRepoFn common.PluginStorageBucketRepoFactory
	PluginRepoFn              common.PluginRepoFactory
	TargetRepoFn              target.RepositoryFactory
	WorkerAuthRepoStorageFn   common.WorkerAuthRepoStorageFactory

	// Used to signal the Health Service to start
	// replying to queries with "503 Service Unavailable".
	HealthService *health.Service

	// ControllerExtension defines a std way to extend the controller
	ControllerExtension intglobals.ControllerExtension
	// contains filtered or unexported fields
}

func New

func New(ctx context.Context, conf *Config) (*Controller, error)

func (*Controller) GetHealthHandler

func (c *Controller) GetHealthHandler(lcfg *listenerutil.ListenerConfig) (http.Handler, error)

GetHealthHandler returns a gRPC Gateway mux that is registered against the controller's gRPC health service to make it accessible from an HTTP API.

func (*Controller) Shutdown

func (c *Controller) Shutdown() error

func (*Controller) Start

func (c *Controller) Start() error

func (*Controller) WorkerStatusUpdateTimes

func (c *Controller) WorkerStatusUpdateTimes() *sync.Map

WorkerStatusUpdateTimes returns the map, which specifically is held in _this_ controller, not the DB. It's used in tests to verify that a given controller is receiving updates from an expected set of workers, to test out balancing and auto reconnection.

type HandlerProperties

type HandlerProperties struct {
	ListenerConfig *listenerutil.ListenerConfig
	CancelCtx      context.Context
}

type TestController

type TestController struct {
	// contains filtered or unexported fields
}

TestController wraps a base.Server and Controller to provide a fully-programmatic controller for tests. Error checking (for instance, for valid config) is not stringent at the moment.

func NewTestController

func NewTestController(t testing.TB, opts *TestControllerOpts) *TestController

func (*TestController) AddClusterControllerMember

func (tc *TestController) AddClusterControllerMember(t testing.TB, opts *TestControllerOpts) *TestController

func (*TestController) ApiAddrs

func (tc *TestController) ApiAddrs() []string

func (*TestController) AuthTokenRepo

func (tc *TestController) AuthTokenRepo() *authtoken.Repository

func (*TestController) Cancel

func (tc *TestController) Cancel()

func (*TestController) Client

func (tc *TestController) Client() *api.Client

func (*TestController) ClusterAddrs

func (tc *TestController) ClusterAddrs() []string

func (*TestController) Config

func (tc *TestController) Config() *Config

func (*TestController) ConnectionsRepo

func (tc *TestController) ConnectionsRepo() *session.ConnectionRepository

func (*TestController) Context

func (tc *TestController) Context() context.Context

func (*TestController) Controller

func (tc *TestController) Controller() *Controller

Controller returns the underlying controller

func (*TestController) DbConn

func (tc *TestController) DbConn() *db.DB

func (*TestController) IamRepo

func (tc *TestController) IamRepo() *iam.Repository

func (*TestController) Kms

func (tc *TestController) Kms() *kms.Kms

func (*TestController) Logger

func (tc *TestController) Logger() hclog.Logger

func (*TestController) Name

func (tc *TestController) Name() string

func (*TestController) PluginHostRepo added in v0.12.1

func (tc *TestController) PluginHostRepo() *plugin.Repository

func (*TestController) Scheduler added in v0.12.1

func (tc *TestController) Scheduler() *scheduler.Scheduler

func (*TestController) Server

func (tc *TestController) Server() *base.Server

Server returns the underlying base server

func (*TestController) ServersRepo

func (tc *TestController) ServersRepo() *server.Repository

func (*TestController) Shutdown

func (tc *TestController) Shutdown()

Shutdown runs any cleanup functions; be sure to run this after your test is done

func (*TestController) Token

func (tc *TestController) Token() *authtokens.AuthToken

func (*TestController) UnprivilegedToken

func (tc *TestController) UnprivilegedToken() *authtokens.AuthToken

func (*TestController) VaultCredentialRepo added in v0.12.1

func (tc *TestController) VaultCredentialRepo() *vault.Repository

func (*TestController) WaitForNextWorkerStatusUpdate

func (tc *TestController) WaitForNextWorkerStatusUpdate(workerStatusName string) error

WaitForNextWorkerStatusUpdate waits for the next status check from a worker to come in. If it does not come in within the default status grace period, this function returns an error.

type TestControllerOpts

type TestControllerOpts struct {
	// ConfigHcl is the HCL to be parsed to generate the initial config.
	// Overrides Config if both are set.
	ConfigHcl string

	// Config; if not provided a dev one will be created, unless ConfigHcl is
	// set.
	Config *config.Config

	// DefaultPasswordAuthMethodId is the default password method ID to use, if set.
	DefaultPasswordAuthMethodId string

