Skip to content

Commit

Permalink
Add AutoUpdate Client/Cache implementation (#46661) (#46749)
Browse files Browse the repository at this point in the history
* Add AutoUpdate Client/Cache implementation

* CR changes

* Add permission for proxy to access resources

* Rename all occurrences auto update to camelcase

* Remove auto update client wrapper

* Drop AutoUpdateServiceClient helper
Rename comments for consistency
  • Loading branch information
vapopov authored Oct 1, 2024
1 parent 418c4f7 commit 1ad995b
Show file tree
Hide file tree
Showing 19 changed files with 453 additions and 60 deletions.
21 changes: 21 additions & 0 deletions api/client/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ import (
accesslistv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/accesslist/v1"
accessmonitoringrulev1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/accessmonitoringrules/v1"
auditlogpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/auditlog/v1"
autoupdatev1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/autoupdate/v1"
clusterconfigpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/clusterconfig/v1"
crownjewelv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/crownjewel/v1"
dbobjectv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/dbobject/v1"
Expand Down Expand Up @@ -3195,6 +3196,26 @@ func (c *Client) GetClusterAuditConfig(ctx context.Context) (types.ClusterAuditC
return resp, nil
}

// GetAutoUpdateConfig gets AutoUpdateConfig resource.
func (c *Client) GetAutoUpdateConfig(ctx context.Context) (*autoupdatev1pb.AutoUpdateConfig, error) {
client := autoupdatev1pb.NewAutoUpdateServiceClient(c.conn)
resp, err := client.GetAutoUpdateConfig(ctx, &autoupdatev1pb.GetAutoUpdateConfigRequest{})
if err != nil {
return nil, trace.Wrap(err)
}
return resp, nil
}

// GetAutoUpdateVersion gets AutoUpdateVersion resource.
func (c *Client) GetAutoUpdateVersion(ctx context.Context) (*autoupdatev1pb.AutoUpdateVersion, error) {
client := autoupdatev1pb.NewAutoUpdateServiceClient(c.conn)
resp, err := client.GetAutoUpdateVersion(ctx, &autoupdatev1pb.GetAutoUpdateVersionRequest{})
if err != nil {
return nil, trace.Wrap(err)
}
return resp, nil
}

// GetClusterAccessGraphConfig retrieves the Cluster Access Graph configuration from Auth server.
func (c *Client) GetClusterAccessGraphConfig(ctx context.Context) (*clusterconfigpb.AccessGraphConfig, error) {
rsp, err := c.ClusterConfigClient().GetClusterAccessGraphConfig(ctx, &clusterconfigpb.GetClusterAccessGraphConfigRequest{})
Expand Down
15 changes: 15 additions & 0 deletions api/client/events.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import (

"github.com/gravitational/teleport/api/client/proto"
accessmonitoringrulesv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/accessmonitoringrules/v1"
"github.com/gravitational/teleport/api/gen/proto/go/teleport/autoupdate/v1"
clusterconfigpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/clusterconfig/v1"
crownjewelv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/crownjewel/v1"
kubewaitingcontainerpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/kubewaitingcontainer/v1"
Expand Down Expand Up @@ -76,6 +77,14 @@ func EventToGRPC(in types.Event) (*proto.Event, error) {
out.Resource = &proto.Event_AccessGraphSettings{
AccessGraphSettings: r,
}
case *autoupdate.AutoUpdateConfig:
out.Resource = &proto.Event_AutoUpdateConfig{
AutoUpdateConfig: r,
}
case *autoupdate.AutoUpdateVersion:
out.Resource = &proto.Event_AutoUpdateVersion{
AutoUpdateVersion: r,
}
default:
return nil, trace.BadParameter("resource type %T is not supported", r)
}
Expand Down Expand Up @@ -504,6 +513,12 @@ func EventFromGRPC(in *proto.Event) (*types.Event, error) {
} else if r := in.GetAccessGraphSettings(); r != nil {
out.Resource = types.Resource153ToLegacy(r)
return &out, nil
} else if r := in.GetAutoUpdateConfig(); r != nil {
out.Resource = types.Resource153ToLegacy(r)
return &out, nil
} else if r := in.GetAutoUpdateVersion(); r != nil {
out.Resource = types.Resource153ToLegacy(r)
return &out, nil
} else {
return nil, trace.BadParameter("received unsupported resource %T", in.Resource)
}
Expand Down
2 changes: 1 addition & 1 deletion api/types/autoupdate/config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ import (
"github.com/gravitational/teleport/api/types"
)

