session

package
v0.13.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 14, 2023 License: MPL-2.0 Imports: 46 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// StatePrefix for state PK ids
	StatePrefix = "ss"

	// ConnectionPrefix for connection PK ids
	ConnectionPrefix = "sc"

	// ConnectionStatePrefix for connection state PK ids
	ConnectionStatePrefix = "scs"
)

Variables

This section is empty.

Functions

func AuthorizeConnection added in v0.7.6

func AuthorizeConnection(ctx context.Context, sessionRepoFn *Repository, connectionRepoFn *ConnectionRepository,
	sessionId, workerId string, opt ...Option,
) (*Connection, []*ConnectionState, *AuthzSummary, error)

AuthorizeConnection is a domain service function that will create a Connection for a session if the following criteria are met: * The session is active. * The session is not expired. * The session has not reached its connection limit or has a connection limit of -1. If any of these criteria is not met, it returns an error with Code InvalidSessionState.

func CloseConnections added in v0.7.6

func CloseConnections(ctx context.Context, sessionRepoFn *Repository, connectionRepoFn *ConnectionRepository,
	closeWiths []CloseWith,
) ([]closeConnectionResp, error)

CloseConnections is a domain service function that: * closes requested connections * uses the sessionId of the connection to see if the session meets conditions for termination

func DeriveED25519Key

func DeriveED25519Key(ctx context.Context, wrapper wrapping.Wrapper, userId, jobId string) (ed25519.PublicKey, ed25519.PrivateKey, error)

DeriveED25519Key generates a key based on the project's session DEK, the requesting user, and the generated job ID.

func RegisterJobs added in v0.9.0

func RegisterJobs(ctx context.Context, scheduler *scheduler.Scheduler, w db.Writer, r db.Reader, k *kms.Kms, gracePeriod *atomic.Int64) error

RegisterJobs registers session related jobs with the provided scheduler.

func TestCert

func TestCert(jobId string) (ed25519.PrivateKey, []byte, error)

TestCert is a temporary test func that intentionally doesn't take testing.T as a parameter. It's currently used in controller.jobTestingHandler() and should be deprecated once that function is refactored to use sessions properly.

func TestSessionHostSetHost added in v0.12.0

func TestSessionHostSetHost(t testing.TB, conn *db.DB, sessionId, hostSetId, hostId string)

TestSessionHostSetHost creates a test session to host set host association for the sessionId in the repository.

func TestSessionTargetAddress added in v0.12.0

func TestSessionTargetAddress(t testing.TB, conn *db.DB, sessionId, targetId string)

TestSessionTargetAddress creates a test session to target address association for the sessionId in the repository.

func TestTofu

func TestTofu(t testing.TB) []byte

TestTofu will create a test "trust on first use" token

Types

type AuthzSummary added in v0.7.6

type AuthzSummary struct {
	ExpirationTime         *timestamp.Timestamp
	ConnectionLimit        int32
	CurrentConnectionCount uint32
	EgressWorkerFilter     string
	IngressWorkerFilter    string
}

type Cloneable

type Cloneable interface {
	Clone() any
}

Clonable provides a cloning interface

type CloseWith

type CloseWith struct {
	ConnectionId string
	BytesUp      int64
	BytesDown    int64
	ClosedReason ClosedReason
}

CloseWith defines the boundary data that is saved in the repo when the worker closes a connection between the client and the endpoint.

type ClosedReason

type ClosedReason string

ClosedReason of the connection

const (
	UnknownReason          ClosedReason = "unknown"
	ConnectionTimedOut     ClosedReason = "timed out"
	ConnectionClosedByUser ClosedReason = "closed by end-user"
	ConnectionCanceled     ClosedReason = "canceled"
	ConnectionNetworkError ClosedReason = "network error"
	ConnectionSystemError  ClosedReason = "system error"
)

