mirror of
https://github.com/gravitational/teleport
synced 2024-10-21 01:34:01 +00:00
Merge pull request #1408 from gravitational/roman/plugins
Use modules instead of "is enterprise" flag
This commit is contained in:
commit
8619f074ef
10
constants.go
10
constants.go
|
@ -206,13 +206,3 @@ const AdminRoleName = "admin"
|
|||
// DefaultImplicitRole is implicit role that gets added to all service.RoleSet
|
||||
// objects.
|
||||
const DefaultImplicitRole = "default-implicit-role"
|
||||
|
||||
// DistroType allows to declare what kind of distribution of Teleport
|
||||
// is running
|
||||
type DistroType string
|
||||
|
||||
// Possible values for DistroType:
|
||||
const (
|
||||
DistroTypeOSS DistroType = "community"
|
||||
DistroTypeEnterprise DistroType = "enterprise"
|
||||
)
|
||||
|
|
2
e
2
e
|
@ -1 +1 @@
|
|||
Subproject commit a64ce95ec5b19b49fa58db6ff9dfcae790b4163f
|
||||
Subproject commit 8709eb54e0cbe554f49d205daaf62b34395b07f1
|
|
@ -188,7 +188,7 @@ func Init(cfg InitConfig) (*AuthServer, *Identity, error) {
|
|||
log.Infof("[INIT] Created Namespace: %q", defaults.Namespace)
|
||||
|
||||
// always create a default admin role
|
||||
defaultRole := services.NewAdminRole(lib.IsEnterprise())
|
||||
defaultRole := services.NewAdminRole()
|
||||
err = asrv.CreateRole(defaultRole, backend.Forever)
|
||||
if err != nil && !trace.IsAlreadyExists(err) {
|
||||
return nil, nil, trace.Wrap(err)
|
||||
|
|
|
@ -101,7 +101,7 @@ func (s *TunSuite) SetUpTest(c *C) {
|
|||
c.Assert(err, IsNil)
|
||||
|
||||
// create the default role
|
||||
c.Assert(s.a.UpsertRole(services.NewAdminRole(false), backend.Forever), IsNil)
|
||||
c.Assert(s.a.UpsertRole(services.NewAdminRole(), backend.Forever), IsNil)
|
||||
|
||||
// set up host private key and certificate
|
||||
c.Assert(s.a.UpsertCertAuthority(
|
||||
|
|
79
lib/modules/modules.go
Normal file
79
lib/modules/modules.go
Normal file
|
@ -0,0 +1,79 @@
|
|||
/*
|
||||
Copyright 2017 Gravitational, Inc.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
// package modules allows external packages override certain behavioral
|
||||
// aspects of teleport
|
||||
package modules
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"sync"
|
||||
|
||||
"github.com/gravitational/teleport"
|
||||
)
|
||||
|
||||
// Modules defines interface that external libraries can implement customizing
|
||||
// default teleport behavior
|
||||
type Modules interface {
|
||||
// EmptyRoles handler is called when a new trusted cluster with empty roles
|
||||
// is being created
|
||||
EmptyRolesHandler() error
|
||||
// DefaultAllowedLogins returns default allowed logins for a new admin role
|
||||
DefaultAllowedLogins() []string
|
||||
// PrintVersion prints teleport version
|
||||
PrintVersion()
|
||||
}
|
||||
|
||||
// SetModules sets the modules interface
|
||||
func SetModules(m Modules) {
|
||||
mutex.Lock()
|
||||
defer mutex.Unlock()
|
||||
modules = m
|
||||
}
|
||||
|
||||
// GetModules returns the modules interface
|
||||
func GetModules() Modules {
|
||||
mutex.Lock()
|
||||
defer mutex.Unlock()
|
||||
return modules
|
||||
}
|
||||
|
||||
type defaultModules struct{}
|
||||
|
||||
// EmptyRolesHandler is called when a new trusted cluster with empty roles
|
||||
// is created, no-op by default
|
||||
func (p *defaultModules) EmptyRolesHandler() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// DefaultAllowedLogins returns allowed logins for a new admin role
