servers

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 20, 2022 License: MPL-2.0 Imports: 36 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	NoncePurposeRecovery   = "recovery"
	NoncePurposeWorkerAuth = "worker-auth"
)
View Source 
const (
	// DefaultLiveness is the setting that controls the server "liveness" time,
	// or the maximum allowable time that a worker can't send a status update to
	// the controller for. After this, the server is considered dead, and it will
	// be taken out of the rotation for allowable workers for connections, and
	// connections will possibly start to be terminated and marked as closed
	// depending on the grace period setting (see
	// base.Server.StatusGracePeriodDuration). This value serves as the default
	// and minimum allowable setting for the grace period.
	DefaultLiveness = 15 * time.Second
)
View Source 
const (
	WorkerPrefix = "w"
)

PublicId prefixes for the resources in the servers package.

Variables

View Source 
var File_controller_servers_v1_servers_proto protoreflect.FileDescriptor

Functions

func AttachWorkerIdToState added in v0.9.0 

func AttachWorkerIdToState(ctx context.Context, workerId string) (*structpb.Struct, error)

AttachWorkerIdToState accepts a workerId and creates a struct for use with the Nodeenrollment lib This is intended for use in worker authorization; AuthorizeNode in the lib accepts the option WithState so that the workerId is passed through to storage and associated with a WorkerAuth record

func RotateRoots added in v0.9.0 

func RotateRoots(ctx context.Context, workerAuthRepo *WorkerAuthRepositoryStorage, opt ...nodeenrollment.Option) error

RotateRoots is a domain service function that initiates a rotation of root certificates via a call to the nodenenrollment RotateRootCertificates function Accepts the nodeenrollment option, WithCertificateLifetime(time.Duration) to specify the lifetime of the generated cert(s)

func StoreNodeInformationTx added in v0.9.0 

func StoreNodeInformationTx(ctx context.Context, writer db.Writer, databaseWrapper wrapping.Wrapper, node *types.NodeInformation, _ ...Option) error

StoreNodeInformationTx stores NodeInformation. No options are currently supported.

This function encapsulates all the work required within a dbw.TxHandler and allows this capability to be shared with other repositories or just called within a transaction. To be clear, this repository function doesn't include its own transaction and is intended to be used within a transaction provided by the caller.

Node information is stored in two parts: * the workerAuth record is stored with a reference to a worker * certificate bundles are stored with a reference to the workerAuth record and issuing root certificate

func TestKmsKey added in v0.9.0 

func TestKmsKey(ctx context.Context, t *testing.T, conn *db.DB, wrapper wrapping.Wrapper) string

Types

type CertificateAuthority added in v0.9.0 

type CertificateAuthority struct {
	*store.CertificateAuthority
	// contains filtered or unexported fields
}

CertificateAuthority is a versioned entity used to lock the database when rotation RootCertificates

func (*CertificateAuthority) SetTableName added in v0.9.0 

func (r *CertificateAuthority) SetTableName(n string)

SetTableName sets the table name.

func (*CertificateAuthority) TableName added in v0.9.0 

func (r *CertificateAuthority) TableName() string

TableName returns the table name.

type CertificateState added in v0.9.0 

type CertificateState string

CertificateState defines the possible states for a workerauth certificate 

const (
	UnknownState CertificateState = "unknown"
	CurrentState CertificateState = "current"
	NextState    CertificateState = "next"
)

type Nonce added in v0.7.0 

type Nonce struct {
	Nonce   string
	Purpose string
}

func (*Nonce) TableName added in v0.7.0 

func (n *Nonce) TableName() string

TableName returns the table name.

type Option 

type Option func(*options)

Option - how Options are passed as arguments

func WithAddress added in v0.9.0 

func WithAddress(address string) Option

WithAddress provides an optional address.

func WithControllerEncryptionPrivateKey added in v0.9.0 

func WithControllerEncryptionPrivateKey(controllerKey []byte) Option

func WithDescription added in v0.9.0 

func WithDescription(desc string) Option

WithDescription provides an optional description.

func WithFetchNodeCredentialsRequest added in v0.9.0 

func WithFetchNodeCredentialsRequest(req *types.FetchNodeCredentialsRequest) Option

WithFetchNodeCredentialsRequest allows an optional FetchNodeCredentialsRequest to be specified.

func WithKeyId added in v0.9.0 

func WithKeyId(keyId string) Option

func WithLimit 

func WithLimit(limit int) Option

WithLimit provides an option to provide a limit. Intentionally allowing negative integers. If WithLimit < 0, then unlimited results are returned. If WithLimit == 0, then default limits are used for results.

func WithLiveness 

func WithLiveness(liveness time.Duration) Option

WithLiveness indicates how far back we want to search for server entries. Use 0 for the default liveness (15 seconds). A liveness value of -1 removes the liveliness condition.

func WithName added in v0.9.0 

func WithName(name string) Option

WithName provides an optional name.

func WithNewIdFunc added in v0.9.0 

func WithNewIdFunc(fn func(context.Context) (string, error)) Option

WithNewIdFunc allows an optional factory function for new worker IDs to be specified (this option is likely only useful for tests).

func WithNonce added in v0.9.0 

func WithNonce(nonce []byte) Option

func WithPublicId added in v0.9.0 

func WithPublicId(id string) Option

WithPublicId provides an optional public Id used for skipping one db call.

func WithTestPkiWorkerAuthorizedKeyId added in v0.9.0 

func WithTestPkiWorkerAuthorizedKeyId(id *string) Option

WithTestPkiWorkerAuthorizedKeyId should only be used in tests. It specifies that the test worker should be authorized when returned and assigns the key id for that worker to the string pointer in this option.

func WithUpdateTags added in v0.1.5 

func WithUpdateTags(updateTags bool) Option

WithUpdateTags indicates that we should perform tag updates in the DB. This would happen on first sync from a worker after startup or (eventually, perhaps), after a SIGHUP.

func WithWorkerKeyIdentifier added in v0.9.0 

func WithWorkerKeyIdentifier(workerKeyIdentifier string) Option

func WithWorkerKeys added in v0.9.0 

func WithWorkerKeys(workerKeys WorkerKeys) Option

func WithWorkerTags added in v0.9.0 

func WithWorkerTags(tags ...*Tag) Option

WithWorkerTags provides worker tags.

type Repository 

type Repository struct {
	// contains filtered or unexported fields
}

Repository is the servers database repository

func NewRepository 

func NewRepository(r db.Reader, w db.Writer, kms *kms.Kms, opt ...Option) (*Repository, error)

NewRepository creates a new servers Repository. Supports the options: WithLimit which sets a default limit on results returned by repo operations.

func (*Repository) AddNonce added in v0.7.0 

func (r *Repository) AddNonce(ctx context.Context, nonce, purpose string, opt ...Option) error

AddNonce adds a nonce

func (*Repository) CleanupNonces 

func (r *Repository) CleanupNonces(ctx context.Context, opt ...Option) (int, error)

CleanupNonces removes nonces that no longer need to be stored

func (*Repository) CreateWorker added in v0.9.0 

func (r *Repository) CreateWorker(ctx context.Context, worker *Worker, opt ...Option) (*Worker, error)

CreateWorker will create a worker in the repository and return the written worker. Creating a worker is not intentionally oplogged. A worker's ReportedStatus and Tags are intentionally ignored when creating a worker (not included). Currently, a worker can only be created in the global scope

Options supported: WithFetchNodeCredentialsRequest and WithNewIdFunc (this option is likely only useful for tests)

func (*Repository) DeleteWorker added in v0.9.0 

func (r *Repository) DeleteWorker(ctx context.Context, publicId string, _ ...Option) (int, error)

DeleteWorker will delete a worker from the repository.

func (*Repository) ListControllers added in v0.9.0 

func (r *Repository) ListControllers(ctx context.Context, opt ...Option) ([]*store.Controller, error)

func (*Repository) ListNonces 

func (r *Repository) ListNonces(ctx context.Context, purpose string, opt ...Option) ([]*Nonce, error)

ListNonces lists nonces. Used only for tests at the moment.

func (*Repository) ListWorkers added in v0.9.0 

func (r *Repository) ListWorkers(ctx context.Context, scopeIds []string, opt ...Option) ([]*Worker, error)

ListWorkers will return a listing of Workers and honor the WithLimit option. If WithLiveness is zero the default liveness value is used, if it is negative then the last status update time is ignored. If WithLimit < 0, then unlimited results are returned. If WithLimit == 0, then default limits are used for results.

func (*Repository) LookupWorker added in v0.9.0 

func (r *Repository) LookupWorker(ctx context.Context, publicId string, _ ...Option) (*Worker, error)

LookupWorker returns the worker for the provided publicId. This returns nil nil in the situation where no worker can be found with that public id.

func (*Repository) LookupWorkerByName added in v0.9.0 

func (r *Repository) LookupWorkerByName(ctx context.Context, name string) (*Worker, error)

LookupWorkerByName returns the worker with the provided name. In the event that no worker is found that matches then nil, nil will be returned.

func (*Repository) LookupWorkerIdByKeyId added in v0.9.0 

func (r *Repository) LookupWorkerIdByKeyId(ctx context.Context, keyId string) (string, error)

func (*Repository) UpdateWorker added in v0.9.0 

func (r *Repository) UpdateWorker(ctx context.Context, worker *Worker, version uint32, fieldMaskPaths []string, opt ...Option) (*Worker, int, error)

UpdateWorker will update a worker in the repository and return the resulting worker. fieldMaskPaths provides field_mask.proto paths for fields that should be updated. Fields will be set to NULL if the field is a zero value and included in fieldMask. Name, Description, and Address are the only updatable fields, if no updatable fields are included in the fieldMaskPaths, then an error is returned. If any paths besides those listed above are included in the path then an error is returned.

func (*Repository) UpsertController added in v0.9.0 

func (r *Repository) UpsertController(ctx context.Context, controller *store.Controller) (int, error)

func (*Repository) UpsertWorkerStatus added in v0.9.0 

func (r *Repository) UpsertWorkerStatus(ctx context.Context, worker *Worker, opt ...Option) (*Worker, error)

UpsertWorkerStatus will update the address and last status time for a worker. If the worker is a kms worker that hasn't been seen yet, it'll attempt to create a new one, but will return an error if another worker (kms or other) has the same name. This returns the Worker object with the changes applied. The WithPublicId, WithKeyId, and WithUpdateTags options are the only ones used. All others are ignored. Workers are intentionally not oplogged.

type RootCertificate added in v0.9.0 

type RootCertificate struct {
	*store.RootCertificate
	// contains filtered or unexported fields
}

RootCertificate contains fields related to a RootCertificate resource This includes public/ private keys, the PEM encoded certificate, and the certificate validity period

func TestRootCertificate added in v0.9.0 

func TestRootCertificate(ctx context.Context, t *testing.T, conn *db.DB, kmsKey string) *RootCertificate

func (*RootCertificate) SetTableName added in v0.9.0 

func (r *RootCertificate) SetTableName(n string)

SetTableName sets the table name.

func (*RootCertificate) TableName added in v0.9.0 

func (r *RootCertificate) TableName() string

TableName returns the table name.

func (*RootCertificate) ValidateNewRootCertificate added in v0.9.0 

func (r *RootCertificate) ValidateNewRootCertificate(ctx context.Context) error

Validate the RootCertificate. On success, return nil

type RootCertificateKeys added in v0.9.0 

type RootCertificateKeys struct {
	// contains filtered or unexported fields
}

RootCertificateKeys contains the public and private keys for use in constructing a RootCertificate

type ServerWorkerStatus added in v0.9.0 

type ServerWorkerStatus struct {

	// Id of the worker.
	PublicId string `protobuf:"bytes,10,opt,name=public_id,json=publicId,proto3" json:"public_id,omitempty" class:"public"` // @gotags: `class:"public"`
	// Name of the resource (optional)
	Name string `protobuf:"bytes,20,opt,name=name,proto3" json:"name,omitempty" class:"public"` // @gotags: `class:"public"`
	// Description of the resource (optional)
	Description string `protobuf:"bytes,25,opt,name=description,proto3" json:"description,omitempty" class:"public"` // @gotags: `class:"public"`
	// Address for the worker. This must be set.
	Address string `protobuf:"bytes,30,opt,name=address,proto3" json:"address,omitempty" class:"public"` // @gotags: `class:"public"`
	// Tags for workers
	Tags []*TagPair `protobuf:"bytes,40,rep,name=tags,proto3" json:"tags,omitempty"`
	// The key id for this worker, if applicable (optional)
	KeyId string `protobuf:"bytes,50,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty" class:"public"` // @gotags: `class:"public"`
	// contains filtered or unexported fields
}

ServerWorkerStatus is the new message used in place of Server to relay status request info.

func (*ServerWorkerStatus) Descriptor deprecated added in v0.9.0 

func (*ServerWorkerStatus) Descriptor() ([]byte, []int)

Deprecated: Use ServerWorkerStatus.ProtoReflect.Descriptor instead.

func (*ServerWorkerStatus) GetAddress added in v0.9.0 

func (x *ServerWorkerStatus) GetAddress() string

func (*ServerWorkerStatus) GetDescription added in v0.9.0 

func (x *ServerWorkerStatus) GetDescription() string

func (*ServerWorkerStatus) GetKeyId added in v0.9.0 

func (x *ServerWorkerStatus) GetKeyId() string

func (*ServerWorkerStatus) GetName added in v0.9.0 

func (x *ServerWorkerStatus) GetName() string

func (*ServerWorkerStatus) GetPublicId added in v0.9.0 

func (x *ServerWorkerStatus) GetPublicId() string

func (*ServerWorkerStatus) GetTags added in v0.9.0 

func (x *ServerWorkerStatus) GetTags() []*TagPair

func (*ServerWorkerStatus) ProtoMessage added in v0.9.0 

func (*ServerWorkerStatus) ProtoMessage()

func (*ServerWorkerStatus) ProtoReflect added in v0.9.0 

func (x *ServerWorkerStatus) ProtoReflect() protoreflect.Message

func (*ServerWorkerStatus) Reset added in v0.9.0 

func (x *ServerWorkerStatus) Reset()

func (*ServerWorkerStatus) String added in v0.9.0 

func (x *ServerWorkerStatus) String() string

type Tag added in v0.9.0 

type Tag struct {
	Key   string
	Value string
}

A Tag is a custom key/value pair which can be attached to a Worker. Multiple Tags may contain the same key and different values in which case both key/value pairs are valid. Tags can be sourced from either the worker's configuration or the api. key/value pairs can be the same from different sources.

type TagPair added in v0.9.0 

type TagPair struct {
	Key   string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty" class:"public"`     // @gotags: `class:"public"`
	Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty" class:"public"` // @gotags: `class:"public"`
	// contains filtered or unexported fields
}

TagPair matches a key to a value.

func (*TagPair) Descriptor deprecated added in v0.9.0 

func (*TagPair) Descriptor() ([]byte, []int)

Deprecated: Use TagPair.ProtoReflect.Descriptor instead.

func (*TagPair) GetKey added in v0.9.0 

func (x *TagPair) GetKey() string

func (*TagPair) GetValue added in v0.9.0 

func (x *TagPair) GetValue() string

func (*TagPair) ProtoMessage added in v0.9.0 

func (*TagPair) ProtoMessage()

func (*TagPair) ProtoReflect added in v0.9.0 

func (x *TagPair) ProtoReflect() protoreflect.Message

func (*TagPair) Reset added in v0.9.0 

func (x *TagPair) Reset()

func (*TagPair) String added in v0.9.0 

func (x *TagPair) String() string

type TagSource added in v0.9.0 

type TagSource string
const (
	ConfigurationTagSource TagSource = "configuration"
	ApiTagSource           TagSource = "api"
)

func (TagSource) String added in v0.9.0 

func (t TagSource) String() string

type Worker added in v0.9.0 

type Worker struct {
	*store.Worker
	// contains filtered or unexported fields
}

A Worker is a server that provides an address which can be used to proxy session connections. It can be tagged with custom tags and is used when authorizing and establishing a session. It is owned by a scope.

func NewWorker added in v0.9.0 

func NewWorker(scopeId string, opt ...Option) *Worker

NewWorker returns a new Worker. Valid options are WithName, WithDescription WithAddress, and WithWorkerTags. All other options are ignored. This does not set any of the worker reported values.

func TestKmsWorker added in v0.9.0 

func TestKmsWorker(t *testing.T, conn *db.DB, wrapper wrapping.Wrapper, opt ...Option) *Worker

TestKmsWorker inserts a worker into the db to satisfy foreign key constraints. The worker provided fields are auto generated. if WithName is not present a random name will be generated and assigned to the worker.

func TestPkiWorker added in v0.9.0 

func TestPkiWorker(t *testing.T, conn *db.DB, wrapper wrapping.Wrapper, opt ...Option) *Worker

TestPkiWorker inserts a worker into the db to satisfy foreign key constraints. The worker provided fields are auto generated. WithName and WithDescription, are applied to the resource name, description if present. WithTestPkiWorkerAuthorizedKeyId can be used to make the PkiWorker authorized in which case the string pointer passed to WithTestPkiWorkerAuthorizedKeyId is set to the key id.

func (*Worker) ActiveConnectionCount added in v0.9.0 

func (w *Worker) ActiveConnectionCount() uint32

ActiveConnectionCount is the current number of sessions this worker is handling according to the controllers.

func (*Worker) CanonicalTags added in v0.9.0 

func (w *Worker) CanonicalTags() map[string][]string

CanonicalTags is the deduplicated set of tags contained on both the resource set over the API as well as the tags reported by the worker itself.

func (*Worker) GetConfigTags added in v0.9.0 

func (w *Worker) GetConfigTags() map[string][]string

GetConfigTags returns the tags for this worker which has been set through the worker daemon's configuration file.

func (*Worker) GetLastStatusTime added in v0.9.0 

func (w *Worker) GetLastStatusTime() *timestamp.Timestamp

GetLastStatusTime contains the last time the worker has reported to the controller its connection status. If the worker has never reported to a controller then nil is returned.

func (Worker) TableName added in v0.9.0 

func (Worker) TableName() string

TableName overrides the table name used by Worker to `server_worker`

type WorkerAuth added in v0.9.0 

type WorkerAuth struct {
	*store.WorkerAuth
	// contains filtered or unexported fields
}

WorkerAuth contains all fields related to an authorized Worker resource This includes worker public keys, the controller encryption key, and certificate bundles issued by the Boundary CA

func TestWorkerAuth added in v0.9.0 

func TestWorkerAuth(t *testing.T, conn *db.DB, worker *Worker, kmsKey string) *WorkerAuth

func (*WorkerAuth) SetTableName added in v0.9.0 

func (w *WorkerAuth) SetTableName(n string)

SetTableName sets the table name.

func (*WorkerAuth) TableName added in v0.9.0 

func (w *WorkerAuth) TableName() string

TableName returns the table name.

func (*WorkerAuth) ValidateNewWorkerAuth added in v0.9.0 

func (w *WorkerAuth) ValidateNewWorkerAuth(ctx context.Context) error

Validate is called before storing a WorkerAuth in the db

type WorkerAuthRepositoryStorage added in v0.9.0 

type WorkerAuthRepositoryStorage struct {
	// contains filtered or unexported fields
}

WorkerAuthRepositoryStorage is the Worker Auth database repository

func NewRepositoryStorage added in v0.9.0 

func NewRepositoryStorage(ctx context.Context, r db.Reader, w db.Writer, kms *kms.Kms) (*WorkerAuthRepositoryStorage, error)

NewRepositoryStorage creates a new WorkerAuthRepositoryStorage that implements the Storage interface

func (*WorkerAuthRepositoryStorage) List added in v0.9.0 

func (r *WorkerAuthRepositoryStorage) List(ctx context.Context, msg proto.Message) ([]string, error)

List implements the Storage interface. List returns a list of IDs; the type of the message is used to disambiguate what to list.

func (*WorkerAuthRepositoryStorage) Load added in v0.9.0 

func (r *WorkerAuthRepositoryStorage) Load(ctx context.Context, msg nodee.MessageWithId) error

Load implements the Storage interface. Load loads values into the given message. The message must be populated with the ID value. If not found, the returned error should be ErrNotFound.

func (*WorkerAuthRepositoryStorage) Remove added in v0.9.0 

func (r *WorkerAuthRepositoryStorage) Remove(ctx context.Context, msg nodee.MessageWithId) error

Remove implements the Storage interface. Remove removes the given message. Only the ID field of the message is considered.

func (*WorkerAuthRepositoryStorage) Store added in v0.9.0 

func (r *WorkerAuthRepositoryStorage) Store(ctx context.Context, msg nodee.MessageWithId) error

Store implements the Storage interface

type WorkerCertBundle added in v0.9.0 

type WorkerCertBundle struct {
	*store.WorkerCertBundle
	// contains filtered or unexported fields
}

WorkerCertBundle contains all fields related to a WorkerCertBundle resource This includes the serial number of the issuing CA, the worker id, and the certificate bundles issued by the CA

func (*WorkerCertBundle) SetTableName added in v0.9.0 

func (w *WorkerCertBundle) SetTableName(n string)

SetTableName sets the table name.

func (*WorkerCertBundle) TableName added in v0.9.0 

func (w *WorkerCertBundle) TableName() string

TableName returns the table name.

func (*WorkerCertBundle) ValidateNewWorkerCertBundle added in v0.9.0 

func (w *WorkerCertBundle) ValidateNewWorkerCertBundle(ctx context.Context) error

Validate is called before storing a WorkerCertBundle in the db

type WorkerKeys added in v0.9.0 

type WorkerKeys struct {
	// contains filtered or unexported fields
}

WorkerKeys contain the signing and encryption keys for a WorkerAuth resource

type WorkerType added in v0.9.0 

type WorkerType string
const (
	UnknownWorkerType WorkerType = "unknown"
	KmsWorkerType     WorkerType = "kms"
	PkiWorkerType     WorkerType = "pki"
)

func (WorkerType) String added in v0.9.0 

func (t WorkerType) String() string

func (WorkerType) Valid added in v0.9.0 

func (t WorkerType) Valid() bool

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.