func (ClosedReason) String

func (r ClosedReason) String() string

String representation of the termination reason

type ComposedOf

type ComposedOf struct {
	// UserId of the session
	UserId string
	// HostId of the session
	HostId string
	// TargetId of the session
	TargetId string
	// HostSetId of the session
	HostSetId string
	// AuthTokenId of the session
	AuthTokenId string
	// ProjectId of the session
	ProjectId string
	// Endpoint. This is generated by the target, but is not stored in the
	// warehouse as the worker may need to e.g. resolve DNS. This is to round
	// trip the information to the worker when it validates a session.
	Endpoint string
	// Expiration time for the session
	ExpirationTime *timestamp.Timestamp
	// Max connections for the session
	ConnectionLimit int32
	// Ingress and egress worker filters. Active filters when the session was created, used to
	// validate the session via the same set of rules at consumption time as
	// existed at creation time. Round tripping it through here saves a lookup
	// in the DB. It is not stored in the warehouse.
	WorkerFilter        string
	EgressWorkerFilter  string
	IngressWorkerFilter string
	// DynamicCredentials are dynamic credentials that will be retrieved
	// for the session. DynamicCredentials optional.
	DynamicCredentials []*DynamicCredential
	// StaticCredentials are static credentials that will be retrieved
	// for the session. StaticCredentials optional.
	StaticCredentials []*StaticCredential
	// Which worker is performing protocol-related tasks
	ProtocolWorkerId string
}

ComposedOf defines the boundary data that is referenced to compose a session.

func TestSessionParams

func TestSessionParams(t testing.TB, conn *db.DB, wrapper wrapping.Wrapper, iamRepo *iam.Repository) ComposedOf

TestSessionParams returns an initialized ComposedOf which can be used to create a session in the repository.

func TestSessionTargetAddressParams added in v0.12.0

func TestSessionTargetAddressParams(t testing.TB, conn *db.DB, wrapper wrapping.Wrapper, iamRepo *iam.Repository) ComposedOf

type ConnectWith

type ConnectWith struct {
	ConnectionId       string
	ClientTcpAddress   string
	ClientTcpPort      uint32
	EndpointTcpAddress string
	EndpointTcpPort    uint32
	UserClientIp       string
}

ConnectWith defines the boundary data that is saved in the repo when the worker has established a connection between the client and the endpoint.

type Connection

type Connection struct {
	// PublicId is used to access the connection via an API
	PublicId string `json:"public_id,omitempty" gorm:"primary_key"`
	// SessionId of the connection
	SessionId string `json:"session_id,omitempty" gorm:"default:null"`
	// ClientTcpAddress of the connection
	ClientTcpAddress string `json:"client_tcp_address,omitempty" gorm:"default:null"`
	// ClientTcpPort of the connection
	ClientTcpPort uint32 `json:"client_tcp_port,omitempty" gorm:"default:null"`
	// UserClientIp is the user's client IP
	UserClientIp string `json:"user_client_ip,omitempty" gorm:"default:null"`
	// EndpointTcpAddress of the connection
	EndpointTcpAddress string `json:"endpoint_tcp_address,omitempty" gorm:"default:null"`
	// EndpointTcpPort of the connection
	EndpointTcpPort uint32 `json:"endpoint_tcp_port,omitempty" gorm:"default:null"`
	// BytesUp of the connection
	BytesUp int64 `json:"bytes_up,omitempty" gorm:"default:null"`
	// BytesDown of the connection
	BytesDown int64 `json:"bytes_down,omitempty" gorm:"default:null"`
	// ClosedReason of the connection
	ClosedReason string `json:"closed_reason,omitempty" gorm:"default:null"`
	// CreateTime from the RDBMS
	CreateTime *timestamp.Timestamp `json:"create_time,omitempty" gorm:"default:current_timestamp"`
	// UpdateTime from the RDBMS
	UpdateTime *timestamp.Timestamp `json:"update_time,omitempty" gorm:"default:current_timestamp"`
	// Version of the connection
	Version uint32 `json:"version,omitempty" gorm:"default:null"`
	// contains filtered or unexported fields
}

Connection contains information about session's connection to a target

func AllocConnection

func AllocConnection() Connection

AllocConnection will allocate a Connection.

func NewConnection

func NewConnection(ctx context.Context, sessionID, clientTcpAddress string, clientTcpPort uint32, endpointTcpAddr string, endpointTcpPort uint32, userClientIp string, _ ...Option) (*Connection, error)

NewConnection creates a new in memory connection. No options are currently supported.

func TestConnection

func TestConnection(t testing.TB, conn *db.DB, sessionId, clientTcpAddr string, clientTcpPort uint32, endpointTcpAddr string, endpointTcpPort uint32, userClientIp string) *Connection

TestConnection creates a test connection for the sessionId in the repository.

func (*Connection) Clone

func (c *Connection) Clone() any

Clone creates a clone of the Connection.

func (*Connection) GetPublicId

func (c *Connection) GetPublicId() string

func (*Connection) SetTableName

func (c *Connection) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*Connection) TableName

func (c *Connection) TableName() string

TableName returns the tablename to override the default gorm table name

func (*Connection) VetForWrite

func (c *Connection) VetForWrite(ctx context.Context, _ db.Reader, opType db.OpType, opt ...db.Option) error

