Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add AutoUpdate Client/Cache implementation #46661

Merged
merged 6 commits into from
Sep 19, 2024
Merged
Show file tree
Hide file tree
Changes from 5 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions api/client/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ import (
accesslistv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/accesslist/v1"
accessmonitoringrulev1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/accessmonitoringrules/v1"
auditlogpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/auditlog/v1"
autoupdatev1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/autoupdate/v1"
clusterconfigpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/clusterconfig/v1"
crownjewelv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/crownjewel/v1"
dbobjectv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/dbobject/v1"
Expand Down Expand Up @@ -890,6 +891,11 @@ func (c *Client) GetVnetConfig(ctx context.Context) (*vnet.VnetConfig, error) {
return c.VnetConfigServiceClient().GetVnetConfig(ctx, &vnet.GetVnetConfigRequest{})
}

// AutoUpdateServiceClient returns an unadorned client for the AutoUpdate service.
func (c *Client) AutoUpdateServiceClient() autoupdatev1pb.AutoUpdateServiceClient {
return autoupdatev1pb.NewAutoUpdateServiceClient(c.conn)
}
rosstimothy marked this conversation as resolved.
Show resolved Hide resolved

// Ping gets basic info about the auth server.
func (c *Client) Ping(ctx context.Context) (proto.PingResponse, error) {
rsp, err := c.grpc.Ping(ctx, &proto.PingRequest{})
Expand Down Expand Up @@ -2863,6 +2869,24 @@ func (c *Client) GetClusterAuditConfig(ctx context.Context) (types.ClusterAuditC
return resp, nil
}

// GetAutoUpdateConfig gets AutoUpdateConfig resource.
func (c *Client) GetAutoUpdateConfig(ctx context.Context) (*autoupdatev1pb.AutoUpdateConfig, error) {
resp, err := c.AutoUpdateServiceClient().GetAutoUpdateConfig(ctx, &autoupdatev1pb.GetAutoUpdateConfigRequest{})
if err != nil {
return nil, trace.Wrap(err)
}
return resp, nil
}

// GetAutoUpdateVersion gets AutoUpdateVersion resource.
func (c *Client) GetAutoUpdateVersion(ctx context.Context) (*autoupdatev1pb.AutoUpdateVersion, error) {
resp, err := c.AutoUpdateServiceClient().GetAutoUpdateVersion(ctx, &autoupdatev1pb.GetAutoUpdateVersionRequest{})
if err != nil {
return nil, trace.Wrap(err)
}
return resp, nil
}

// GetClusterAccessGraphConfig retrieves the Cluster Access Graph configuration from Auth server.
func (c *Client) GetClusterAccessGraphConfig(ctx context.Context) (*clusterconfigpb.AccessGraphConfig, error) {
rsp, err := c.ClusterConfigClient().GetClusterAccessGraphConfig(ctx, &clusterconfigpb.GetClusterAccessGraphConfigRequest{})
Expand Down
15 changes: 15 additions & 0 deletions api/client/events.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import (

"github.com/gravitational/teleport/api/client/proto"
accessmonitoringrulesv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/accessmonitoringrules/v1"
"github.com/gravitational/teleport/api/gen/proto/go/teleport/autoupdate/v1"
clusterconfigpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/clusterconfig/v1"
crownjewelv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/crownjewel/v1"
dbobjectv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/dbobject/v1"
Expand Down Expand Up @@ -99,6 +100,14 @@ func EventToGRPC(in types.Event) (*proto.Event, error) {
out.Resource = &proto.Event_StaticHostUserV2{
StaticHostUserV2: r,
}
case *autoupdate.AutoUpdateConfig:
out.Resource = &proto.Event_AutoUpdateConfig{
AutoUpdateConfig: r,
}
case *autoupdate.AutoUpdateVersion:
out.Resource = &proto.Event_AutoUpdateVersion{
AutoUpdateVersion: r,
}
default:
return nil, trace.BadParameter("resource type %T is not supported", r)
}
Expand Down Expand Up @@ -542,6 +551,12 @@ func EventFromGRPC(in *proto.Event) (*types.Event, error) {
} else if r := in.GetStaticHostUserV2(); r != nil {
out.Resource = types.Resource153ToLegacy(r)
return &out, nil
} else if r := in.GetAutoUpdateConfig(); r != nil {
out.Resource = types.Resource153ToLegacy(r)
return &out, nil
} else if r := in.GetAutoUpdateVersion(); r != nil {
out.Resource = types.Resource153ToLegacy(r)
return &out, nil
} else {
return nil, trace.BadParameter("received unsupported resource %T", in.Resource)
}
Expand Down
2 changes: 2 additions & 0 deletions lib/auth/accesspoint/accesspoint.go
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,7 @@ type Config struct {
WebSession types.WebSessionInterface
WebToken types.WebTokenInterface
WindowsDesktops services.WindowsDesktops
AutoUpdateService services.AutoUpdateServiceGetter
}

func (c *Config) CheckAndSetDefaults() error {
Expand Down Expand Up @@ -167,6 +168,7 @@ func NewCache(cfg Config) (*cache.Cache, error) {
AppSession: cfg.AppSession,
Apps: cfg.Apps,
ClusterConfig: cfg.ClusterConfig,
AutoUpdateService: cfg.AutoUpdateService,
CrownJewels: cfg.CrownJewels,
DatabaseObjects: cfg.DatabaseObjects,
DatabaseServices: cfg.DatabaseServices,
Expand Down
13 changes: 13 additions & 0 deletions lib/auth/authclient/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ import (

"github.com/gravitational/teleport/api/client/proto"
accessmonitoringrules "github.com/gravitational/teleport/api/gen/proto/go/teleport/accessmonitoringrules/v1"
"github.com/gravitational/teleport/api/gen/proto/go/teleport/autoupdate/v1"
clusterconfigpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/clusterconfig/v1"
crownjewelv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/crownjewel/v1"
integrationpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/integration/v1"
Expand Down Expand Up @@ -306,6 +307,12 @@ type ReadProxyAccessPoint interface {

// GetUserGroup returns the specified user group resources.
GetUserGroup(ctx context.Context, name string) (types.UserGroup, error)

// GetAutoUpdateConfig gets the autoupdate config from the backend.
GetAutoUpdateConfig(ctx context.Context) (*autoupdate.AutoUpdateConfig, error)

// GetAutoUpdateVersion gets the autoupdate version from the backend.
GetAutoUpdateVersion(ctx context.Context) (*autoupdate.AutoUpdateVersion, error)
}

// SnowflakeSessionWatcher is watcher interface used by Snowflake web session watcher.
Expand Down Expand Up @@ -1176,6 +1183,12 @@ type Cache interface {
// DatabaseObjectsGetter defines methods for fetching database objects.
services.DatabaseObjectsGetter

// GetAutoUpdateConfig gets the autoupdate config from the backend.
GetAutoUpdateConfig(ctx context.Context) (*autoupdate.AutoUpdateConfig, error)

// GetAutoUpdateVersion gets the autoupdate version from the backend.
GetAutoUpdateVersion(ctx context.Context) (*autoupdate.AutoUpdateVersion, error)

// GetAccessGraphSettings returns the access graph settings.
GetAccessGraphSettings(context.Context) (*clusterconfigpb.AccessGraphSettings, error)

Expand Down
5 changes: 5 additions & 0 deletions lib/auth/authclient/clt.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ import (
"github.com/gravitational/teleport/api/client/secreport"
apidefaults "github.com/gravitational/teleport/api/defaults"
accessgraphsecretsv1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/accessgraph/v1"
autoupdatev1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/autoupdate/v1"
clusterconfigpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/clusterconfig/v1"
dbobjectimportrulev1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/dbobjectimportrule/v1"
devicepb "github.com/gravitational/teleport/api/gen/proto/go/teleport/devicetrust/v1"
Expand Down Expand Up @@ -1570,6 +1571,7 @@ type ClientI interface {
WebService
services.Status
services.ClusterConfiguration
services.AutoUpdateServiceGetter
services.SessionTrackerService
services.ConnectionsDiagnostic
services.SAMLIdPSession
Expand Down Expand Up @@ -1822,6 +1824,9 @@ type ClientI interface {
// will return "not implemented" errors (as per the default gRPC behavior).
StaticHostUserClient() services.StaticHostUser

// AutoUpdateServiceClient returns a AutoUpdate service client.
AutoUpdateServiceClient() autoupdatev1pb.AutoUpdateServiceClient

// CloneHTTPClient creates a new HTTP client with the same configuration.
CloneHTTPClient(params ...roundtrip.ClientParam) (*HTTPClient, error)

Expand Down
46 changes: 23 additions & 23 deletions lib/auth/autoupdate/autoupdatev1/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,24 +32,24 @@ import (

// Cache defines only read-only service methods.
type Cache interface {
// GetAutoUpdateConfig gets the autoupdate configuration from the backend.
// GetAutoUpdateConfig gets the AutoUpdateConfig from the backend.
GetAutoUpdateConfig(ctx context.Context) (*autoupdate.AutoUpdateConfig, error)

