Merge pull request #1408 from gravitational/roman/plugins

Use modules instead of "is enterprise" flag

constants.go

@@ -206,13 +206,3 @@ const AdminRoleName = "admin"
 // DefaultImplicitRole is implicit role that gets added to all service.RoleSet
 // objects.
 const DefaultImplicitRole = "default-implicit-role"
-
-// DistroType allows to declare what kind of distribution of Teleport
-// is running
-type DistroType string
-
-// Possible values for DistroType:
-const (
-	DistroTypeOSS        DistroType = "community"
-	DistroTypeEnterprise DistroType = "enterprise"
-)

e

@@ -1 +1 @@
-Subproject commit a64ce95ec5b19b49fa58db6ff9dfcae790b4163f
+Subproject commit 8709eb54e0cbe554f49d205daaf62b34395b07f1

lib/auth/init.go

@@ -188,7 +188,7 @@ func Init(cfg InitConfig) (*AuthServer, *Identity, error) {
 	log.Infof("[INIT] Created Namespace: %q", defaults.Namespace)
 
 	// always create a default admin role
-	defaultRole := services.NewAdminRole(lib.IsEnterprise())
+	defaultRole := services.NewAdminRole()
 	err = asrv.CreateRole(defaultRole, backend.Forever)
 	if err != nil && !trace.IsAlreadyExists(err) {
 		return nil, nil, trace.Wrap(err)

lib/auth/tun_test.go

@@ -101,7 +101,7 @@ func (s *TunSuite) SetUpTest(c *C) {
 	c.Assert(err, IsNil)
 
 	// create the default role
-	c.Assert(s.a.UpsertRole(services.NewAdminRole(false), backend.Forever), IsNil)
+	c.Assert(s.a.UpsertRole(services.NewAdminRole(), backend.Forever), IsNil)
 
 	// set up host private key and certificate
 	c.Assert(s.a.UpsertCertAuthority(

lib/modules/modules.go

@@ -0,0 +1,79 @@
+/*
+Copyright 2017 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// package modules allows external packages override certain behavioral
+// aspects of teleport
+package modules
+
+import (
+	"fmt"
+	"sync"
+
+	"github.com/gravitational/teleport"
+)
+
+// Modules defines interface that external libraries can implement customizing
+// default teleport behavior
+type Modules interface {
+	// EmptyRoles handler is called when a new trusted cluster with empty roles
+	// is being created
+	EmptyRolesHandler() error
+	// DefaultAllowedLogins returns default allowed logins for a new admin role
+	DefaultAllowedLogins() []string
+	// PrintVersion prints teleport version
+	PrintVersion()
+}
+
+// SetModules sets the modules interface
+func SetModules(m Modules) {
+	mutex.Lock()
+	defer mutex.Unlock()
+	modules = m
+}
+
+// GetModules returns the modules interface
+func GetModules() Modules {
+	mutex.Lock()
+	defer mutex.Unlock()
+	return modules
+}
+
+type defaultModules struct{}
+
+// EmptyRolesHandler is called when a new trusted cluster with empty roles
+// is created, no-op by default
+func (p *defaultModules) EmptyRolesHandler() error {
+	return nil
+}
+
+// DefaultAllowedLogins returns allowed logins for a new admin role
+func (p *defaultModules) DefaultAllowedLogins() []string {
+	return []string{teleport.TraitInternalRoleVariable}
+}
+
+// PrintVersion prints teleport version
+func (p *defaultModules) PrintVersion() {
+	ver := fmt.Sprintf("Teleport v%s", teleport.Version)
+	if teleport.Gitref != "" {
+		ver = fmt.Sprintf("%s git:%s", ver, teleport.Gitref)
+	}
+	fmt.Println(ver)
+}
+
+var (
+	mutex           = &sync.Mutex{}
+	modules Modules = &defaultModules{}
+)