VetForWrite implements db.VetForWrite() interface and validates the connection before it's written.

type ConnectionRepository added in v0.7.6

type ConnectionRepository struct {
	// contains filtered or unexported fields
}

ConnectionRepository is the session connection database repository.

func NewConnectionRepository added in v0.7.6

func NewConnectionRepository(ctx context.Context, r db.Reader, w db.Writer, kms *kms.Kms, opt ...Option) (*ConnectionRepository, error)

NewConnectionRepository creates a new session Connection Repository. Supports the options: WithLimit which sets a default limit on results returned by repo operations.

func (*ConnectionRepository) AuthorizeConnection added in v0.7.6

func (r *ConnectionRepository) AuthorizeConnection(ctx context.Context, sessionId, workerId string) (*Connection, []*ConnectionState, error)

AuthorizeConnection will check to see if a connection is allowed. Currently, that authorization checks: * the hasn't expired based on the session.Expiration * number of connections already created is less than session.ConnectionLimit If authorization is success, it creates/stores a new connection in the repo and returns it, along with its states. If the authorization fails, it an error with Code InvalidSessionState.

func (*ConnectionRepository) ConnectConnection added in v0.7.6

func (r *ConnectionRepository) ConnectConnection(ctx context.Context, c ConnectWith) (*Connection, []*ConnectionState, error)

ConnectConnection updates a connection in the repo with a state of "connected".

func (*ConnectionRepository) DeleteConnection added in v0.7.6

func (r *ConnectionRepository) DeleteConnection(ctx context.Context, publicId string, _ ...Option) (int, error)

DeleteConnection will delete a connection from the repository.

func (*ConnectionRepository) ListConnectionsBySessionId added in v0.7.6

func (r *ConnectionRepository) ListConnectionsBySessionId(ctx context.Context, sessionId string, opt ...Option) ([]*Connection, error)

ListConnectionsBySessionId will list connections by session ID. Supports the WithLimit and WithOrder options.

func (*ConnectionRepository) LookupConnection added in v0.7.6

func (r *ConnectionRepository) LookupConnection(ctx context.Context, connectionId string, _ ...Option) (*Connection, []*ConnectionState, error)

LookupConnection will look up a connection in the repository and return the connection with its states. If the connection is not found, it will return nil, nil, nil. No options are currently supported.

type ConnectionState

type ConnectionState struct {
	// ConnectionId is used to access the state via an API
	ConnectionId string `json:"public_id,omitempty" gorm:"primary_key"`
	// status of the connection
	Status ConnectionStatus `protobuf:"bytes,20,opt,name=status,proto3" json:"status,omitempty" gorm:"column:state"`
	// PreviousEndTime from the RDBMS
	PreviousEndTime *timestamp.Timestamp `json:"previous_end_time,omitempty" gorm:"default:current_timestamp"`
	// StartTime from the RDBMS
	StartTime *timestamp.Timestamp `json:"start_time,omitempty" gorm:"default:current_timestamp;primary_key"`
	// EndTime from the RDBMS
	EndTime *timestamp.Timestamp `json:"end_time,omitempty" gorm:"default:current_timestamp"`
	// contains filtered or unexported fields
}

ConnectionState of the state of the connection

func NewConnectionState

func NewConnectionState(ctx context.Context, connectionId string, state ConnectionStatus, _ ...Option) (*ConnectionState, error)

NewConnectionState creates a new in memory connection state. No options are currently supported.

func TestConnectionState

func TestConnectionState(t testing.TB, conn *db.DB, connectionId string, state ConnectionStatus) *ConnectionState

TestConnectionState creates a test connection state for the connectionId in the repository.

func (*ConnectionState) Clone

func (s *ConnectionState) Clone() any

Clone creates a clone of the State

func (*ConnectionState) SetTableName

func (s *ConnectionState) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*ConnectionState) TableName

func (s *ConnectionState) TableName() string

TableName returns the tablename to override the default gorm table name

func (*ConnectionState) VetForWrite

func (s *ConnectionState) VetForWrite(ctx context.Context, _ db.Reader, _ db.OpType, _ ...db.Option) error

VetForWrite implements db.VetForWrite() interface and validates the state before it's written.