// GetAutoUpdateVersion gets the autoupdate version from the backend.
// GetAutoUpdateVersion gets the AutoUpdateVersion from the backend.
GetAutoUpdateVersion(ctx context.Context) (*autoupdate.AutoUpdateVersion, error)
}

// ServiceConfig holds configuration options for the autoupdate gRPC service.
// ServiceConfig holds configuration options for the auto update gRPC service.
type ServiceConfig struct {
// Authorizer is the authorizer used to check access to resources.
Authorizer authz.Authorizer
// Backend is the backend used to store autoupdate resources.
// Backend is the backend used to store AutoUpdate resources.
Backend services.AutoUpdateService
// Cache is the cache used to store autoupdate resources.
// Cache is the cache used to store AutoUpdate resources.
Cache Cache
}

// Service implements the gRPC API layer for the Autoupdate.
// Service implements the gRPC API layer for the AutoUpdate.
type Service struct {
autoupdate.UnimplementedAutoUpdateServiceServer

Expand All @@ -58,7 +58,7 @@ type Service struct {
cache Cache
}

// NewService returns a new Autoupdate API service using the given storage layer and authorizer.
// NewService returns a new AutoUpdate API service using the given storage layer and authorizer.
func NewService(cfg ServiceConfig) (*Service, error) {
switch {
case cfg.Backend == nil:
Expand All @@ -75,7 +75,7 @@ func NewService(cfg ServiceConfig) (*Service, error) {
}, nil
}

// GetAutoUpdateConfig gets the current autoupdate config singleton.
// GetAutoUpdateConfig gets the current AutoUpdateConfig singleton.
func (s *Service) GetAutoUpdateConfig(ctx context.Context, req *autoupdate.GetAutoUpdateConfigRequest) (*autoupdate.AutoUpdateConfig, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -94,7 +94,7 @@ func (s *Service) GetAutoUpdateConfig(ctx context.Context, req *autoupdate.GetAu
return config, nil
}

// CreateAutoUpdateConfig creates autoupdate config singleton.
// CreateAutoUpdateConfig creates AutoUpdateConfig singleton.
func (s *Service) CreateAutoUpdateConfig(ctx context.Context, req *autoupdate.CreateAutoUpdateConfigRequest) (*autoupdate.AutoUpdateConfig, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -113,7 +113,7 @@ func (s *Service) CreateAutoUpdateConfig(ctx context.Context, req *autoupdate.Cr
return config, trace.Wrap(err)
}

// UpdateAutoUpdateConfig updates autoupdate config singleton.
// UpdateAutoUpdateConfig updates AutoUpdateConfig singleton.
func (s *Service) UpdateAutoUpdateConfig(ctx context.Context, req *autoupdate.UpdateAutoUpdateConfigRequest) (*autoupdate.AutoUpdateConfig, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -132,7 +132,7 @@ func (s *Service) UpdateAutoUpdateConfig(ctx context.Context, req *autoupdate.Up
return config, trace.Wrap(err)
}

// UpsertAutoUpdateConfig updates or creates autoupdate config singleton.
// UpsertAutoUpdateConfig updates or creates AutoUpdateConfig singleton.
func (s *Service) UpsertAutoUpdateConfig(ctx context.Context, req *autoupdate.UpsertAutoUpdateConfigRequest) (*autoupdate.AutoUpdateConfig, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -151,7 +151,7 @@ func (s *Service) UpsertAutoUpdateConfig(ctx context.Context, req *autoupdate.Up
return config, trace.Wrap(err)
}

// DeleteAutoUpdateConfig deletes autoupdate config singleton.
// DeleteAutoUpdateConfig deletes AutoUpdateConfig singleton.
func (s *Service) DeleteAutoUpdateConfig(ctx context.Context, req *autoupdate.DeleteAutoUpdateConfigRequest) (*emptypb.Empty, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -172,7 +172,7 @@ func (s *Service) DeleteAutoUpdateConfig(ctx context.Context, req *autoupdate.De
return &emptypb.Empty{}, nil
}

// GetAutoUpdateVersion gets the current autoupdate version singleton.
// GetAutoUpdateVersion gets the current AutoUpdateVersion singleton.
func (s *Service) GetAutoUpdateVersion(ctx context.Context, req *autoupdate.GetAutoUpdateVersionRequest) (*autoupdate.AutoUpdateVersion, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -191,7 +191,7 @@ func (s *Service) GetAutoUpdateVersion(ctx context.Context, req *autoupdate.GetA
return version, nil
}