lib/modules/modules_test.go

@@ -0,0 +1,62 @@
+/*
+Copyright 2017 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package modules
+
+import (
+	"testing"
+
+	"github.com/gravitational/teleport"
+
+	"github.com/gravitational/trace"
+	check "gopkg.in/check.v1"
+)
+
+func TestModules(t *testing.T) { check.TestingT(t) }
+
+type ModulesSuite struct{}
+
+var _ = check.Suite(&ModulesSuite{})
+
+func (s *ModulesSuite) TestDefaultModules(c *check.C) {
+	err := GetModules().EmptyRolesHandler()
+	c.Assert(err, check.IsNil)
+
+	logins := GetModules().DefaultAllowedLogins()
+	c.Assert(logins, check.DeepEquals, []string{teleport.TraitInternalRoleVariable})
+}
+
+func (s *ModulesSuite) TestTestModules(c *check.C) {
+	SetModules(&testModules{})
+
+	err := GetModules().EmptyRolesHandler()
+	c.Assert(trace.IsNotFound(err), check.Equals, true)
+
+	logins := GetModules().DefaultAllowedLogins()
+	c.Assert(logins, check.DeepEquals, []string{"a", "b"})
+}
+
+type testModules struct{}
+
+func (p *testModules) EmptyRolesHandler() error {
+	return trace.NotFound("no roles specified")
+}
+
+func (p *testModules) DefaultAllowedLogins() []string {
+	return []string{"a", "b"}
+}
+
+func (p *testModules) PrintVersion() {}

lib/runtimeflags.go

@@ -31,16 +31,9 @@ package lib
 
 import (
 	"sync"
-
-	"github.com/gravitational/teleport"
 )
 
 var (
-	// currentDistroType contains the type of teleport binary: enterprise or
-	// open source this flag does not enable any enterprise features, but it
-	// makes the default experience of the OSS users nicer.
-	currentDistroType teleport.DistroType = teleport.DistroTypeOSS
-
 	// insecureDevMode is set to 'true' when teleport is started with a hidden
 	// --insecure flag. This mode is only useful for learning Teleport and following
 	// quick starts: it disables HTTPS certificate validation
@@ -50,19 +43,6 @@ var (
 	flagLock sync.Mutex
 )
 
-func SetDistroType(t teleport.DistroType) {
-	flagLock.Lock()
-	defer flagLock.Unlock()
-	currentDistroType = t
-}
-
-// IsEnterprise returns 'true' if Teleport is packaged with enterprise runime
-func IsEnterprise() bool {
-	flagLock.Lock()
-	defer flagLock.Unlock()
-	return currentDistroType == teleport.DistroTypeEnterprise
-}
-
 // SetInsecureDevMode turns the 'insecure' mode on. In this mode Teleport accpets
 // self-signed HTTPS certificates (for development only!)
 func SetInsecureDevMode(m bool) {

lib/services/role.go

@@ -24,6 +24,7 @@ import (
 
 	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/lib/defaults"
+	"github.com/gravitational/teleport/lib/modules"
 	"github.com/gravitational/teleport/lib/utils"
 	"github.com/gravitational/teleport/lib/utils/parse"
 
@@ -79,7 +80,7 @@ func RoleNameForCertAuthority(name string) string {
 
 // NewAdminRole is the default admin role for all local users if another role
 // is not explicitly assigned (Enterprise only).
-func NewAdminRole(isEnterprise bool) Role {
+func NewAdminRole() Role {
 	role := &RoleV3{
 		Kind:    KindRole,
 		Version: V3,
@@ -98,14 +99,7 @@ func NewAdminRole(isEnterprise bool) Role {
 			},
 		},
 	}
-
-	// the default role also has "root" for enterprise users
-	allowedLogins := []string{teleport.TraitInternalRoleVariable}
-	if isEnterprise {
-		allowedLogins = append(allowedLogins, teleport.Root)
-	}
-	role.SetLogins(Allow, allowedLogins)
-
+	role.SetLogins(Allow, modules.GetModules().DefaultAllowedLogins())
 	return role
 }
 

lib/services/trustedcluster.go

@@ -22,8 +22,8 @@ import (
 	"time"
 
 	"github.com/gravitational/teleport"
-	"github.com/gravitational/teleport/lib"
 	"github.com/gravitational/teleport/lib/defaults"
+	"github.com/gravitational/teleport/lib/modules"
 	"github.com/gravitational/teleport/lib/utils"
 
 	"github.com/gravitational/trace"
@@ -249,8 +249,8 @@ func (c *TrustedClusterV2) CheckAndSetDefaults() error {
 	}
 	// we are not mentioning Roles parameter because we are deprecating it
 	if len(c.Spec.Roles) == 0 && len(c.Spec.RoleMap) == 0 {
-		if lib.IsEnterprise() {
-			return trace.BadParameter("missing 'role_map' parameter")
+		if err := modules.GetModules().EmptyRolesHandler(); err != nil {
+			return trace.Wrap(err)
 		}
 		// OSS teleport uses 'admin' by default:
 		c.Spec.RoleMap = RoleMap{
@@ -425,9 +425,9 @@ const RoleMapSchema = `{
   "items": {
     "type": "object",
     "additionalProperties": false,
-    "properties": {    
+    "properties": {
       "local": {
-        "type": "array", 
+        "type": "array",
         "items": {
            "type": "string"
         }

lib/utils/utils.go

@@ -17,7 +17,6 @@ limitations under the License.
 package utils
 
 import (
-	"fmt"
 	"io"
 	"io/ioutil"
 	"net"
@@ -28,6 +27,7 @@ import (
 	"time"
 
