Updated ClusterConfig to V3.

2024-10-21 17:53:28 +00:00 · 2017-10-26 12:34:51 -07:00 · 2017-10-26 12:34:51 -07:00 · 4765e32473
parent 432a7ad787
commit 4765e32473
6 changed files with 26 additions and 27 deletions
--- a/integration/helpers.go
+++ b/integration/helpers.go
@ -253,7 +253,7 @@ func (i *TeleInstance) CreateEx(trustedSecrets []*InstanceSecrets, tconf *servic
 		tconf = service.MakeDefaultConfig()
 	}
 	tconf.DataDir = dataDir
-	tconf.Auth.ClusterConfig, err = services.NewClusterConfig(services.ClusterConfigSpecV2{
+	tconf.Auth.ClusterConfig, err = services.NewClusterConfig(services.ClusterConfigSpecV3{
 		SessionRecording: services.RecordAtNode,
 	})
 	if err != nil {
--- a/lib/auth/permissions.go
+++ b/lib/auth/permissions.go
@ -207,7 +207,6 @@ func GetCheckerForBuiltinRole(role teleport.Role) (services.AccessChecker, error
 						services.NewRule(services.KindClusterName, services.RO()),
 						services.NewRule(services.KindStaticTokens, services.RO()),
 						services.NewRule(services.KindTunnelConnection, services.RW()),
-						services.NewRule(services.KindHostCert, services.RW()),
 					},
 				},
 			})
--- a/lib/config/fileconf.go
+++ b/lib/config/fileconf.go
@ -624,7 +624,7 @@ type SessionRecording string

 // Parse reads session_recording and creates a services.ClusterConfig.
 func (s SessionRecording) Parse() (services.ClusterConfig, error) {
-	return services.NewClusterConfig(services.ClusterConfigSpecV2{
+	return services.NewClusterConfig(services.ClusterConfigSpecV3{
 		SessionRecording: services.RecordingType(s),
 	})
 }
--- a/lib/events/doc.go
+++ b/lib/events/doc.go
@ -14,8 +14,6 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */

-package events
-
 /*
 Package events currently implements the audit log using a simple filesystem backend.
 "Implements" means it implements events.IAuditLog interface (see events/api.go)
@ -48,3 +46,4 @@ Examples:
 2016-04-25 22:37:29 +0000 UTC,session.start,{"addr.local":"127.0.0.1:3022","addr.remote":"127.0.0.1:35732","login":"root","sid":"4a9d97de-0b36-11e6-a0b3-d8cb8ae5080e","user":"vincent"}
 2016-04-25 22:54:31 +0000 UTC,exec,{"addr.local":"127.0.0.1:3022","addr.remote":"127.0.0.1:35949","command":"-bash -c ls /","login":"root","user":"vincent"}
 */
+package events
--- a/lib/services/clusterconfig.go
+++ b/lib/services/clusterconfig.go
@ -19,6 +19,7 @@ package services
 import (
 	"encoding/json"
 	"fmt"
+	"strings"
 	"time"

 	"github.com/gravitational/teleport/lib/defaults"
@ -45,10 +46,10 @@ type ClusterConfig interface {
 }

 // NewClusterConfig is a convenience wrapper to create a ClusterConfig resource.
-func NewClusterConfig(spec ClusterConfigSpecV2) (ClusterConfig, error) {
-	cc := ClusterConfigV2{
+func NewClusterConfig(spec ClusterConfigSpecV3) (ClusterConfig, error) {
+	cc := ClusterConfigV3{
 		Kind:    KindClusterConfig,
-		Version: V2,
+		Version: V3,
 		Metadata: Metadata{
 			Name:      MetaNameClusterConfig,
 			Namespace: defaults.Namespace,
@ -62,8 +63,8 @@ func NewClusterConfig(spec ClusterConfigSpecV2) (ClusterConfig, error) {
 	return &cc, nil
 }

-// ClusterConfigV2 implements the ClusterConfig interface.
-type ClusterConfigV2 struct {
+// ClusterConfigV3 implements the ClusterConfig interface.
+type ClusterConfigV3 struct {
 	// Kind is a resource kind - always resource.
 	Kind string `json:"kind"`

@ -74,7 +75,7 @@ type ClusterConfigV2 struct {
 	Metadata Metadata `json:"metadata"`

 	// Spec is the specification of the resource.
-	Spec ClusterConfigSpecV2 `json:"spec"`
+	Spec ClusterConfigSpecV3 `json:"spec"`
 }

 // RecordingType holds where the session will be recorded.
@ -91,54 +92,54 @@ const (
 	RecordOff RecordingType = "off"
 )