// CreateAutoUpdateVersion creates autoupdate version singleton.
// CreateAutoUpdateVersion creates AutoUpdateVersion singleton.
func (s *Service) CreateAutoUpdateVersion(ctx context.Context, req *autoupdate.CreateAutoUpdateVersionRequest) (*autoupdate.AutoUpdateVersion, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -206,11 +206,11 @@ func (s *Service) CreateAutoUpdateVersion(ctx context.Context, req *autoupdate.C
return nil, trace.Wrap(err)
}

autoupdateVersion, err := s.backend.CreateAutoUpdateVersion(ctx, req.Version)
return autoupdateVersion, trace.Wrap(err)
autoUpdateVersion, err := s.backend.CreateAutoUpdateVersion(ctx, req.Version)
return autoUpdateVersion, trace.Wrap(err)
}

// UpdateAutoUpdateVersion updates autoupdate version singleton.
// UpdateAutoUpdateVersion updates AutoUpdateVersion singleton.
func (s *Service) UpdateAutoUpdateVersion(ctx context.Context, req *autoupdate.UpdateAutoUpdateVersionRequest) (*autoupdate.AutoUpdateVersion, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -225,11 +225,11 @@ func (s *Service) UpdateAutoUpdateVersion(ctx context.Context, req *autoupdate.U
return nil, trace.Wrap(err)
}

autoupdateVersion, err := s.backend.UpdateAutoUpdateVersion(ctx, req.Version)
return autoupdateVersion, trace.Wrap(err)
autoUpdateVersion, err := s.backend.UpdateAutoUpdateVersion(ctx, req.Version)
return autoUpdateVersion, trace.Wrap(err)
}

// UpsertAutoUpdateVersion updates or creates autoupdate version singleton.
// UpsertAutoUpdateVersion updates or creates AutoUpdateVersion singleton.
func (s *Service) UpsertAutoUpdateVersion(ctx context.Context, req *autoupdate.UpsertAutoUpdateVersionRequest) (*autoupdate.AutoUpdateVersion, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -244,11 +244,11 @@ func (s *Service) UpsertAutoUpdateVersion(ctx context.Context, req *autoupdate.U
return nil, trace.Wrap(err)
}

autoupdateVersion, err := s.backend.UpsertAutoUpdateVersion(ctx, req.Version)
return autoupdateVersion, trace.Wrap(err)
autoUpdateVersion, err := s.backend.UpsertAutoUpdateVersion(ctx, req.Version)
return autoUpdateVersion, trace.Wrap(err)
}

// DeleteAutoUpdateVersion deletes autoupdate version singleton.
// DeleteAutoUpdateVersion deletes AutoUpdateVersion singleton.
func (s *Service) DeleteAutoUpdateVersion(ctx context.Context, req *autoupdate.DeleteAutoUpdateVersionRequest) (*emptypb.Empty, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand Down
2 changes: 1 addition & 1 deletion lib/auth/grpcserver.go
Original file line number Diff line number Diff line change
Expand Up @@ -5440,7 +5440,7 @@ func NewGRPCServer(cfg GRPCServerConfig) (*GRPCServer, error) {
autoUpdateServiceServer, err := autoupdatev1.NewService(autoupdatev1.ServiceConfig{
Authorizer: cfg.Authorizer,
Backend: cfg.AuthServer.Services,
Cache: cfg.AuthServer.Services,
Cache: cfg.AuthServer.Cache,
})
if err != nil {
return nil, trace.Wrap(err)
Expand Down
1 change: 1 addition & 0 deletions lib/auth/helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -324,6 +324,7 @@ func NewTestAuthServer(cfg TestAuthServerConfig) (*TestAuthServer, error) {
AppSession: svces.Identity,
Apps: svces.Apps,
ClusterConfig: svces.ClusterConfiguration,
AutoUpdateService: svces.AutoUpdateService,
CrownJewels: svces.CrownJewels,
DatabaseObjects: svces.DatabaseObjects,
DatabaseServices: svces.DatabaseServices,
Expand Down
2 changes: 2 additions & 0 deletions lib/authz/permissions.go
Original file line number Diff line number Diff line change
Expand Up @@ -913,6 +913,8 @@ func roleSpecForProxy(clusterName string) types.RoleSpecV6 {
types.NewRule(types.KindSAMLIdPServiceProvider, services.RO()),
types.NewRule(types.KindUserGroup, services.RO()),
types.NewRule(types.KindClusterMaintenanceConfig, services.RO()),
types.NewRule(types.KindAutoUpdateConfig, services.RO()),
types.NewRule(types.KindAutoUpdateVersion, services.RO()),
rosstimothy marked this conversation as resolved.
Show resolved Hide resolved
types.NewRule(types.KindIntegration, append(services.RO(), types.VerbUse)),
types.NewRule(types.KindAuditQuery, services.RO()),
types.NewRule(types.KindSecurityReport, services.RO()),
Expand Down
Loading
Loading