// TestNewAutoUpdateConfig verifies validation for auto update config resource.
// TestNewAutoUpdateConfig verifies validation for AutoUpdateConfig resource.
func TestNewAutoUpdateConfig(t *testing.T) {
tests := []struct {
name string
Expand Down
2 changes: 1 addition & 1 deletion api/types/autoupdate/version_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ import (
"github.com/gravitational/teleport/api/types"
)

// TestNewAutoUpdateVersion verifies validation for auto update version resource.
// TestNewAutoUpdateVersion verifies validation for AutoUpdateVersion resource.
func TestNewAutoUpdateVersion(t *testing.T) {
tests := []struct {
name string
Expand Down
2 changes: 2 additions & 0 deletions lib/auth/accesspoint/accesspoint.go
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,7 @@ type Config struct {
WebSession types.WebSessionInterface
WebToken types.WebTokenInterface
WindowsDesktops services.WindowsDesktops
AutoUpdateService services.AutoUpdateServiceGetter
}

func (c *Config) CheckAndSetDefaults() error {
Expand Down Expand Up @@ -164,6 +165,7 @@ func NewCache(cfg Config) (*cache.Cache, error) {
AppSession: cfg.AppSession,
Apps: cfg.Apps,
ClusterConfig: cfg.ClusterConfig,
AutoUpdateService: cfg.AutoUpdateService,
CrownJewels: cfg.CrownJewels,
DatabaseServices: cfg.DatabaseServices,
Databases: cfg.Databases,
Expand Down
13 changes: 13 additions & 0 deletions lib/auth/authclient/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ import (

"github.com/gravitational/teleport/api/client/proto"
accessmonitoringrules "github.com/gravitational/teleport/api/gen/proto/go/teleport/accessmonitoringrules/v1"
"github.com/gravitational/teleport/api/gen/proto/go/teleport/autoupdate/v1"
clusterconfigpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/clusterconfig/v1"
crownjewelv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/crownjewel/v1"
integrationpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/integration/v1"
Expand Down Expand Up @@ -305,6 +306,12 @@ type ReadProxyAccessPoint interface {

// GetUserGroup returns the specified user group resources.
GetUserGroup(ctx context.Context, name string) (types.UserGroup, error)

// GetAutoUpdateConfig gets the AutoUpdateConfig from the backend.
GetAutoUpdateConfig(ctx context.Context) (*autoupdate.AutoUpdateConfig, error)

// GetAutoUpdateVersion gets the AutoUpdateVersion from the backend.
GetAutoUpdateVersion(ctx context.Context) (*autoupdate.AutoUpdateVersion, error)
}

// SnowflakeSessionWatcher is watcher interface used by Snowflake web session watcher.
Expand Down Expand Up @@ -1172,6 +1179,12 @@ type Cache interface {
// ListAccessMonitoringRulesWithFilter returns a paginated list of access monitoring rules.
ListAccessMonitoringRulesWithFilter(ctx context.Context, pageSize int, nextToken string, subjects []string, notificationName string) ([]*accessmonitoringrules.AccessMonitoringRule, string, error)

// GetAutoUpdateConfig gets the AutoUpdateConfig from the backend.
GetAutoUpdateConfig(ctx context.Context) (*autoupdate.AutoUpdateConfig, error)

// GetAutoUpdateVersion gets the AutoUpdateVersion from the backend.
GetAutoUpdateVersion(ctx context.Context) (*autoupdate.AutoUpdateVersion, error)

// GetSPIFFEFederation gets a SPIFFE Federation by name.
GetSPIFFEFederation(ctx context.Context, name string) (*machineidv1.SPIFFEFederation, error)
// ListSPIFFEFederations lists all SPIFFE Federations using Google style
Expand Down
1 change: 1 addition & 0 deletions lib/auth/authclient/clt.go
Original file line number Diff line number Diff line change
Expand Up @@ -1392,6 +1392,7 @@ type ClientI interface {
WebService
services.Status
services.ClusterConfiguration
services.AutoUpdateServiceGetter
services.SessionTrackerService
services.ConnectionsDiagnostic
services.SAMLIdPSession
Expand Down
46 changes: 23 additions & 23 deletions lib/auth/autoupdate/autoupdatev1/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,24 +32,24 @@ import (

// Cache defines only read-only service methods.
type Cache interface {
// GetAutoUpdateConfig gets the autoupdate configuration from the backend.
// GetAutoUpdateConfig gets the AutoUpdateConfig from the backend.
GetAutoUpdateConfig(ctx context.Context) (*autoupdate.AutoUpdateConfig, error)

// GetAutoUpdateVersion gets the autoupdate version from the backend.
// GetAutoUpdateVersion gets the AutoUpdateVersion from the backend.
GetAutoUpdateVersion(ctx context.Context) (*autoupdate.AutoUpdateVersion, error)
}