-// ClusterConfigSpecV2 is the actual data we care about for ClusterConfig.
-type ClusterConfigSpecV2 struct {
+// ClusterConfigSpecV3 is the actual data we care about for ClusterConfig.
+type ClusterConfigSpecV3 struct {
 	// SessionRecording controls where (or if) the session is recorded.
 	SessionRecording RecordingType `json:"session_recording"`
 }

 // GetName returns the name of the cluster.
-func (c *ClusterConfigV2) GetName() string {
+func (c *ClusterConfigV3) GetName() string {
 	return c.Metadata.Name
 }

 // SetName sets the name of the cluster.
-func (c *ClusterConfigV2) SetName(e string) {
+func (c *ClusterConfigV3) SetName(e string) {
 	c.Metadata.Name = e
 }

 // Expires retuns object expiry setting
-func (c *ClusterConfigV2) Expiry() time.Time {
+func (c *ClusterConfigV3) Expiry() time.Time {
 	return c.Metadata.Expiry()
 }

 // SetExpiry sets expiry time for the object
-func (c *ClusterConfigV2) SetExpiry(expires time.Time) {
+func (c *ClusterConfigV3) SetExpiry(expires time.Time) {
 	c.Metadata.SetExpiry(expires)
 }

 // SetTTL sets Expires header using realtime clock
-func (c *ClusterConfigV2) SetTTL(clock clockwork.Clock, ttl time.Duration) {
+func (c *ClusterConfigV3) SetTTL(clock clockwork.Clock, ttl time.Duration) {
 	c.Metadata.SetTTL(clock, ttl)
 }

 // GetMetadata returns object metadata
-func (c *ClusterConfigV2) GetMetadata() Metadata {
+func (c *ClusterConfigV3) GetMetadata() Metadata {
 	return c.Metadata
 }

 // GetClusterConfig gets the name of the cluster.
-func (c *ClusterConfigV2) GetSessionRecording() RecordingType {
+func (c *ClusterConfigV3) GetSessionRecording() RecordingType {
 	return c.Spec.SessionRecording
 }

 // SetClusterConfig sets the name of the cluster.
-func (c *ClusterConfigV2) SetSessionRecording(s RecordingType) {
+func (c *ClusterConfigV3) SetSessionRecording(s RecordingType) {
 	c.Spec.SessionRecording = s
 }

 // CheckAndSetDefaults checks validity of all parameters and sets defaults.
-func (c *ClusterConfigV2) CheckAndSetDefaults() error {
+func (c *ClusterConfigV3) CheckAndSetDefaults() error {
 	// make sure we have defaults for all metadata fields
 	err := c.Metadata.CheckAndSetDefaults()
 	if err != nil {
@ -153,14 +154,14 @@ func (c *ClusterConfigV2) CheckAndSetDefaults() error {
 	all := []string{string(RecordAtNode), string(RecordAtProxy), string(RecordOff)}
 	ok := utils.SliceContainsStr(all, string(c.Spec.SessionRecording))
 	if !ok {
-		return trace.BadParameter(`session_recording must either be "node", "proxy", or "off".`)
+		return trace.BadParameter("session_recording must either be: %v", strings.Join(all, ","))
 	}

 	return nil
 }

 // String represents a human readable version of the cluster name.
-func (c *ClusterConfigV2) String() string {
+func (c *ClusterConfigV3) String() string {
 	return fmt.Sprintf("ClusterConfig(SessionRecording=%v)", c.Spec.SessionRecording)
 }

@ -215,7 +216,7 @@ type TeleportClusterConfigMarshaler struct{}

 // Unmarshal unmarshals ClusterConfig from JSON.
 func (t *TeleportClusterConfigMarshaler) Unmarshal(bytes []byte) (ClusterConfig, error) {
-	var clusterConfig ClusterConfigV2
+	var clusterConfig ClusterConfigV3

 	if len(bytes) == 0 {
 		return nil, trace.BadParameter("missing resource data")
--- a/lib/services/local/configuration_test.go
+++ b/lib/services/local/configuration_test.go
@ -84,13 +84,13 @@ func (s *ClusterConfigurationSuite) TestCycle(c *check.C) {

 func (s *ClusterConfigurationSuite) TestSessionRecording(c *check.C) {
 	// don't allow invalid session recording values
-	clusterConfig, err := services.NewClusterConfig(services.ClusterConfigSpecV2{
+	clusterConfig, err := services.NewClusterConfig(services.ClusterConfigSpecV3{
 		SessionRecording: "foo",
 	})
 	c.Assert(err, check.NotNil)

 	// default is to record at the node
-	clusterConfig, err = services.NewClusterConfig(services.ClusterConfigSpecV2{})
+	clusterConfig, err = services.NewClusterConfig(services.ClusterConfigSpecV3{})
 	c.Assert(err, check.IsNil)
 	recordingType := clusterConfig.GetSessionRecording()
 	c.Assert(recordingType, check.Equals, services.RecordAtNode)