state

package
v2.5.5+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 2, 2018 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// DefaultQueueLen determines how many logging events to queue in-memory
	// before start dropping them (probably because logging server is down)
	DefaultQueueLen = 300
	// DefaultFlushTimeout is a period to flush after no other events have been received
	DefaultFlushTimeout = time.Second
	// DefaultFlushChunks is a max chunks accumulated over period to flush
	DefaultFlushChunks = 250
	// DefaultFlushBytes is a max bytes of the chunks before the flush will be triggered
	DefaultFlushBytes = 100000
	// DefaultThrottleTimeout is a latency after we will
	DefaultThrottleTimeout = 500 * time.Millisecond
	// DefaultThrottleDuration is a period that we will throttle the slow network for
	// before trying to send again
	DefaultThrottleDuration = 10 * time.Second
	// DefaultBackoffInitialInterval is initial interval for backoff
	DefaultBackoffInitialInterval = 100 * time.Millisecond
	// DefaultBackoffMaxInterval is maximum interval for backoff
	DefaultBackoffMaxInterval = DefaultThrottleDuration
)

Variables

This section is empty.

Functions

func NoCache

func NoCache(clt auth.ClientI, cacheName []string) (auth.AccessPoint, error)

NoCache is a no cache used for access point

Types

type CachingAuditLog

type CachingAuditLog struct {
	CachingAuditLogConfig
	// contains filtered or unexported fields
}

CachingAuditLog implements events.IAuditLog on the recording machine (SSH server) It captures the local recording and forwards it to the AuditLog network server Some important properties of this implementation:

  • Without back pressure on posting session chunks, audit log was loosing events because produce was much faster than consume and buffer was oveflowing
  • Throttle is important to continue the session in case if audit log slowness, as the session output will block and timeout on every request
  • It is important to pack chunnks, because ls -laR / would otherwise generate about 10K requests per second. With this packing approach we reduced this number to about 40-50 requests per second, we can now tweak this parameter now by setting queue size and flush buffers.

* Current implementation attaches audit log forwarder per session

func NewCachingAuditLog

func NewCachingAuditLog(cfg CachingAuditLogConfig) (*CachingAuditLog, error)

NewCachingAuditLog creaets a new & fully initialized instance of the alog

func (*CachingAuditLog) Close

func (ll *CachingAuditLog) Close() error

func (*CachingAuditLog) EmitAuditEvent

func (ll *CachingAuditLog) EmitAuditEvent(eventType string, fields events.EventFields) error

func (*CachingAuditLog) GetSessionChunk

func (ll *CachingAuditLog) GetSessionChunk(string, session.ID, int, int) ([]byte, error)

func (*CachingAuditLog) GetSessionEvents

func (ll *CachingAuditLog) GetSessionEvents(string, session.ID, int) ([]events.EventFields, error)

func (*CachingAuditLog) PostSessionChunk

func (ll *CachingAuditLog) PostSessionChunk(namespace string, sid session.ID, reader io.Reader) error

func (*CachingAuditLog) PostSessionSlice

func (ll *CachingAuditLog) PostSessionSlice(slice events.SessionSlice) error

func (*CachingAuditLog) SearchEvents

func (ll *CachingAuditLog) SearchEvents(time.Time, time.Time, string, int) ([]events.EventFields, error)

func (*CachingAuditLog) SearchSessionEvents

func (ll *CachingAuditLog) SearchSessionEvents(time.Time, time.Time, int) ([]events.EventFields, error)

func (*CachingAuditLog) WaitForDelivery

func (ll *CachingAuditLog) WaitForDelivery(ctx context.Context) error

WaitForDelivery waits until all operations of the caching audit log complete after Close has been called, e.g. flushing remaining items

type CachingAuditLogConfig

type CachingAuditLogConfig struct {
	// Namespace is session namespace
	Namespace string
	// SessionID is session ID this log forwards for
	SessionID string
	// Server is the server receiving audit events
	Server events.IAuditLog
	// QueueLen is length of the caching queue
	QueueLen int
	// FlushChunks controls how many chunks to aggregate before submit
	FlushChunks int
	// Context is an optional context
	Context context.Context
	// ThrottleTimeout is a timeout that triggers throttling
	ThrottleTimeout time.Duration
	// ThrottleDuration is a duration for throttling
	ThrottleDuration time.Duration
	// FlushTimeout is a period to flush buffered chunks if the queue
	// has not filled up yet
	FlushTimeout time.Duration
	// FlushBytes sets amount of bytes per slice that triggers
	// the flush to the server
	FlushBytes int64
	// BackoffInitialInterval is initial interval for backoff
	BackoffInitialInterval time.Duration
	// BackoffMaxInterval is maximum interval for backoff
	BackoffMaxInterval time.Duration
}

CachingAuditLogConifig sets configuration for caching audit log

func (*CachingAuditLogConfig) CheckAndSetDefaults

func (c *CachingAuditLogConfig) CheckAndSetDefaults() error

CheckAndSetDefaults checks and sets defaults

type CachingAuthClient

type CachingAuthClient struct {
	Config
	*log.Entry

	// mutex is to check access to ttl map
	sync.RWMutex
	// contains filtered or unexported fields
}

CachingAuthClient implements auth.AccessPoint interface and remembers the previously returned upstream value for each API call.