// ServiceConfig holds configuration options for the autoupdate gRPC service.
// ServiceConfig holds configuration options for the auto update gRPC service.
type ServiceConfig struct {
// Authorizer is the authorizer used to check access to resources.
Authorizer authz.Authorizer
// Backend is the backend used to store autoupdate resources.
// Backend is the backend used to store AutoUpdate resources.
Backend services.AutoUpdateService
// Cache is the cache used to store autoupdate resources.
// Cache is the cache used to store AutoUpdate resources.
Cache Cache
}

// Service implements the gRPC API layer for the Autoupdate.
// Service implements the gRPC API layer for the AutoUpdate.
type Service struct {
autoupdate.UnimplementedAutoUpdateServiceServer

Expand All @@ -58,7 +58,7 @@ type Service struct {
cache Cache
}

// NewService returns a new Autoupdate API service using the given storage layer and authorizer.
// NewService returns a new AutoUpdate API service using the given storage layer and authorizer.
func NewService(cfg ServiceConfig) (*Service, error) {
switch {
case cfg.Backend == nil:
Expand All @@ -75,7 +75,7 @@ func NewService(cfg ServiceConfig) (*Service, error) {
}, nil
}

// GetAutoUpdateConfig gets the current autoupdate config singleton.
// GetAutoUpdateConfig gets the current AutoUpdateConfig singleton.
func (s *Service) GetAutoUpdateConfig(ctx context.Context, req *autoupdate.GetAutoUpdateConfigRequest) (*autoupdate.AutoUpdateConfig, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -94,7 +94,7 @@ func (s *Service) GetAutoUpdateConfig(ctx context.Context, req *autoupdate.GetAu
return config, nil
}

// CreateAutoUpdateConfig creates autoupdate config singleton.
// CreateAutoUpdateConfig creates AutoUpdateConfig singleton.
func (s *Service) CreateAutoUpdateConfig(ctx context.Context, req *autoupdate.CreateAutoUpdateConfigRequest) (*autoupdate.AutoUpdateConfig, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -113,7 +113,7 @@ func (s *Service) CreateAutoUpdateConfig(ctx context.Context, req *autoupdate.Cr
return config, trace.Wrap(err)
}

// UpdateAutoUpdateConfig updates autoupdate config singleton.
// UpdateAutoUpdateConfig updates AutoUpdateConfig singleton.
func (s *Service) UpdateAutoUpdateConfig(ctx context.Context, req *autoupdate.UpdateAutoUpdateConfigRequest) (*autoupdate.AutoUpdateConfig, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -132,7 +132,7 @@ func (s *Service) UpdateAutoUpdateConfig(ctx context.Context, req *autoupdate.Up
return config, trace.Wrap(err)
}

// UpsertAutoUpdateConfig updates or creates autoupdate config singleton.
// UpsertAutoUpdateConfig updates or creates AutoUpdateConfig singleton.
func (s *Service) UpsertAutoUpdateConfig(ctx context.Context, req *autoupdate.UpsertAutoUpdateConfigRequest) (*autoupdate.AutoUpdateConfig, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -151,7 +151,7 @@ func (s *Service) UpsertAutoUpdateConfig(ctx context.Context, req *autoupdate.Up
return config, trace.Wrap(err)
}

// DeleteAutoUpdateConfig deletes autoupdate config singleton.
// DeleteAutoUpdateConfig deletes AutoUpdateConfig singleton.
func (s *Service) DeleteAutoUpdateConfig(ctx context.Context, req *autoupdate.DeleteAutoUpdateConfigRequest) (*emptypb.Empty, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -172,7 +172,7 @@ func (s *Service) DeleteAutoUpdateConfig(ctx context.Context, req *autoupdate.De
return &emptypb.Empty{}, nil
}

// GetAutoUpdateVersion gets the current autoupdate version singleton.
// GetAutoUpdateVersion gets the current AutoUpdateVersion singleton.
func (s *Service) GetAutoUpdateVersion(ctx context.Context, req *autoupdate.GetAutoUpdateVersionRequest) (*autoupdate.AutoUpdateVersion, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -191,7 +191,7 @@ func (s *Service) GetAutoUpdateVersion(ctx context.Context, req *autoupdate.GetA
return version, nil
}