type ConnectionStatus

type ConnectionStatus string

ConnectionStatus of the connection's state

const (
	StatusAuthorized  ConnectionStatus = "authorized"
	StatusConnected   ConnectionStatus = "connected"
	StatusClosed      ConnectionStatus = "closed"
	StatusUnspecified ConnectionStatus = "unspecified" // Utility state not valid in the DB
)

func ConnectionStatusFromProtoVal added in v0.4.0

func ConnectionStatusFromProtoVal(s workerpbs.CONNECTIONSTATUS) ConnectionStatus

ConnectionStatusFromProtoVal is the reverse of ConnectionStatus.ProtoVal.

func (ConnectionStatus) ProtoVal

ProtoVal returns the enum value corresponding to the state

func (ConnectionStatus) String

func (s ConnectionStatus) String() string

String representation of the state's status

type Credential added in v0.7.4

type Credential []byte

Credential represents the credential data which is sent to the worker.

type DynamicCredential added in v0.4.0

type DynamicCredential struct {
	SessionId         string `json:"session_id,omitempty" gorm:"primary_key"`
	LibraryId         string `json:"library_id,omitempty" gorm:"primary_key"`
	CredentialPurpose string `json:"credential_purpose,omitempty" gorm:"primary_key"`
	CredentialId      string `json:"credential_id,omitempty" gorm:"default:null"`
	// contains filtered or unexported fields
}

A DynamicCredential represents the relationship between a session, a credential, and the credential library where the credential was retrieved plus the purpose of the credential.

func NewDynamicCredential added in v0.4.0

func NewDynamicCredential(libraryId string, purpose cred.Purpose) *DynamicCredential

NewDynamicCredential creates a new in memory Credential representing the relationship between session and a credential library.

func (*DynamicCredential) SetTableName added in v0.4.0

func (c *DynamicCredential) SetTableName(n string)

SetTableName sets the table name.

func (*DynamicCredential) TableName added in v0.4.0

func (c *DynamicCredential) TableName() string

TableName returns the table name.

type Option

type Option func(*options)

Option - how Options are passed as arguments

func WithDbOpts added in v0.2.2

func WithDbOpts(opts ...db.Option) Option

WithDbOpts passes through given DB options to the DB layer

func WithExpirationTime

func WithExpirationTime(exp *timestamp.Timestamp) Option

WithExpirationTime allows specifying an expiration time for the session

func WithIgnoreDecryptionFailures added in v0.11.1

func WithIgnoreDecryptionFailures(ignoreFailures bool) Option

WithIgnoreDecryptionFailures is used to ignore decryption failures when doing lookups. This should be used sparingly. It is currently only used to allow a user to cancel a session in the presence of a undecryptable TOFU token.

func WithLimit

func WithLimit(limit int) Option

WithLimit provides an option to provide a limit. Intentionally allowing negative integers. If WithLimit < 0, then unlimited results are returned. If WithLimit == 0, then default limits are used for results.

func WithOrderByCreateTime added in v0.2.0

func WithOrderByCreateTime(orderBy db.OrderBy) Option

WithOrderByCreateTime provides an option to specify ordering by the CreateTime field.

func WithPermissions added in v0.10.4

func WithPermissions(p *perms.UserPermissions) Option

WithPermissions is used to include user permissions when constructing a Repository.

func WithProjectIds added in v0.10.2

func WithProjectIds(projectIds []string) Option

WithProjectIds allows specifying a project ID criteria for the function.

func WithRandomReader added in v0.11.1

func WithRandomReader(rand io.Reader) Option

WithRandomReader is used to configure the random source to use when generating secrets. Defaults to crypto/rand.Reader.

func WithSessionIds

func WithSessionIds(ids ...string) Option

WithSessionIds allows the specification of the session ids to use for the operation.

func WithTerminated added in v0.9.0

func WithTerminated(withTerminated bool) Option

WithTerminated is used to include terminated sessions in a list request.

func WithTestTofu

func WithTestTofu(tofu []byte) Option

WithTestTofu allows specifying a test tofu for a test session

func WithUserId

func WithUserId(userId string) Option

WithUserId allows specifying a user ID criteria for the function.

func WithWorkerStateDelay added in v0.7.6

func WithWorkerStateDelay(d time.Duration) Option

WithWorkerStateDelay is used by queries to account for a delay in state propagation between worker and controller.

type Repository

type Repository struct {
	// contains filtered or unexported fields
}

Repository is the session database repository

func NewRepository

func NewRepository(ctx context.Context, r db.Reader, w db.Writer, kms *kms.Kms, opt ...Option) (*Repository, error)

NewRepository creates a new session Repository. Supports the options:

  • WithLimit, which sets a default limit on results returned by repo operations.
  • WithPermissions
  • WithRandomReader

func (*Repository) ActivateSession

func (r *Repository) ActivateSession(ctx context.Context, sessionId string, sessionVersion uint32, tofuToken []byte) (*Session, []*State, error)

ActivateSession will activate the session and is called by a worker after authenticating the session. The session must be in a "pending" state to be activated. States are ordered by start time descending. Returns an InvalidSessionState error code if a connection cannot be made because the session was canceled or terminated. If ActivateSession receives duplicate requests for the same session, it will return the already active session if the tofu token is correct

func (*Repository) AddSessionCredentials added in v0.7.4

func (r *Repository) AddSessionCredentials(ctx context.Context, sessProjectId, sessionId string, credData []Credential, _ ...Option) error

AddSessionCredentials encrypts the credData and adds the credentials to the repository. The credentials are linked to the sessionID provided, and encrypted using the sessProjectId. Session credentials are only valid for pending and active sessions, once a session ends, all session credentials are deleted. All options are ignored.

func (*Repository) CancelSession

func (r *Repository) CancelSession(ctx context.Context, sessionId string, sessionVersion uint32, opt ...Option) (*Session, error)

CancelSession sets a session's state to "canceling" in the repo. It's called when the user cancels a session and the controller wants to update the session state to "canceling" for the given reason, so the workers can get the "canceling signal" during their next status heartbeat. CancelSession is idempotent. Supported Options:

  • WithIgnoreDecryptionFailures

func (*Repository) CheckIfNotActive added in v0.13.0

func (r *Repository) CheckIfNotActive(ctx context.Context, reportedSessions []string) ([]*StateReport, error)

CheckIfNotActive checks the given sessions to see if they are in a non-active state, i.e. "canceling" or "terminated" It returns a *StateReport object for each session that is not active, with its current status.

func (*Repository) CreateSession

func (r *Repository) CreateSession(ctx context.Context, sessionWrapper wrapping.Wrapper, newSession *Session, workerAddresses []string, _ ...Option) (*Session, error)

CreateSession inserts into the repository and returns the new Session with its State of "Pending". The following fields must be empty when creating a session: WorkerId, and PublicId. No options are currently supported.

func (*Repository) DeleteSession

func (r *Repository) DeleteSession(ctx context.Context, publicId string, _ ...Option) (int, error)

DeleteSession will delete a session from the repository.

func (*Repository) ListSessionCredentials added in v0.7.4

func (r *Repository) ListSessionCredentials(ctx context.Context, sessProjectId, sessionId string, _ ...Option) ([]Credential, error)

ListSessionCredentials returns all Credential attached to the sessionId. All options are ignored.

func (*Repository) ListSessions

func (r *Repository) ListSessions(ctx context.Context, opt ...Option) ([]*Session, error)

ListSessions lists sessions. Sessions returned will be limited by the list permissions of the repository. Supports the WithTerminated, WithLimit, WithOrderByCreateTime options.

func (*Repository) LookupSession

func (r *Repository) LookupSession(ctx context.Context, sessionId string, opt ...Option) (*Session, *AuthzSummary, error)

LookupSession will look up a session in the repository and return the session with its states. Returned States are ordered by start time descending. If the session is not found, it will return nil, nil, nil. If the session has no user or project associated with it, decryption of fields will not be performed. Supported Options:

  • WithIgnoreDecryptionFailures

func (*Repository) TerminateCompletedSessions

func (r *Repository) TerminateCompletedSessions(ctx context.Context) (int, error)

TerminateCompletedSessions will terminate sessions in the repo based on:

  • sessions that have exhausted their connection limit and all their connections are closed.
  • sessions that are expired and all their connections are closed.
  • sessions that are canceling and all their connections are closed

This function should called on a periodic basis a Controllers via it's "ticker" pattern.

type RepositoryFactory added in v0.10.4

type RepositoryFactory func(opt ...Option) (*Repository, error)

RepositoryFactory is a function that creates a Repository.

type Session

type Session struct {
	// PublicId is used to access the session via an API
	PublicId string `json:"public_id,omitempty" gorm:"primary_key"`
	// UserId for the session
	UserId string `json:"user_id,omitempty" gorm:"default:null"`
	// TargetId for the session
	TargetId string `json:"target_id,omitempty" gorm:"default:null"`
	// AuthTokenId for the session
	AuthTokenId string `json:"auth_token_id,omitempty" gorm:"default:null"`
	// ProjectId for the session
	ProjectId string `json:"project_id,omitempty" gorm:"default:null"`
	// Certificate to use when connecting (or if using custom certs, to
	// serve as the "login"). Raw DER bytes.
	Certificate []byte `json:"certificate,omitempty" gorm:"default:null"`
	// CtCertificatePrivateKey is the ciphertext certificate private key which is stored in the database
	CtCertificatePrivateKey []byte `` /* 132-byte string literal not displayed */
	// CertificatePrivateKey is the certificate private key in plaintext.
	// This may not be set for some sessions, in which case the private
	// key should be derived from the encryption key referenced in key_id.
	CertificatePrivateKey []byte `json:"certificate_private_key,omitempty" gorm:"-" wrapping:"pt,certificate_private_key"`
	// ExpirationTime - after this time the connection will be expired, e.g. forcefully terminated
	ExpirationTime *timestamp.Timestamp `json:"expiration_time,omitempty" gorm:"default:null"`
	// CtTofuToken is the ciphertext Tofutoken value stored in the database
	CtTofuToken []byte `json:"ct_tofu_token,omitempty" gorm:"column:tofu_token;default:null" wrapping:"ct,tofu_token"`
	// TofuToken - plain text of the "trust on first use" token for session
	TofuToken []byte `json:"tofu_token,omitempty" gorm:"-" wrapping:"pt,tofu_token"`
	// termination_reason for the session
	TerminationReason string `json:"termination_reason,omitempty" gorm:"default:null"`
	// CreateTime from the RDBMS
	CreateTime *timestamp.Timestamp `json:"create_time,omitempty" gorm:"default:current_timestamp"`
	// UpdateTime from the RDBMS
	UpdateTime *timestamp.Timestamp `json:"update_time,omitempty" gorm:"default:current_timestamp"`
	// Version for the session
	Version uint32 `json:"version,omitempty" gorm:"default:null"`
	// Endpoint
	Endpoint string `json:"-" gorm:"default:null"`
	// Maximum number of connections in a session
	ConnectionLimit int32 `json:"connection_limit,omitempty" gorm:"default:null"`

	// Worker filters
	WorkerFilter        string `json:"-" gorm:"default:null"`
	EgressWorkerFilter  string `json:"-" gorm:"default:null"`
	IngressWorkerFilter string `json:"-" gorm:"default:null"`

	// key_id is the ID of the key version used to encrypt any fields in this struct
	KeyId string `json:"key_id,omitempty" gorm:"default:null"`

	// States for the session which are for read only and are ignored during
	// write operations
	States []*State `gorm:"-"`

	// DynamicCredentials for the session.
	DynamicCredentials []*DynamicCredential `gorm:"-"`

	// StaticCredentials for the session.
	StaticCredentials []*StaticCredential `gorm:"-"`

	// HostSetId for the session
	HostSetId string `gorm:"-"`

	// HostId of the session
	HostId string `gorm:"-"`

	// ProtocolWorkerId of the session
	ProtocolWorkerId string `gorm:"-"`

	// Connections for the session are for read only and are ignored during write operations
	Connections []*Connection `gorm:"-"`
	// contains filtered or unexported fields
}

Session contains information about a user's session with a target

func AllocSession

func AllocSession() Session

AllocSession will allocate a Session

func New

func New(ctx context.Context, c ComposedOf, _ ...Option) (*Session, error)

New creates a new in memory session.

func TestDefaultSession

func TestDefaultSession(t testing.TB, conn *db.DB, wrapper wrapping.Wrapper, iamRepo *iam.Repository, opt ...Option) *Session

TestDefaultSession creates a test session in the repository using defaults.

func TestSession

func TestSession(t testing.TB, conn *db.DB, rootWrapper wrapping.Wrapper, c ComposedOf, opt ...Option) *Session

TestSession creates a test session composed of c in the repository. Options are passed into New, and withServerId is handled locally.

func TestSessionWithTargetAddress added in v0.12.0

func TestSessionWithTargetAddress(t testing.TB, conn *db.DB, wrapper wrapping.Wrapper, iamRepo *iam.Repository, opt ...Option) *Session

func (*Session) Clone

func (s *Session) Clone() any

Clone creates a clone of the Session

func (Session) GetProjectId added in v0.10.2

func (s Session) GetProjectId() string

func (Session) GetPublicId

func (s Session) GetPublicId() string

func (Session) GetUserId added in v0.8.0

func (s Session) GetUserId() string

func (*Session) SetTableName

func (s *Session) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*Session) TableName

func (s *Session) TableName() string

TableName returns the tablename to override the default gorm table name

func (*Session) VetForWrite

func (s *Session) VetForWrite(ctx context.Context, _ db.Reader, opType db.OpType, opt ...db.Option) error