This which can be used if the upstream AccessPoint goes offline

func NewCachingAuthClient

func NewCachingAuthClient(config Config) (*CachingAuthClient, error)

NewCachingAuthClient creates a new instance of CachingAuthClient using a live connection to the auth server (ap)

func (*CachingAuthClient) DeleteTunnelConnection

func (cs *CachingAuthClient) DeleteTunnelConnection(clusterName, connName string) error

DeleteTunnelConnection is a part of auth.AccessPoint implementation

func (*CachingAuthClient) GetAllTunnelConnections

func (cs *CachingAuthClient) GetAllTunnelConnections() (conns []services.TunnelConnection, err error)

GetAllTunnelConnections is a part of auth.AccessPoint implementation GetAllTunnelConnections are not using recent cache, as they are designed to be called periodically and always return fresh data

func (*CachingAuthClient) GetCertAuthorities

func (cs *CachingAuthClient) GetCertAuthorities(ct services.CertAuthType, loadKeys bool) (cas []services.CertAuthority, err error)

GetCertAuthorities is a part of auth.AccessPoint implementation

func (*CachingAuthClient) GetCertAuthority

func (cs *CachingAuthClient) GetCertAuthority(id services.CertAuthID, loadKeys bool) (ca services.CertAuthority, err error)

GetCertAuthority is a part of auth.AccessPoint implementation

func (*CachingAuthClient) GetClusterConfig

func (cs *CachingAuthClient) GetClusterConfig() (clusterConfig services.ClusterConfig, err error)

func (*CachingAuthClient) GetDomainName

func (cs *CachingAuthClient) GetDomainName() (clusterName string, err error)

GetDomainName is a part of auth.AccessPoint implementation

func (*CachingAuthClient) GetNamespace

func (cs *CachingAuthClient) GetNamespace(name string) (namespace *services.Namespace, err error)

GetNamespace returns namespace

func (*CachingAuthClient) GetNamespaces

func (cs *CachingAuthClient) GetNamespaces() (namespaces []services.Namespace, err error)

GetNamespaces is a part of auth.AccessPoint implementation

func (*CachingAuthClient) GetNodes

func (cs *CachingAuthClient) GetNodes(namespace string) (nodes []services.Server, err error)

GetNodes is a part of auth.AccessPoint implementation

func (*CachingAuthClient) GetProxies

func (cs *CachingAuthClient) GetProxies() (proxies []services.Server, err error)

GetProxies is a part of auth.AccessPoint implementation

func (*CachingAuthClient) GetReverseTunnels

func (cs *CachingAuthClient) GetReverseTunnels() (tunnels []services.ReverseTunnel, err error)

GetReverseTunnels is not using recent cache on purpose as it's designed to be called periodically and return fresh data at all times when possible

func (*CachingAuthClient) GetRole

func (cs *CachingAuthClient) GetRole(name string) (role services.Role, err error)

GetRole is a part of auth.AccessPoint implementation

func (*CachingAuthClient) GetRoles

func (cs *CachingAuthClient) GetRoles() (roles []services.Role, err error)

GetRoles is a part of auth.AccessPoint implementation

func (*CachingAuthClient) GetTunnelConnections

func (cs *CachingAuthClient) GetTunnelConnections(clusterName string) (conns []services.TunnelConnection, err error)

GetTunnelConnections is a part of auth.AccessPoint implementation GetTunnelConnections are not using recent cache as they are designed to be called periodically and always return fresh data

func (*CachingAuthClient) GetUsers

func (cs *CachingAuthClient) GetUsers() (users []services.User, err error)

GetUsers is a part of auth.AccessPoint implementation

func (*CachingAuthClient) UpsertNode

func (cs *CachingAuthClient) UpsertNode(s services.Server) error

UpsertNode is part of auth.AccessPoint implementation

func (*CachingAuthClient) UpsertProxy

func (cs *CachingAuthClient) UpsertProxy(s services.Server) error

UpsertProxy is part of auth.AccessPoint implementation

func (*CachingAuthClient) UpsertTunnelConnection

func (cs *CachingAuthClient) UpsertTunnelConnection(conn services.TunnelConnection) error

UpsertTunnelConnection is a part of auth.AccessPoint implementation

type Config

type Config struct {
	// CacheMaxTTL sets maximum TTL the cache keeps the value
	// in case if there is no connection to auth servers
	CacheMaxTTL time.Duration
	// RecentCacheMinTTL sets TTL for items
	// that were recently retrieved from auth servers
	// if set to 0, not turned on, if set to 1 second,
	// it means that value accessed within last 1 second or NotFound error
	// will be returned instead of using auth server
	RecentCacheTTL time.Duration
	// NeverExpires if set, never expire cache values
	NeverExpires bool
	// AccessPoint is access point for this
	AccessPoint auth.AccessPoint
	// Backend is cache backend
	Backend backend.Backend
	// Clock can be set to control time
	Clock clockwork.Clock
	// SkipPreload turns off preloading on start
	SkipPreload bool
}

Config is CachingAuthClient config

func (*Config) CheckAndSetDefaults

func (c *Config) CheckAndSetDefaults() error

CheckAndSetDefaults checks parameters and sets default values

type NewCachingAccessPoint

type NewCachingAccessPoint func(clt auth.ClientI, cacheName []string) (auth.AccessPoint, error)

NewCachingAcessPoint returns new caching access point using access point policy

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL