daemon

package
v11.3.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 13, 2022 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config 

type Config struct {
	// Storage is a storage service that reads/writes to tsh profiles
	Storage *clusters.Storage
	// Log is a component logger
	Log              *logrus.Entry
	GatewayCreator   GatewayCreator
	TCPPortAllocator gateway.TCPPortAllocator
	// CreateTshdEventsClientCredsFunc lazily creates creds for the tshd events server ran by the
	// Electron app. This is to ensure that the server public key is written to the disk under the
	// expected location by the time we get around to creating the client.
	CreateTshdEventsClientCredsFunc CreateTshdEventsClientCredsFunc
	GatewayCertReissuer             *GatewayCertReissuer
}

Config is the cluster service config

func (*Config) CheckAndSetDefaults 

func (c *Config) CheckAndSetDefaults() error

CheckAndSetDefaults checks the configuration for its validity and sets default values if needed

type CreateGatewayParams 

type CreateGatewayParams struct {
	TargetURI             string
	TargetUser            string
	TargetSubresourceName string
	LocalPort             string
}

type CreateTshdEventsClientCredsFunc 

type CreateTshdEventsClientCredsFunc func() (grpc.DialOption, error)

type DBCertReissuer 

type DBCertReissuer interface {
	// ReissueDBCerts reaches out to the cluster to get a cert for the specific tlsca.RouteToDatabase
	// and saves it to disk.
	ReissueDBCerts(context.Context, tlsca.RouteToDatabase) error
}

DBCertReissuer lets us pass a mock in tests and clusters.Cluster (which makes calls to the cluster) in production code.

type GatewayCertReissuer 

type GatewayCertReissuer struct {
	// TSHDEventsClient gets set by daemon.Service behind its mutex.
	TSHDEventsClient TSHDEventsClient

	Log *logrus.Entry
	// contains filtered or unexported fields
}

GatewayCertReissuer is responsible for managing the process of reissuing a db cert for a gateway after the db cert expires.

func (*GatewayCertReissuer) ReissueCert 

func (r *GatewayCertReissuer) ReissueCert(ctx context.Context, gateway *gateway.Gateway, dbCertReissuer DBCertReissuer) error

ReissueCert attempts to contact the cluster to reissue the db cert used by the gateway. If that operation fails and the error is resolvable by relogin, ReissueCert tells the Electron app to relogin the user. Once that is done, it attempts to reissue the db cert again.

ReissueCert is called by the LocalProxy middleware used by Connect's gateways. The middleware calls ReissueCert on an incoming connection to the proxy if the db cert used by the proxy has expired.

If the initial call to the cluster fails with an error that is not resolvable by logging in, ReissueCert returns with that error.

Any error ReissueCert returns is also forwarded to the Electron app so that it can show an error notification. GatewayCertReissuer is typically called from within a goroutine that handles the gateway, so without forwarding the error to the app, it would be visible only in the logs.

type GatewayCreator 

type GatewayCreator interface {
	CreateGateway(context.Context, clusters.CreateGatewayParams) (*gateway.Gateway, error)
}

type Service 

type Service struct {
	// contains filtered or unexported fields
}

Service is the daemon service

func New 

func New(cfg Config) (*Service, error)

New creates an instance of Daemon service

func (*Service) AddCluster 

func (s *Service) AddCluster(ctx context.Context, webProxyAddress string) (*clusters.Cluster, error)

AddCluster adds a cluster

func (*Service) AssumeRole 

func (s *Service) AssumeRole(ctx context.Context, req *api.AssumeRoleRequest) error

func (*Service) ClusterLogout 

func (s *Service) ClusterLogout(ctx context.Context, uri string) error

ClusterLogout logs a user out from the cluster

func (*Service) CreateAccessRequest 

func (s *Service) CreateAccessRequest(ctx context.Context, req *api.CreateAccessRequestRequest) (*clusters.AccessRequest, error)

CreateAccessRequest creates an access request

func (*Service) CreateGateway 

func (s *Service) CreateGateway(ctx context.Context, params CreateGatewayParams) (*gateway.Gateway, error)

CreateGateway creates a gateway to given targetURI

func (*Service) DeleteAccessRequest 

func (s *Service) DeleteAccessRequest(ctx context.Context, req *api.DeleteAccessRequestRequest) error

func (*Service) GetAccessRequest 

func (s *Service) GetAccessRequest(ctx context.Context, req *api.GetAccessRequestRequest) ([]clusters.AccessRequest, error)

GetAccessRequest returns AccessRequests filtered by ID

func (*Service) GetAccessRequests 

func (s *Service) GetAccessRequests(ctx context.Context, req *api.GetAccessRequestsRequest) ([]clusters.AccessRequest, error)

GetAccessRequests returns all access requests with filtered input

func (*Service) GetAllKubes 

func (s *Service) GetAllKubes(ctx context.Context, uri string) ([]clusters.Kube, error)

GetAllKubes lists kubernetes clusters

func (*Service) GetAllServers 

func (s *Service) GetAllServers(ctx context.Context, clusterURI string) ([]clusters.Server, error)

GetAllServers returns a full list of nodes without pagination or sorting.

func (*Service) GetCluster 

func (s *Service) GetCluster(ctx context.Context, uri string) (*clusters.Cluster, error)

GetCluster returns full cluster information. It makes a request to the auth server.

func (*Service) GetKubes 

func (s *Service) GetKubes(ctx context.Context, req *api.GetKubesRequest) (*clusters.GetKubesResponse, error)

GetKubes accepts parameterized input to enable searching, sorting, and pagination.

func (*Service) GetRequestableRoles 

func (s *Service) GetRequestableRoles(ctx context.Context, req *api.GetRequestableRolesRequest) (*api.GetRequestableRolesResponse, error)

func (*Service) GetServers 

func (s *Service) GetServers(ctx context.Context, req *api.GetServersRequest) (*clusters.GetServersResponse, error)

GetServers accepts parameterized input to enable searching, sorting, and pagination.

func (*Service) ListApps 

func (s *Service) ListApps(ctx context.Context, clusterURI string) ([]clusters.App, error)

ListServers returns cluster servers

func (*Service) ListGateways 

func (s *Service) ListGateways() []gateway.Gateway

ListGateways lists gateways

func (*Service) ListLeafClusters 

func (s *Service) ListLeafClusters(ctx context.Context, uri string) ([]clusters.LeafCluster, error)

ListLeafClusters returns a list of leaf clusters

func (*Service) ListRootClusters 

func (s *Service) ListRootClusters(ctx context.Context) ([]*clusters.Cluster, error)

ListRootClusters returns a list of root clusters

func (*Service) RemoveCluster 

func (s *Service) RemoveCluster(ctx context.Context, uri string) error

RemoveCluster removes cluster

func (*Service) RemoveGateway 

func (s *Service) RemoveGateway(gatewayURI string) error

RemoveGateway removes cluster gateway

func (*Service) ResolveCluster 

func (s *Service) ResolveCluster(uri string) (*clusters.Cluster, error)

ResolveCluster resolves a cluster by URI by reading data stored on disk in the profile.

It doesn't make network requests so the returned clusters.Cluster will not include full information returned from the web/auth servers.

func (*Service) RestartGateway 

func (s *Service) RestartGateway(ctx context.Context, gatewayURI string) error

RestartGateway stops a gateway and starts a new one with identical parameters. It also keeps the original URI so that from the perspective of Connect it's still the same gateway but with fresh certs.

func (*Service) ReviewAccessRequest 

func (s *Service) ReviewAccessRequest(ctx context.Context, req *api.ReviewAccessRequestRequest) (*clusters.AccessRequest, error)

func (*Service) SetGatewayLocalPort 

func (s *Service) SetGatewayLocalPort(gatewayURI, localPort string) (*gateway.Gateway, error)

SetGatewayLocalPort creates a new gateway with the given port, swaps it with the old gateway under the same URI in s.gateways and then closes the old gateway. It doesn't fetch a fresh db cert.

If gateway.NewWithLocalPort fails it's imperative that the current gateway is kept intact. This way if the user attempts to change the port to one that cannot be obtained, they're able to correct that mistake and choose a different port.

SetGatewayLocalPort is a noop if port is equal to the existing port.

func (*Service) SetGatewayTargetSubresourceName 

func (s *Service) SetGatewayTargetSubresourceName(gatewayURI, targetSubresourceName string) (*gateway.Gateway, error)

SetGatewayTargetSubresourceName updates the TargetSubresourceName field of a gateway stored in s.gateways.

func (*Service) Stop 

func (s *Service) Stop()

Stop terminates all cluster open connections

func (*Service) TransferFile 

func (s *Service) TransferFile(ctx context.Context, request *api.FileTransferRequest, sendProgress clusters.FileTransferProgressSender) error

func (*Service) UpdateAndDialTshdEventsServerAddress 

func (s *Service) UpdateAndDialTshdEventsServerAddress(serverAddress string) error

UpdateAndDialTshdEventsServerAddress allows the Electron app to provide the tshd events server address.

The startup of the app is orchestrated so that this method is called before any other method on daemon.Service. This way all the other code in daemon.Service can assume that the tshd events client is available right from the beginning, without the need for nil checks.

type TSHDEventsClient 

type TSHDEventsClient interface {
	// Relogin makes the Electron app display a login modal. Please refer to
	// [api.TshdEventsServiceClient.Relogin] for more details.
	Relogin(ctx context.Context, in *api.ReloginRequest, opts ...grpc.CallOption) (*api.ReloginResponse, error)
	// SendNotification causes the Electron app to display a notification. Please refer to
	// [api.TshdEventsServiceClient.SendNotification] for more details.
	SendNotification(ctx context.Context, in *api.SendNotificationRequest, opts ...grpc.CallOption) (*api.SendNotificationResponse, error)
}

TSHDEventsClient takes only those methods from api.TshdEventsServiceClient that GatewayCertReissuer actually needs. It makes mocking the client in tests easier and future-proof.

Refer to api.TshdEventsServiceClient for a more detailed documentation.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.