mirror of
https://github.com/gravitational/teleport
synced 2024-10-21 01:34:01 +00:00
d9b80fb2a7
* protobuf update * Update proto to use dynamodb request event specific to app-access We will include a similar event for dynamodb via database-access. We split the events so that app and database access events are not coupled. This way we do not have to include optional database/app metadata in one event too. * Update protos * Update oneof * Move AppMetaData up with the other metadata and add a 'target' field * Remove operation plane * Fix typo * Configure signing service with transport instead of http client * Protect from resource exhaustion attacks * Add IsDynamoDB to types.Application * Add new event and code for dynamodb requests * Add async emitter to app access * Add audit.go to unify app access auditing * Refactor auditing in app access * Use the new audit's onSessionChunk/onRequest methods * Put the session context in the session chunk * Use a TeeStreamer to send AppSessionDynamoDBRequest directly to audit log as well as session file * Change streamWriter to streamCloser in sessionChunk to clarify that it should only be used for closing * Update handler test to test dynamodb events * Update test to use streamCloser * Update sever test * Add doc strings * Return error from audit interface methods so callers can choose what do to with it * Move app session start/end into audit interface * Configure tcpServer to use the server's emitter instead of auth client, as an Audit interface. * Have tcpServer call onSessionStart/End instead of emitting events itself. * Remove unneeded check type * Rename Transport -> RoundTripper * Fix test after renaming field * Rename drainBody and defer body closing * Fix subtle named return mistake * Update lib/service/service.go Co-authored-by: Tobiasz Heller <14020794+tobiaszheller@users.noreply.github.com> * Update lib/service/service.go Co-authored-by: Tobiasz Heller <14020794+tobiaszheller@users.noreply.github.com> * Rename ok->shouldSkipCleanup to make the purpose of it more clear * Refactor request body decoding into aws utils * Use request instead of signed request for audit event * Determine if req is for a dynamo endpoint instead of checking app uri * Remove obsolete app func IsDynamoDB * Update handler test * Use generic console app uri to test that we differentiate request by endpoint instead of app uri * Use a dynamodb request which has a body to test that we include the body in the audit event * Test for expected body JSON * fix lint * Fixup merge Co-authored-by: Tobiasz Heller <14020794+tobiaszheller@users.noreply.github.com> |
||
---|---|---|
.. | ||
asciitable | ||
auditd | ||
auth | ||
backend | ||
benchmark | ||
bpf | ||
cache | ||
cgroup | ||
circleci | ||
client | ||
cloud | ||
config | ||
configurators | ||
defaults | ||
events | ||
fixtures | ||
fuzz | ||
githubactions | ||
httplib | ||
inventory | ||
joinserver | ||
jwt | ||
kube | ||
labels | ||
limiter | ||
modules | ||
multiplexer | ||
observability | ||
pam | ||
plugin | ||
proxy | ||
restrictedsession | ||
reversetunnel | ||
secret | ||
service | ||
services | ||
session | ||
shell | ||
srv | ||
sshca | ||
sshutils | ||
system | ||
tbot | ||
teleagent | ||
teleterm | ||
tlsca | ||
utils | ||
versioncontrol | ||
web | ||
runtimeflags.go |