VetForWrite implements db.VetForWrite() interface and validates the session before it's written.

type SessionHostSetHost added in v0.12.0

type SessionHostSetHost struct {
	// SessionId of the session
	SessionId string `json:"session_id,omitempty" gorm:"primary_key"`
	// HostSetId of the session
	HostSetId string `json:"host_set_id,omitempty" gorm:"default:null"`
	// HostId of the session
	HostId string `json:"host_id,omitempty" gorm:"default:null"`
	// contains filtered or unexported fields
}

SessionHostSetHost contains information about a user's session with a target that has a host source association.

func AllocSessionHostSetHost added in v0.12.0

func AllocSessionHostSetHost() *SessionHostSetHost

AllocSessionHostSet will allocate a SessionHostSetHost

func NewSessionHostSetHost added in v0.12.0

func NewSessionHostSetHost(ctx context.Context, sessionId, hostSetId, hostId string) (*SessionHostSetHost, error)

NewSessionHostSetHost creates a new in memory session to host set & host association.

func (*SessionHostSetHost) Clone added in v0.12.0

func (s *SessionHostSetHost) Clone() any

Clone creates a clone of the SessionHostSetHost

func (*SessionHostSetHost) SetTableName added in v0.12.0

func (s *SessionHostSetHost) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*SessionHostSetHost) TableName added in v0.12.0

func (s *SessionHostSetHost) TableName() string

TableName returns the tablename to override the default gorm table name

type SessionTargetAddress added in v0.12.0

type SessionTargetAddress struct {
	// SessionId of the session
	SessionId string `json:"session_id,omitempty" gorm:"primary_key"`
	// TargetId of the session
	TargetId string `json:"target_id,omitempty" gorm:"default:null"`
	// contains filtered or unexported fields
}

SessionTargetAddress contains information about a user's session with a target that has a direct network address association.

func AllocSessionTargetAddress added in v0.12.0

func AllocSessionTargetAddress() *SessionTargetAddress

AllocSessionTargetAddress will allocate a SessionTargetAddress

func NewSessionTargetAddress added in v0.12.0

func NewSessionTargetAddress(ctx context.Context, sessionId, targetId string) (*SessionTargetAddress, error)

NewSessionTargetAddress creates a new in memory session target address.

func (*SessionTargetAddress) Clone added in v0.12.0

func (s *SessionTargetAddress) Clone() any

Clone creates a clone of the SessionTargetAddress

func (*SessionTargetAddress) SetTableName added in v0.12.0

func (s *SessionTargetAddress) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*SessionTargetAddress) TableName added in v0.12.0

func (s *SessionTargetAddress) TableName() string

TableName returns the tablename to override the default gorm table name

type SessionWorkerProtocol added in v0.13.0

type SessionWorkerProtocol struct {
	// SessionId of the session
	SessionId string `json:"session_id,omitempty" gorm:"primary_key"`
	// WorkerId chosen for protocol tasks
	WorkerId string `json:"worker_id,omitempty" gorm:"primary_key"`
	// contains filtered or unexported fields
}

SessionWorkerProtocol contains information about a chosen protocol-aware worker for a session

func AllocSessionWorkerProtocol added in v0.13.0

func AllocSessionWorkerProtocol() *SessionWorkerProtocol

AllocSessionWorkerProtocol will allocate a SessionHostSetHost

func NewSessionWorkerProtocol added in v0.13.0

func NewSessionWorkerProtocol(ctx context.Context, sessionId, workerId string) (*SessionWorkerProtocol, error)