 	"github.com/gravitational/teleport"
+	"github.com/gravitational/teleport/lib/modules"
 	"github.com/gravitational/trace"
 	"github.com/pborman/uuid"
 	"golang.org/x/crypto/ssh"
@@ -166,19 +166,9 @@ func ReadOrMakeHostUUID(dataDir string) (string, error) {
 	return id, nil
 }
 
-// PrintVersion prints human readable version.
-//   - distro: name of the distribution. Empty string for OSS or "enterprise"
-func PrintVersion(distro teleport.DistroType) {
-	if distro == teleport.DistroTypeEnterprise {
-		distro = " " + distro
-	} else {
-		distro = ""
-	}
-	ver := fmt.Sprintf("Teleport%s v%s", distro, teleport.Version)
-	if teleport.Gitref != "" {
-		ver = fmt.Sprintf("%s git:%s", ver, teleport.Gitref)
-	}
-	fmt.Println(ver)
+// PrintVersion prints human readable version
+func PrintVersion() {
+	modules.GetModules().PrintVersion()
 }
 
 // HumanTimeFormat formats time as recognized by humans

lib/web/apiserver_test.go

@@ -194,7 +194,7 @@ func (s *WebSuite) SetUpTest(c *C) {
 	c.Assert(err, IsNil)
 
 	// create the default role
-	c.Assert(s.authServer.UpsertRole(services.NewAdminRole(false), backend.Forever), IsNil)
+	c.Assert(s.authServer.UpsertRole(services.NewAdminRole(), backend.Forever), IsNil)
 
 	// configure cluster authentication preferences
 	cap, err := services.NewAuthPreference(services.AuthPreferenceSpecV2{

tool/tctl/common/tctl.go

@@ -21,7 +21,6 @@ import (
 	"os"
 
 	"github.com/gravitational/teleport"
-	"github.com/gravitational/teleport/lib"
 	"github.com/gravitational/teleport/lib/auth"
 	"github.com/gravitational/teleport/lib/config"
 	"github.com/gravitational/teleport/lib/defaults"
@@ -61,11 +60,9 @@ type CLICommand interface {
 // "distributions" like OSS or Enterprise
 //
 // distribution: name of the Teleport distribution
-func Run(distro teleport.DistroType, commands []CLICommand) {
+func Run(commands []CLICommand) {
 	utils.InitLogger(utils.LoggingForCLI, logrus.WarnLevel)
 
-	lib.SetDistroType(distro)
-
 	// app is the command line parser
 	app := utils.InitCLIParser("tctl", GlobalHelpString)
 
@@ -101,7 +98,7 @@ func Run(distro teleport.DistroType, commands []CLICommand) {
 
 	// "version" command?
 	if selectedCmd == ver.FullCommand() {
-		utils.PrintVersion(distro)
+		utils.PrintVersion()
 		return
 	}
 

tool/tctl/main.go

@@ -17,7 +17,6 @@ limitations under the License.
 package main
 
 import (
-	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/tool/tctl/common"
 )
 
@@ -29,5 +28,5 @@ func main() {
 		&common.AuthCommand{},
 		&common.ResourceCommand{},
 	}
-	common.Run(teleport.DistroTypeOSS, commands)
+	common.Run(commands)
 }

tool/teleport/common/teleport.go

@@ -26,7 +26,6 @@ import (
 	"strings"
 
 	"github.com/gravitational/teleport"
-	"github.com/gravitational/teleport/lib"
 	"github.com/gravitational/teleport/lib/config"
 	"github.com/gravitational/teleport/lib/defaults"
 	"github.com/gravitational/teleport/lib/service"
@@ -42,14 +41,10 @@ import (
 