	// DefaultOidcAuthMethodId is the default OIDC method ID to use, if set.
	DefaultOidcAuthMethodId string

	// DefaultLdapAuthMethodId is the default LDAP method ID to use, if set.
	DefaultLdapAuthMethodId string

	// DefaultLoginName is the login name used when creating the default admin account.
	DefaultLoginName string

	// DefaultUnprivilegedLoginName is the login name used when creating the default unprivileged account.
	DefaultUnprivilegedLoginName string

	// DefaultPassword is the password used when creating the default accounts.
	DefaultPassword string

	// DisableInitialLoginRoleCreation can be set true to disable creating the
	// global scope login role automatically.
	DisableInitialLoginRoleCreation bool

	// DisableAuthMethodCreation can be set true to disable creating an auth
	// method automatically.
	DisableAuthMethodCreation bool

	// DisableOidcAuthMethodCreation can be set true to disable the built-in
	// OIDC listener. Useful for e.g. unix listener tests.
	DisableOidcAuthMethodCreation bool

	// DisableLdapAuthMethodCreation can be set true to disable the built-in
	// ldap listener. Useful for e.g. unix listener tests.
	DisableLdapAuthMethodCreation bool

	// DisableScopesCreation can be set true to disable creating scopes
	// automatically.
	DisableScopesCreation bool

	// DisableHostResourcesCreation can be set true to disable creating a host
	// catalog and related resources automatically.
	DisableHostResourcesCreation bool

	// DisableTargetCreation can be set true to disable creating a target
	// automatically.
	DisableTargetCreation bool

	// DisableDatabaseCreation can be set true to disable creating a dev
	// database
	DisableDatabaseCreation bool

	// DisableDatabaseDestruction can be set true to allow a database to be
	// created but examined after-the-fact
	DisableDatabaseDestruction bool

	// DatabaseUrl will cause the test controller to connect to an existing
	// database given the url instead of creating a new one
	DatabaseUrl string

	// DisableDatabaseTemplate forces using a fresh Postgres instance in Docker
	// instead of using a local templated version. Useful for CI of external
	// repos, like Terraform.
	DisableDatabaseTemplate bool

	// If true, the controller will not be started
	DisableAutoStart bool

	// EnableEventing, if true the test controller will create sys and error
	// events. You must not run the test in parallel (no calls to t.Parallel)
	// since the this option relies on modifying the system wide default
	// eventer.
	EnableEventing bool

	// DisableAuthorizationFailures will still cause authz checks to be
	// performed but they won't cause 403 Forbidden. Useful for API-level
	// testing to avoid a lot of faff.
	DisableAuthorizationFailures bool

	// The controller KMS to use, or one will be created
	RootKms wrapping.Wrapper

	// The worker auth KMS to use, or one will be created
	WorkerAuthKms wrapping.Wrapper

	// The downstream worker auth KMS to use, or one will be created
	DownstreamWorkerAuthKms *multi.PooledWrapper

	// The BSR wrapper to use, or one will be created
	BsrKms wrapping.Wrapper

	// The recovery KMS to use, or one will be created
	RecoveryKms wrapping.Wrapper

	// Disables KMS key creation. Only valid when a database url is specified,
	// at the moment.
	DisableKmsKeyCreation bool

	// The name to use for the controller, otherwise one will be randomly
	// generated, unless provided in a non-nil Config
	Name string

	// The suffix to use for initial resources
	InitialResourcesSuffix string

	// The logger to use, or one will be created
	Logger hclog.Logger

	// The registerer to use for registering all the collectors.  Nil means
	// no metrics are registered.
	PrometheusRegisterer prometheus.Registerer

	// A cluster address for overriding the advertised controller listener
	// (overrides address provided in config, if any)
	PublicClusterAddr string

	// The amount of time to wait before marking connections as canceling when a
	// worker has not reported in
	WorkerStatusGracePeriodDuration time.Duration

	// The period of time after which it will consider other controllers to be
	// no longer accessible, based on time since their last status update in the
	// database
	LivenessTimeToStaleDuration time.Duration

	// The amount of time between the scheduler waking up to run it's registered
	// jobs.
	SchedulerRunJobInterval time.Duration

	// The time to use for CA certificate lifetime for worker auth
	WorkerAuthCaCertificateLifetime time.Duration

	// Toggle worker auth debugging
	WorkerAuthDebuggingEnabled *atomic.Bool
}

Directories

Path Synopsis
Package common contains types and helper functions that are used across the different packages under internal/server/controller.
Package common contains types and helper functions that are used across the different packages under internal/server/controller.
internal
metric
Package metric provides functions to initialize the controller specific collectors and hooks to measure metrics and update the relevant collectors.
Package metric provides functions to initialize the controller specific collectors and hooks to measure metrics and update the relevant collectors.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL