mirror of
https://github.com/gravitational/teleport
synced 2024-10-21 01:34:01 +00:00
d9b80fb2a7
* protobuf update * Update proto to use dynamodb request event specific to app-access We will include a similar event for dynamodb via database-access. We split the events so that app and database access events are not coupled. This way we do not have to include optional database/app metadata in one event too. * Update protos * Update oneof * Move AppMetaData up with the other metadata and add a 'target' field * Remove operation plane * Fix typo * Configure signing service with transport instead of http client * Protect from resource exhaustion attacks * Add IsDynamoDB to types.Application * Add new event and code for dynamodb requests * Add async emitter to app access * Add audit.go to unify app access auditing * Refactor auditing in app access * Use the new audit's onSessionChunk/onRequest methods * Put the session context in the session chunk * Use a TeeStreamer to send AppSessionDynamoDBRequest directly to audit log as well as session file * Change streamWriter to streamCloser in sessionChunk to clarify that it should only be used for closing * Update handler test to test dynamodb events * Update test to use streamCloser * Update sever test * Add doc strings * Return error from audit interface methods so callers can choose what do to with it * Move app session start/end into audit interface * Configure tcpServer to use the server's emitter instead of auth client, as an Audit interface. * Have tcpServer call onSessionStart/End instead of emitting events itself. * Remove unneeded check type * Rename Transport -> RoundTripper * Fix test after renaming field * Rename drainBody and defer body closing * Fix subtle named return mistake * Update lib/service/service.go Co-authored-by: Tobiasz Heller <14020794+tobiaszheller@users.noreply.github.com> * Update lib/service/service.go Co-authored-by: Tobiasz Heller <14020794+tobiaszheller@users.noreply.github.com> * Rename ok->shouldSkipCleanup to make the purpose of it more clear * Refactor request body decoding into aws utils * Use request instead of signed request for audit event * Determine if req is for a dynamo endpoint instead of checking app uri * Remove obsolete app func IsDynamoDB * Update handler test * Use generic console app uri to test that we differentiate request by endpoint instead of app uri * Use a dynamodb request which has a body to test that we include the body in the audit event * Test for expected body JSON * fix lint * Fixup merge Co-authored-by: Tobiasz Heller <14020794+tobiaszheller@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| asciitable | ||
| auditd | ||
| auth | ||
| backend | ||
| benchmark | ||
| bpf | ||
| cache | ||
| cgroup | ||
| circleci | ||
| client | ||
| cloud | ||
| config | ||
| configurators | ||
| defaults | ||
| events | ||
| fixtures | ||
| fuzz | ||
| githubactions | ||
| httplib | ||
| inventory | ||
| joinserver | ||
| jwt | ||
| kube | ||
| labels | ||
| limiter | ||
| modules | ||
| multiplexer | ||
| observability | ||
| pam | ||
| plugin | ||
| proxy | ||
| restrictedsession | ||
| reversetunnel | ||
| secret | ||
| service | ||
| services | ||
| session | ||
| shell | ||
| srv | ||
| sshca | ||
| sshutils | ||
| system | ||
| tbot | ||
| teleagent | ||
| teleterm | ||
| tlsca | ||
| utils | ||
| versioncontrol | ||
| web | ||
| runtimeflags.go | ||