mirror of
https://github.com/gravitational/teleport
synced 2024-10-21 01:34:01 +00:00
d9b80fb2a7
* protobuf update * Update proto to use dynamodb request event specific to app-access We will include a similar event for dynamodb via database-access. We split the events so that app and database access events are not coupled. This way we do not have to include optional database/app metadata in one event too. * Update protos * Update oneof * Move AppMetaData up with the other metadata and add a 'target' field * Remove operation plane * Fix typo * Configure signing service with transport instead of http client * Protect from resource exhaustion attacks * Add IsDynamoDB to types.Application * Add new event and code for dynamodb requests * Add async emitter to app access * Add audit.go to unify app access auditing * Refactor auditing in app access * Use the new audit's onSessionChunk/onRequest methods * Put the session context in the session chunk * Use a TeeStreamer to send AppSessionDynamoDBRequest directly to audit log as well as session file * Change streamWriter to streamCloser in sessionChunk to clarify that it should only be used for closing * Update handler test to test dynamodb events * Update test to use streamCloser * Update sever test * Add doc strings * Return error from audit interface methods so callers can choose what do to with it * Move app session start/end into audit interface * Configure tcpServer to use the server's emitter instead of auth client, as an Audit interface. * Have tcpServer call onSessionStart/End instead of emitting events itself. * Remove unneeded check type * Rename Transport -> RoundTripper * Fix test after renaming field * Rename drainBody and defer body closing * Fix subtle named return mistake * Update lib/service/service.go Co-authored-by: Tobiasz Heller <14020794+tobiaszheller@users.noreply.github.com> * Update lib/service/service.go Co-authored-by: Tobiasz Heller <14020794+tobiaszheller@users.noreply.github.com> * Rename ok->shouldSkipCleanup to make the purpose of it more clear * Refactor request body decoding into aws utils * Use request instead of signed request for audit event * Determine if req is for a dynamo endpoint instead of checking app uri * Remove obsolete app func IsDynamoDB * Update handler test * Use generic console app uri to test that we differentiate request by endpoint instead of app uri * Use a dynamodb request which has a body to test that we include the body in the audit event * Test for expected body JSON * fix lint * Fixup merge Co-authored-by: Tobiasz Heller <14020794+tobiaszheller@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| acme.go | ||
| cfg.go | ||
| cfg_test.go | ||
| connect.go | ||
| db.go | ||
| db_test.go | ||
| desktop.go | ||
| discovery.go | ||
| info.go | ||
| kubernetes.go | ||
| listeners.go | ||
| proxy_settings.go | ||
| service.go | ||
| service_test.go | ||
| signals.go | ||
| state.go | ||
| state_test.go | ||
| supervisor.go | ||
| validateconfig.go | ||
| validateconfig_test.go | ||