|
||||
func (p *defaultModules) DefaultAllowedLogins() []string {
|
||||
return []string{teleport.TraitInternalRoleVariable}
|
||||
}
|
||||
|
||||
// PrintVersion prints teleport version
|
||||
func (p *defaultModules) PrintVersion() {
|
||||
ver := fmt.Sprintf("Teleport v%s", teleport.Version)
|
||||
if teleport.Gitref != "" {
|
||||
ver = fmt.Sprintf("%s git:%s", ver, teleport.Gitref)
|
||||
}
|
||||
fmt.Println(ver)
|
||||
}
|
||||
|
||||
var (
|
||||
mutex = &sync.Mutex{}
|
||||
modules Modules = &defaultModules{}
|
||||
)
|
62
lib/modules/modules_test.go
Normal file
62
lib/modules/modules_test.go
Normal file
|
@ -0,0 +1,62 @@
|
|||
/*
|
||||
Copyright 2017 Gravitational, Inc.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package modules
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/gravitational/teleport"
|
||||
|
||||
"github.com/gravitational/trace"
|
||||
check "gopkg.in/check.v1"
|
||||
)
|
||||
|
||||
func TestModules(t *testing.T) { check.TestingT(t) }
|
||||
|
||||
type ModulesSuite struct{}
|
||||
|
||||
var _ = check.Suite(&ModulesSuite{})
|
||||
|
||||
func (s *ModulesSuite) TestDefaultModules(c *check.C) {
|
||||
err := GetModules().EmptyRolesHandler()
|
||||
c.Assert(err, check.IsNil)
|
||||
|
||||
logins := GetModules().DefaultAllowedLogins()
|
||||
c.Assert(logins, check.DeepEquals, []string{teleport.TraitInternalRoleVariable})
|
||||
}
|
||||
|
||||
func (s *ModulesSuite) TestTestModules(c *check.C) {
|
||||
SetModules(&testModules{})
|
||||
|
||||
err := GetModules().EmptyRolesHandler()
|
||||
c.Assert(trace.IsNotFound(err), check.Equals, true)
|
||||
|
||||
logins := GetModules().DefaultAllowedLogins()
|
||||
c.Assert(logins, check.DeepEquals, []string{"a", "b"})
|
||||
}
|
||||
|
||||
type testModules struct{}
|
||||
|
||||
func (p *testModules) EmptyRolesHandler() error {
|
||||
return trace.NotFound("no roles specified")
|
||||
}
|
||||
|
||||
func (p *testModules) DefaultAllowedLogins() []string {
|
||||
return []string{"a", "b"}
|
||||
}
|
||||
|
||||
func (p *testModules) PrintVersion() {}
|
|
@ -31,16 +31,9 @@ package lib
|
|||
|
||||
import (
|
||||
"sync"
|
||||
|
||||
"github.com/gravitational/teleport"
|
||||
)
|
||||
|
||||
var (
|
||||
// currentDistroType contains the type of teleport binary: enterprise or
|
||||
// open source this flag does not enable any enterprise features, but it
|
||||
// makes the default experience of the OSS users nicer.
|
||||
currentDistroType teleport.DistroType = teleport.DistroTypeOSS
|
||||
|
||||
// insecureDevMode is set to 'true' when teleport is started with a hidden
|
||||
// --insecure flag. This mode is only useful for learning Teleport and following
|
||||
// quick starts: it disables HTTPS certificate validation
|
||||
|
@ -50,19 +43,6 @@ var (
|
|||
flagLock sync.Mutex
|
||||
)
|
||||
|
||||
func SetDistroType(t teleport.DistroType) {
|
||||
flagLock.Lock()
|
||||
defer flagLock.Unlock()
|
||||
currentDistroType = t
|
||||
}
|
||||
|
||||
// IsEnterprise returns 'true' if Teleport is packaged with enterprise runime
|
||||
func IsEnterprise() bool {
|
||||
flagLock.Lock()
|
||||
defer flagLock.Unlock()
|
||||
return currentDistroType == teleport.DistroTypeEnterprise
|
||||
}
|
||||
|
||||
// SetInsecureDevMode turns the 'insecure' mode on. In this mode Teleport accpets
|
||||
// self-signed HTTPS certificates (for development only!)