 // same as main() but has a testing switch
 //   - cmdlineArgs are passed from main()
-//   - distro can be "" (OSS version) or "enterprise"
 //   - testRun is 'true' when running under an integration test
-func Run(cmdlineArgs []string, distro teleport.DistroType, testRun bool) (executedCommand string, conf *service.Config) {
+func Run(cmdlineArgs []string, testRun bool) (executedCommand string, conf *service.Config) {
 	var err error
 
-	// initialize the teleport library with the proper distro flag
-	lib.SetDistroType(distro)
-
 	// configure trace's errors to produce full stack traces
 	isDebug, _ := strconv.ParseBool(os.Getenv(teleport.VerboseLogsEnvVar))
 	if isDebug {
@@ -185,7 +180,7 @@ func Run(cmdlineArgs []string, distro teleport.DistroType, testRun bool) (execut
 	case dump.FullCommand():
 		onConfigDump()
 	case ver.FullCommand():
-		utils.PrintVersion(distro)
+		utils.PrintVersion()
 	}
 	if err != nil {
 		utils.FatalError(err)

tool/teleport/common/teleport_test.go

@@ -30,10 +30,6 @@ import (
 	"gopkg.in/check.v1"
 )
 
-const (
-	ossDistro = ""
-)
-
 // bootstrap check
 func TestTeleportMain(t *testing.T) { check.TestingT(t) }
 
@@ -70,7 +66,7 @@ func (s *MainTestSuite) SetUpSuite(c *check.C) {
 }
 
 func (s *MainTestSuite) TestDefault(c *check.C) {
-	cmd, conf := Run([]string{"start"}, ossDistro, true)
+	cmd, conf := Run([]string{"start"}, true)
 	c.Assert(cmd, check.Equals, "start")
 	c.Assert(conf.Hostname, check.Equals, s.hostname)
 	c.Assert(conf.DataDir, check.Equals, "/tmp/teleport/var/lib/teleport")
@@ -82,17 +78,17 @@ func (s *MainTestSuite) TestDefault(c *check.C) {
 }
 
 func (s *MainTestSuite) TestRolesFlag(c *check.C) {
-	cmd, conf := Run([]string{"start", "--roles=node"}, ossDistro, true)
+	cmd, conf := Run([]string{"start", "--roles=node"}, true)
 	c.Assert(conf.SSH.Enabled, check.Equals, true)
 	c.Assert(conf.Auth.Enabled, check.Equals, false)
 	c.Assert(conf.Proxy.Enabled, check.Equals, false)
 
-	cmd, conf = Run([]string{"start", "--roles=proxy"}, ossDistro, true)
+	cmd, conf = Run([]string{"start", "--roles=proxy"}, true)
 	c.Assert(conf.SSH.Enabled, check.Equals, false)
 	c.Assert(conf.Auth.Enabled, check.Equals, false)
 	c.Assert(conf.Proxy.Enabled, check.Equals, true)
 
-	cmd, conf = Run([]string{"start", "--roles=auth"}, ossDistro, true)
+	cmd, conf = Run([]string{"start", "--roles=auth"}, true)
 	c.Assert(conf.SSH.Enabled, check.Equals, false)
 	c.Assert(conf.Auth.Enabled, check.Equals, true)
 	c.Assert(conf.Proxy.Enabled, check.Equals, false)
@@ -100,7 +96,7 @@ func (s *MainTestSuite) TestRolesFlag(c *check.C) {
 }
 
 func (s *MainTestSuite) TestConfigFile(c *check.C) {
-	cmd, conf := Run([]string{"start", "--roles=node", "--labels=a=a1,b=b1", "--config=" + s.configFile}, ossDistro, true)
+	cmd, conf := Run([]string{"start", "--roles=node", "--labels=a=a1,b=b1", "--config=" + s.configFile}, true)
 	c.Assert(cmd, check.Equals, "start")
 	c.Assert(conf.SSH.Enabled, check.Equals, true)
 	c.Assert(conf.Auth.Enabled, check.Equals, false)

tool/teleport/main.go

@@ -23,9 +23,6 @@ import (
 )
 
 func main() {
-	const (
-		testRun         = false
-		ossDistribution = ""
-	)
-	common.Run(os.Args[1:], ossDistribution, testRun)
+	const testRun = false
+	common.Run(os.Args[1:], testRun)
 }

tool/tsh/tsh.go

@@ -248,7 +248,7 @@ func Run(args []string, underTest bool) {
 
 	switch command {
 	case ver.FullCommand():
-		utils.PrintVersion("")
+		utils.PrintVersion()
 	case ssh.FullCommand():
 		onSSH(&cf)
 	case bench.FullCommand():