// CreateAutoUpdateVersion creates autoupdate version singleton.
// CreateAutoUpdateVersion creates AutoUpdateVersion singleton.
func (s *Service) CreateAutoUpdateVersion(ctx context.Context, req *autoupdate.CreateAutoUpdateVersionRequest) (*autoupdate.AutoUpdateVersion, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -206,11 +206,11 @@ func (s *Service) CreateAutoUpdateVersion(ctx context.Context, req *autoupdate.C
return nil, trace.Wrap(err)
}

autoupdateVersion, err := s.backend.CreateAutoUpdateVersion(ctx, req.Version)
return autoupdateVersion, trace.Wrap(err)
autoUpdateVersion, err := s.backend.CreateAutoUpdateVersion(ctx, req.Version)
return autoUpdateVersion, trace.Wrap(err)
}

// UpdateAutoUpdateVersion updates autoupdate version singleton.
// UpdateAutoUpdateVersion updates AutoUpdateVersion singleton.
func (s *Service) UpdateAutoUpdateVersion(ctx context.Context, req *autoupdate.UpdateAutoUpdateVersionRequest) (*autoupdate.AutoUpdateVersion, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -225,11 +225,11 @@ func (s *Service) UpdateAutoUpdateVersion(ctx context.Context, req *autoupdate.U
return nil, trace.Wrap(err)
}

autoupdateVersion, err := s.backend.UpdateAutoUpdateVersion(ctx, req.Version)
return autoupdateVersion, trace.Wrap(err)
autoUpdateVersion, err := s.backend.UpdateAutoUpdateVersion(ctx, req.Version)
return autoUpdateVersion, trace.Wrap(err)
}

// UpsertAutoUpdateVersion updates or creates autoupdate version singleton.
// UpsertAutoUpdateVersion updates or creates AutoUpdateVersion singleton.
func (s *Service) UpsertAutoUpdateVersion(ctx context.Context, req *autoupdate.UpsertAutoUpdateVersionRequest) (*autoupdate.AutoUpdateVersion, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -244,11 +244,11 @@ func (s *Service) UpsertAutoUpdateVersion(ctx context.Context, req *autoupdate.U
return nil, trace.Wrap(err)
}

autoupdateVersion, err := s.backend.UpsertAutoUpdateVersion(ctx, req.Version)
return autoupdateVersion, trace.Wrap(err)
autoUpdateVersion, err := s.backend.UpsertAutoUpdateVersion(ctx, req.Version)
return autoUpdateVersion, trace.Wrap(err)
}

// DeleteAutoUpdateVersion deletes autoupdate version singleton.
// DeleteAutoUpdateVersion deletes AutoUpdateVersion singleton.
func (s *Service) DeleteAutoUpdateVersion(ctx context.Context, req *autoupdate.DeleteAutoUpdateVersionRequest) (*emptypb.Empty, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand Down
2 changes: 1 addition & 1 deletion lib/auth/grpcserver.go
Original file line number Diff line number Diff line change
Expand Up @@ -6027,7 +6027,7 @@ func NewGRPCServer(cfg GRPCServerConfig) (*GRPCServer, error) {
autoUpdateServiceServer, err := autoupdatev1.NewService(autoupdatev1.ServiceConfig{
Authorizer: cfg.Authorizer,
Backend: cfg.AuthServer.Services,
Cache: cfg.AuthServer.Services,
Cache: cfg.AuthServer.Cache,
})
if err != nil {
return nil, trace.Wrap(err)
Expand Down
1 change: 1 addition & 0 deletions lib/auth/helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -337,6 +337,7 @@ func NewTestAuthServer(cfg TestAuthServerConfig) (*TestAuthServer, error) {
AppSession: svces.Identity,
Apps: svces.Apps,
ClusterConfig: svces.ClusterConfiguration,
AutoUpdateService: svces.AutoUpdateService,
CrownJewels: svces.CrownJewels,
DatabaseServices: svces.DatabaseServices,
Databases: svces.Databases,
Expand Down
2 changes: 2 additions & 0 deletions lib/authz/permissions.go
Original file line number Diff line number Diff line change
Expand Up @@ -913,6 +913,8 @@ func roleSpecForProxy(clusterName string) types.RoleSpecV6 {
types.NewRule(types.KindSAMLIdPServiceProvider, services.RO()),
types.NewRule(types.KindUserGroup, services.RO()),
types.NewRule(types.KindClusterMaintenanceConfig, services.RO()),
types.NewRule(types.KindAutoUpdateConfig, services.RO()),
types.NewRule(types.KindAutoUpdateVersion, services.RO()),
types.NewRule(types.KindIntegration, append(services.RO(), types.VerbUse)),
types.NewRule(types.KindAuditQuery, services.RO()),
types.NewRule(types.KindSecurityReport, services.RO()),
Expand Down
Loading

0 comments on commit 1ad995b

Please sign in to comment.