NewSessionWorkerProtocol creates a new in-memory session to protocol worker association

func (*SessionWorkerProtocol) Clone added in v0.13.0

func (s *SessionWorkerProtocol) Clone() any

Clone creates a clone of the SessionWorkerProtocol

func (*SessionWorkerProtocol) SetTableName added in v0.13.0

func (s *SessionWorkerProtocol) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*SessionWorkerProtocol) TableName added in v0.13.0

func (s *SessionWorkerProtocol) TableName() string

TableName returns the tablename to override the default gorm table name

type State

type State struct {
	// SessionId references the session public id
	SessionId string `json:"session_id,omitempty" gorm:"primary_key"`
	// status of the session
	Status Status `json:"status,omitempty" gorm:"column:state"`
	// PreviousEndTime from the RDBMS
	PreviousEndTime *timestamp.Timestamp `json:"previous_end_time,omitempty" gorm:"default:current_timestamp"`
	// StartTime from the RDBMS
	StartTime *timestamp.Timestamp `json:"start_time,omitempty" gorm:"default:current_timestamp;primary_key"`
	// EndTime from the RDBMS
	EndTime *timestamp.Timestamp `json:"end_time,omitempty" gorm:"default:current_timestamp"`
	// contains filtered or unexported fields
}

State of the session

func NewState

func NewState(ctx context.Context, session_id string, state Status, _ ...Option) (*State, error)

NewState creates a new in memory session state. No options are currently supported.

func TestState

func TestState(t testing.TB, conn *db.DB, sessionId string, state Status) *State

TestState creates a test state for the sessionId in the repository.

func (*State) Clone

func (s *State) Clone() any

Clone creates a clone of the State

func (*State) SetTableName

func (s *State) SetTableName(n string)

SetTableName sets the tablename and satisfies the ReplayableMessage interface. If the caller attempts to set the name to "" the name will be reset to the default name.

func (*State) TableName

func (s *State) TableName() string

TableName returns the tablename to override the default gorm table name

func (*State) VetForWrite

func (s *State) VetForWrite(ctx context.Context, _ db.Reader, _ db.OpType, _ ...db.Option) error

VetForWrite implements db.VetForWrite() interface and validates the state before it's written.

type StateReport added in v0.7.6

type StateReport struct {
	SessionId   string
	Status      Status
	Connections []*Connection
	// Unrecognized indicates that the SessionId was not found in the database.
	Unrecognized bool
}

StateReport is used to report on the state of a Session.

func WorkerStatusReport added in v0.7.6

func WorkerStatusReport(ctx context.Context, repo *Repository, connRepo *ConnectionRepository, workerId string, report []*StateReport) ([]*StateReport, error)

WorkerStatusReport is a domain service function that, given a Worker's session state reports, performs a few tasks:

  1. Updates the bytes up and down statistics for each reported connection.
  2. Compares the state of sessions and connections as reported by a Worker, to the known state in the repositories. It returns a StateReport object for each session that is in the canceling or terminated state.
  3. Checks for any orphaned connections, which is defined as a connection that is in an active state, but was not reported by worker. Any orphaned connections will be marked as closed.

type StaticCredential added in v0.9.0

type StaticCredential struct {
	SessionId          string `json:"session_id,omitempty" gorm:"primary_key"`
	CredentialPurpose  string `json:"credential_purpose,omitempty" gorm:"primary_key"`
	CredentialStaticId string `json:"credential_id,omitempty" gorm:"default:null"`
	// contains filtered or unexported fields
}

A StaticCredential represents the relationship between a session, a credential and the purpose of the credential.

func NewStaticCredential added in v0.9.0

func NewStaticCredential(id string, purpose cred.Purpose) *StaticCredential

NewStaticCredential creates a new in memory Credential representing the relationship between session a credential and the purpose of the credential.

func (*StaticCredential) SetTableName added in v0.9.0

func (c *StaticCredential) SetTableName(n string)

SetTableName sets the table name.

func (*StaticCredential) TableName added in v0.9.0

func (c *StaticCredential) TableName() string

TableName returns the table name.

type Status

type Status string

Status of the session's state

const (
	StatusPending    Status = "pending"
	StatusActive     Status = "active"
	StatusCanceling  Status = "canceling"
	StatusTerminated Status = "terminated"
)

func (Status) ProtoVal

func (s Status) ProtoVal() workerpbs.SESSIONSTATUS

ProtoVal returns the enum value corresponding to the state

func (Status) String

func (s Status) String() string

String representation of the state's status

type TerminationReason

type TerminationReason string

TerminationReason of the session

const (
	UnknownTermination TerminationReason = "unknown"
	TimedOut           TerminationReason = "timed out"
	ClosedByUser       TerminationReason = "closed by end-user"
	Terminated         TerminationReason = "terminated"
	NetworkError       TerminationReason = "network error"
	SystemError        TerminationReason = "system error"
	ConnectionLimit    TerminationReason = "connection limit"
	SessionCanceled    TerminationReason = "canceled"
)

func (TerminationReason) String

func (r TerminationReason) String() string

String representation of the termination reason

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL