common

package
v0.0.0-...-5c79d48 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 15, 2024 License: AGPL-3.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// XForwardedSSL is a non-standard X-Forwarded-* header that is set to "on" or "off" depending on
	// whether SSL is enabled.
	XForwardedSSL = "X-Forwarded-Ssl"

	// TeleportAPIErrorHeader is Teleport-specific error header, optionally holding background error information.
	TeleportAPIErrorHeader = "X-Teleport-Api-Error"

	// TeleportAPIInfoHeader is Teleport-specific info header, optionally holding background information.
	TeleportAPIInfoHeader = "X-Teleport-Api-Info"

	// TeleportAWSAssumedRole indicates that the incoming requests are signed
	// with real AWS credentials of the specified assumed role by the AWS client.
	TeleportAWSAssumedRole = "X-Teleport-Aws-Assumed-Role"

	// TeleportAWSAssumedRoleAuthorization contains the original authorization
	// header for requests signed by assumed roles.
	TeleportAWSAssumedRoleAuthorization = "X-Teleport-Aws-Assumed-Role-Authorization"
)

Variables

View Source 
var ReservedHeaders = append([]string{
	teleport.AppJWTHeader,
	XForwardedSSL,
	TeleportAPIErrorHeader,
	TeleportAPIInfoHeader,
	TeleportAWSAssumedRole,
	TeleportAWSAssumedRoleAuthorization,
},
	reverseproxy.XHeaders...,
)

ReservedHeaders is a list of headers injected by Teleport.

Functions

func GetAWSAssumedRole 

func GetAWSAssumedRole(r *http.Request) string

GetAWSAssumedRole gets AWS assumed role from a request.

func IsReservedHeader 

func IsReservedHeader(header string) bool

IsReservedHeader returns true if the provided header is one of headers injected by Teleport.

func MakeAWSRequestMetadata 

func MakeAWSRequestMetadata(req *http.Request, awsEndpoint *endpoints.ResolvedEndpoint) *apievents.AWSRequestMetadata

MakeAWSRequestMetadata is a helper to build AWSRequestMetadata from the provided request and endpoint. If the aws endpoint is nil, returns an empty request metadata.

func MakeAppMetadata 

func MakeAppMetadata(app types.Application) *apievents.AppMetadata

MakeAppMetadata returns common server metadata for database session.

func SetTeleportAPIErrorHeader 

func SetTeleportAPIErrorHeader(rw http.ResponseWriter, err error)

SetTeleportAPIErrorHeader saves the provided error in X-Teleport-API-Error header of response.

func WithAWSAssumedRole 

func WithAWSAssumedRole(r *http.Request, assumedRole string) *http.Request

WithAWSAssumedRole adds AWS assumed role to the context of the provided request.

func WithSessionContext 

func WithSessionContext(r *http.Request, sessionCtx *SessionContext) *http.Request

WithSessionContext adds session context to provided request.

Types

type Audit 

type Audit interface {
	// OnSessionStart is called when new app session starts.
	OnSessionStart(ctx context.Context, serverID string, identity *tlsca.Identity, app types.Application) error
	// OnSessionEnd is called when an app session ends.
	OnSessionEnd(ctx context.Context, serverID string, identity *tlsca.Identity, app types.Application) error
	// OnSessionChunk is called when a new session chunk is created.
	OnSessionChunk(ctx context.Context, serverID, chunkID string, identity *tlsca.Identity, app types.Application) error
	// OnRequest is called when an app request is sent during the session and a response is received.
	OnRequest(ctx context.Context, sessionCtx *SessionContext, req *http.Request, status uint32, re *endpoints.ResolvedEndpoint) error
	// OnDynamoDBRequest is called when app request for a DynamoDB API is sent and a response is received.
	OnDynamoDBRequest(ctx context.Context, sessionCtx *SessionContext, req *http.Request, status uint32, re *endpoints.ResolvedEndpoint) error
	// EmitEvent emits the provided audit event.
	EmitEvent(ctx context.Context, event apievents.AuditEvent) error
}

Audit defines an interface for app access audit events logger.

func NewAudit 

func NewAudit(config AuditConfig) (Audit, error)

NewAudit returns a new instance of the audit events emitter.

type AuditConfig 

type AuditConfig struct {
	// Emitter is used to emit audit events.
	Emitter apievents.Emitter
	// Recorder is used to record session events.
	Recorder events.SessionPreparerRecorder
}

AuditConfig is the audit events emitter configuration.

func (*AuditConfig) Check 

func (c *AuditConfig) Check() error

Check validates the config.

type HeaderRewriter 

type HeaderRewriter struct {
	// contains filtered or unexported fields
}

HeaderRewriter delegates to rewriters and then appends its own headers.

func NewHeaderRewriter 

func NewHeaderRewriter(delegates ...reverseproxy.Rewriter) *HeaderRewriter

NewHeaderRewriter will create a new header rewriter with a number of delegates. The delegates will be executed in the order supplied

func (*HeaderRewriter) Rewrite 

func (hr *HeaderRewriter) Rewrite(req *http.Request)

Rewrite will delegate to the supplied delegates' rewrite functions and then inject its own headers.

type SessionContext 

type SessionContext struct {
	// Identity is the requested identity.
	Identity *tlsca.Identity
	// App is the requested identity.
	App types.Application
	// ChunkID is the session chunk's uuid.
	ChunkID string
	// Audit is used to emit audit events for the session.
	Audit Audit
}

SessionContext contains common context parameters for an App session.

func GetSessionContext 

func GetSessionContext(r *http.Request) (*SessionContext, error)

GetSessionContext retrieves the session context from a request.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.