|
||||
func SetInsecureDevMode(m bool) {
|
||||
|
|
|
@ -24,6 +24,7 @@ import (
|
|||
|
||||
"github.com/gravitational/teleport"
|
||||
"github.com/gravitational/teleport/lib/defaults"
|
||||
"github.com/gravitational/teleport/lib/modules"
|
||||
"github.com/gravitational/teleport/lib/utils"
|
||||
"github.com/gravitational/teleport/lib/utils/parse"
|
||||
|
||||
|
@ -79,7 +80,7 @@ func RoleNameForCertAuthority(name string) string {
|
|||
|
||||
// NewAdminRole is the default admin role for all local users if another role
|
||||
// is not explicitly assigned (Enterprise only).
|
||||
func NewAdminRole(isEnterprise bool) Role {
|
||||
func NewAdminRole() Role {
|
||||
role := &RoleV3{
|
||||
Kind: KindRole,
|
||||
Version: V3,
|
||||
|
@ -98,14 +99,7 @@ func NewAdminRole(isEnterprise bool) Role {
|
|||
},
|
||||
},
|
||||
}
|
||||
|
||||
// the default role also has "root" for enterprise users
|
||||
allowedLogins := []string{teleport.TraitInternalRoleVariable}
|
||||
if isEnterprise {
|
||||
allowedLogins = append(allowedLogins, teleport.Root)
|
||||
}
|
||||
role.SetLogins(Allow, allowedLogins)
|
||||
|
||||
role.SetLogins(Allow, modules.GetModules().DefaultAllowedLogins())
|
||||
return role
|
||||
}
|
||||
|
||||
|
|
|
@ -22,8 +22,8 @@ import (
|
|||
"time"
|
||||
|
||||
"github.com/gravitational/teleport"
|
||||
"github.com/gravitational/teleport/lib"
|
||||
"github.com/gravitational/teleport/lib/defaults"
|
||||
"github.com/gravitational/teleport/lib/modules"
|
||||
"github.com/gravitational/teleport/lib/utils"
|
||||
|
||||
"github.com/gravitational/trace"
|
||||
|
@ -249,8 +249,8 @@ func (c *TrustedClusterV2) CheckAndSetDefaults() error {
|
|||
}
|
||||
// we are not mentioning Roles parameter because we are deprecating it
|
||||
if len(c.Spec.Roles) == 0 && len(c.Spec.RoleMap) == 0 {
|
||||
if lib.IsEnterprise() {
|
||||
return trace.BadParameter("missing 'role_map' parameter")
|
||||
if err := modules.GetModules().EmptyRolesHandler(); err != nil {
|
||||
return trace.Wrap(err)
|
||||
}
|
||||
// OSS teleport uses 'admin' by default:
|
||||
c.Spec.RoleMap = RoleMap{
|
||||
|
@ -425,9 +425,9 @@ const RoleMapSchema = `{
|
|||
"items": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"properties": {
|
||||
"properties": {
|
||||
"local": {
|
||||
"type": "array",
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "string"
|
||||
}
|
||||
|
|
|
@ -17,7 +17,6 @@ limitations under the License.
|
|||
package utils
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"net"
|
||||
|
@ -28,6 +27,7 @@ import (
|
|||
"time"
|
||||
|
||||
"github.com/gravitational/teleport"
|
||||
"github.com/gravitational/teleport/lib/modules"
|
||||
"github.com/gravitational/trace"
|
||||
"github.com/pborman/uuid"
|
||||
"golang.org/x/crypto/ssh"
|
||||
|
@ -166,19 +166,9 @@ func ReadOrMakeHostUUID(dataDir string) (string, error) {
|
|||
return id, nil
|
||||
}
|
||||
|
||||
// PrintVersion prints human readable version.
|
||||
// - distro: name of the distribution. Empty string for OSS or "enterprise"
|
||||
func PrintVersion(distro teleport.DistroType) {
|
||||
if distro == teleport.DistroTypeEnterprise {
|
||||
distro = " " + distro
|
||||
} else {
|
||||
distro = ""
|
||||
}
|
||||
ver := fmt.Sprintf("Teleport%s v%s", distro, teleport.Version)
|
||||
if teleport.Gitref != "" {
|
||||
ver = fmt.Sprintf("%s git:%s", ver, teleport.Gitref)
|
||||
}
|
||||
fmt.Println(ver)
|
||||
// PrintVersion prints human readable version
|
||||
func PrintVersion() {
|
||||
modules.GetModules().PrintVersion()
|
||||
}
|
||||
|
||||
// HumanTimeFormat formats time as recognized by humans
|
||||
|
|
|
@ -194,7 +194,7 @@ func (s *WebSuite) SetUpTest(c *C) {
|
|||
c.Assert(err, IsNil)
|
||||
|
||||
// create the default role
|
||||
c.Assert(s.authServer.UpsertRole(services.NewAdminRole(false), backend.Forever), IsNil)
|
||||
c.Assert(s.authServer.UpsertRole(services.NewAdminRole(), backend.Forever), IsNil)
|
||||
|
||||
// configure cluster authentication preferences
|
||||
cap, err := services.NewAuthPreference(services.AuthPreferenceSpecV2{
|
||||
|
|
|
@ -21,7 +21,6 @@ import (
|
|||
"os"
|
||||
|
||||
"github.com/gravitational/teleport"
|
||||
"github.com/gravitational/teleport/lib"
|
||||
"github.com/gravitational/teleport/lib/auth"
|
||||
"github.com/gravitational/teleport/lib/config"
|
||||
"github.com/gravitational/teleport/lib/defaults"
|
||||
|
@ -61,11 +60,9 @@ type CLICommand interface {
|
|||
// "distributions" like OSS or Enterprise
|
||||
//
|
||||
// distribution: name of the Teleport distribution
|
||||
func Run(distro teleport.DistroType, commands []CLICommand) {
|
||||
func Run(commands []CLICommand) {
|
||||
utils.InitLogger(utils.LoggingForCLI, logrus.WarnLevel)
|
||||
|
||||
lib.SetDistroType(distro)
|
||||
|
||||
// app is the command line parser
|
||||
app := utils.InitCLIParser("tctl", GlobalHelpString)
|
||||
|
||||
|
@ -101,7 +98,7 @@ func Run(distro teleport.DistroType, commands []CLICommand) {
|
|||
|
||||
// "version" command?
|
||||
if selectedCmd == ver.FullCommand() {
|
||||
utils.PrintVersion(distro)
|
||||
utils.PrintVersion()
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
@ -17,7 +17,6 @@ limitations under the License.
|
|||
package main
|
||||
|
||||
import (
|
||||
"github.com/gravitational/teleport"
|
||||
"github.com/gravitational/teleport/tool/tctl/common"
|
||||
)
|
||||
|
||||
|
@ -29,5 +28,5 @@ func main() {
|
|||
&common.AuthCommand{},
|
||||
&common.ResourceCommand{},
|
||||
}
|
||||
common.Run(teleport.DistroTypeOSS, commands)
|
||||
common.Run(commands)
|
||||
}
|
||||
|
|
|
@ -26,7 +26,6 @@ import (
|
|||
"strings"
|
||||
|
||||
"github.com/gravitational/teleport"
|
||||
"github.com/gravitational/teleport/lib"
|
||||
"github.com/gravitational/teleport/lib/config"
|
||||
"github.com/gravitational/teleport/lib/defaults"
|
||||
"github.com/gravitational/teleport/lib/service"
|
||||
|
@ -42,14 +41,10 @@ import (
|
|||
|
||||
// same as main() but has a testing switch
|
||||
// - cmdlineArgs are passed from main()
|
||||
// - distro can be "" (OSS version) or "enterprise"
|
||||
// - testRun is 'true' when running under an integration test
|
||||
func Run(cmdlineArgs []string, distro teleport.DistroType, testRun bool) (executedCommand string, conf *service.Config) {
|
||||
func Run(cmdlineArgs []string, testRun bool) (executedCommand string, conf *service.Config) {
|
||||
var err error
|
||||
|
||||
// initialize the teleport library with the proper distro flag
|
||||
lib.SetDistroType(distro)
|
||||
|
||||
// configure trace's errors to produce full stack traces
|
||||
isDebug, _ := strconv.ParseBool(os.Getenv(teleport.VerboseLogsEnvVar))
|
||||
if isDebug {
|
||||
|
@ -185,7 +180,7 @@ func Run(cmdlineArgs []string, distro teleport.DistroType, testRun bool) (execut
|
|||
case dump.FullCommand():
|
||||
onConfigDump()
|
||||
case ver.FullCommand():
|
||||
utils.PrintVersion(distro)
|
||||
utils.PrintVersion()
|
||||
}
|
||||
if err != nil {
|
||||
utils.FatalError(err)
|
||||
|
|
|
@ -30,10 +30,6 @@ import (
|
|||
"gopkg.in/check.v1"
|
||||
)
|
||||
|
||||
const (
|
||||
ossDistro = ""
|
||||
)
|
||||
|
||||
// bootstrap check
|
||||
func TestTeleportMain(t *testing.T) { check.TestingT(t) }
|
||||
|
||||
|
@ -70,7 +66,7 @@ func (s *MainTestSuite) SetUpSuite(c *check.C) {
|
|||
}
|
||||
|
||||
func (s *MainTestSuite) TestDefault(c *check.C) {
|
||||
cmd, conf := Run([]string{"start"}, ossDistro, true)
|
||||
cmd, conf := Run([]string{"start"}, true)
|
||||
c.Assert(cmd, check.Equals, "start")
|
||||
c.Assert(conf.Hostname, check.Equals, s.hostname)
|
||||
c.Assert(conf.DataDir, check.Equals, "/tmp/teleport/var/lib/teleport")
|
||||
|
@ -82,17 +78,17 @@ func (s *MainTestSuite) TestDefault(c *check.C) {
|
|||
}
|
||||
|
||||
func (s *MainTestSuite) TestRolesFlag(c *check.C) {
|
||||
cmd, conf := Run([]string{"start", "--roles=node"}, ossDistro, true)
|
||||
cmd, conf := Run([]string{"start", "--roles=node"}, true)
|
||||
c.Assert(conf.SSH.Enabled, check.Equals, true)
|
||||
c.Assert(conf.Auth.Enabled, check.Equals, false)
|
||||
c.Assert(conf.Proxy.Enabled, check.Equals, false)
|
||||
|
||||
cmd, conf = Run([]string{"start", "--roles=proxy"}, ossDistro, true)
|
||||
cmd, conf = Run([]string{"start", "--roles=proxy"}, true)
|
||||
c.Assert(conf.SSH.Enabled, check.Equals, false)
|
||||
c.Assert(conf.Auth.Enabled, check.Equals, false)
|
||||
c.Assert(conf.Proxy.Enabled, check.Equals, true)
|
||||
|
||||
cmd, conf = Run([]string{"start", "--roles=auth"}, ossDistro, true)
|
||||
cmd, conf = Run([]string{"start", "--roles=auth"}, true)
|
||||
c.Assert(conf.SSH.Enabled, check.Equals, false)
|
||||
c.Assert(conf.Auth.Enabled, check.Equals, true)
|
||||
c.Assert(conf.Proxy.Enabled, check.Equals, false)
|
||||
|
@ -100,7 +96,7 @@ func (s *MainTestSuite) TestRolesFlag(c *check.C) {
|
|||
}
|
||||
|
||||
func (s *MainTestSuite) TestConfigFile(c *check.C) {
|
||||
cmd, conf := Run([]string{"start", "--roles=node", "--labels=a=a1,b=b1", "--config=" + s.configFile}, ossDistro, true)
|
||||
cmd, conf := Run([]string{"start", "--roles=node", "--labels=a=a1,b=b1", "--config=" + s.configFile}, true)
|
||||
c.Assert(cmd, check.Equals, "start")
|
||||
c.Assert(conf.SSH.Enabled, check.Equals, true)
|
||||
c.Assert(conf.Auth.Enabled, check.Equals, false)
|
||||
|
|
|
@ -23,9 +23,6 @@ import (
|
|||
)
|
||||
|
||||
func main() {
|
||||
const (
|
||||
testRun = false
|
||||
ossDistribution = ""
|
||||
)
|
||||
common.Run(os.Args[1:], ossDistribution, testRun)
|
||||
const testRun = false
|
||||
common.Run(os.Args[1:], testRun)
|
||||
}
|
||||
|
|
|
@ -248,7 +248,7 @@ func Run(args []string, underTest bool) {
|
|||
|
||||
switch command {
|
||||
case ver.FullCommand():
|
||||
utils.PrintVersion("")
|
||||
utils.PrintVersion()
|
||||
case ssh.FullCommand():
|
||||
onSSH(&cf)
|
||||
case bench.FullCommand():
|
||||
|
|
Loading…
Reference in a new issue