Skip to content

Commit

Permalink
Add AutoUpdate Client/Cache implementation (#46661) (#46750)
Browse files Browse the repository at this point in the history
* Add AutoUpdate Client/Cache implementation

* CR changes

* Add permission for proxy to access resources

* Rename all occurrences auto update to camelcase

* Remove auto update client wrapper

* Drop AutoUpdateServiceClient helper
Rename comments for consistency
  • Loading branch information
vapopov authored Oct 1, 2024
1 parent e4ba0c9 commit cf3078a
Show file tree
Hide file tree
Showing 19 changed files with 543 additions and 60 deletions.
21 changes: 21 additions & 0 deletions api/client/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ import (
"github.com/gravitational/teleport/api/gen/proto/go/assist/v1"
accesslistv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/accesslist/v1"
auditlogpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/auditlog/v1"
autoupdatev1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/autoupdate/v1"
clusterconfigpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/clusterconfig/v1"
devicepb "github.com/gravitational/teleport/api/gen/proto/go/teleport/devicetrust/v1"
discoveryconfigv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/discoveryconfig/v1"
Expand Down Expand Up @@ -2718,6 +2719,26 @@ func (c *Client) GetClusterAuditConfig(ctx context.Context) (types.ClusterAuditC
return resp, nil
}

// GetAutoUpdateConfig gets AutoUpdateConfig resource.
func (c *Client) GetAutoUpdateConfig(ctx context.Context) (*autoupdatev1pb.AutoUpdateConfig, error) {
client := autoupdatev1pb.NewAutoUpdateServiceClient(c.conn)
resp, err := client.GetAutoUpdateConfig(ctx, &autoupdatev1pb.GetAutoUpdateConfigRequest{})
if err != nil {
return nil, trace.Wrap(err)
}
return resp, nil
}

// GetAutoUpdateVersion gets AutoUpdateVersion resource.
func (c *Client) GetAutoUpdateVersion(ctx context.Context) (*autoupdatev1pb.AutoUpdateVersion, error) {
client := autoupdatev1pb.NewAutoUpdateServiceClient(c.conn)
resp, err := client.GetAutoUpdateVersion(ctx, &autoupdatev1pb.GetAutoUpdateVersionRequest{})
if err != nil {
return nil, trace.Wrap(err)
}
return resp, nil
}

// GetClusterAccessGraphConfig retrieves the Cluster Access Graph configuration from Auth server.
func (c *Client) GetClusterAccessGraphConfig(ctx context.Context) (*clusterconfigpb.AccessGraphConfig, error) {
rsp, err := c.ClusterConfigClient().GetClusterAccessGraphConfig(ctx, &clusterconfigpb.GetClusterAccessGraphConfigRequest{})
Expand Down
15 changes: 15 additions & 0 deletions api/client/events.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ import (
"github.com/gravitational/trace"

"github.com/gravitational/teleport/api/client/proto"
"github.com/gravitational/teleport/api/gen/proto/go/teleport/autoupdate/v1"
kubewaitingcontainerpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/kubewaitingcontainer/v1"
"github.com/gravitational/teleport/api/types"
"github.com/gravitational/teleport/api/types/accesslist"
Expand Down Expand Up @@ -56,6 +57,14 @@ func EventToGRPC(in types.Event) (*proto.Event, error) {
out.Resource = &proto.Event_KubernetesWaitingContainer{
KubernetesWaitingContainer: r,
}
case *autoupdate.AutoUpdateConfig:
out.Resource = &proto.Event_AutoUpdateConfig{
AutoUpdateConfig: r,
}
case *autoupdate.AutoUpdateVersion:
out.Resource = &proto.Event_AutoUpdateVersion{
AutoUpdateVersion: r,
}
}
case *types.ResourceHeader:
out.Resource = &proto.Event_ResourceHeader{
Expand Down Expand Up @@ -470,6 +479,12 @@ func EventFromGRPC(in *proto.Event) (*types.Event, error) {
} else if r := in.GetKubernetesWaitingContainer(); r != nil {
out.Resource = types.Resource153ToLegacy(r)
return &out, nil
} else if r := in.GetAutoUpdateConfig(); r != nil {
out.Resource = types.Resource153ToLegacy(r)
return &out, nil
} else if r := in.GetAutoUpdateVersion(); r != nil {
out.Resource = types.Resource153ToLegacy(r)
return &out, nil
} else {
return nil, trace.BadParameter("received unsupported resource %T", in.Resource)
}
Expand Down
2 changes: 1 addition & 1 deletion api/types/autoupdate/config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ import (
"github.com/gravitational/teleport/api/types"
)

// TestNewAutoUpdateConfig verifies validation for auto update config resource.
// TestNewAutoUpdateConfig verifies validation for AutoUpdateConfig resource.
func TestNewAutoUpdateConfig(t *testing.T) {
tests := []struct {
name string
Expand Down
2 changes: 1 addition & 1 deletion api/types/autoupdate/version_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ import (
"github.com/gravitational/teleport/api/types"
)

// TestNewAutoUpdateVersion verifies validation for auto update version resource.
// TestNewAutoUpdateVersion verifies validation for AutoUpdateVersion resource.
func TestNewAutoUpdateVersion(t *testing.T) {
tests := []struct {
name string
Expand Down
2 changes: 2 additions & 0 deletions lib/auth/accesspoint/accesspoint.go
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ type Config struct {
WebSession types.WebSessionInterface
WebToken types.WebTokenInterface
WindowsDesktops services.WindowsDesktops
AutoUpdateService services.AutoUpdateServiceGetter
}

func (c *Config) CheckAndSetDefaults() error {
Expand Down Expand Up @@ -158,6 +159,7 @@ func NewCache(cfg Config) (*cache.Cache, error) {
AppSession: cfg.AppSession,
Apps: cfg.Apps,
ClusterConfig: cfg.ClusterConfig,
AutoUpdateService: cfg.AutoUpdateService,
DatabaseServices: cfg.DatabaseServices,
Databases: cfg.Databases,
DiscoveryConfigs: cfg.DiscoveryConfigs,
Expand Down
13 changes: 13 additions & 0 deletions lib/auth/authclient/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import (
"github.com/gravitational/trace"

"github.com/gravitational/teleport/api/client/proto"
"github.com/gravitational/teleport/api/gen/proto/go/teleport/autoupdate/v1"
kubewaitingcontainerpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/kubewaitingcontainer/v1"
"github.com/gravitational/teleport/api/types"
"github.com/gravitational/teleport/api/types/accesslist"
Expand Down Expand Up @@ -298,6 +299,12 @@ type ReadProxyAccessPoint interface {

// GetUserGroup returns the specified user group resources.
GetUserGroup(ctx context.Context, name string) (types.UserGroup, error)

// GetAutoUpdateConfig gets the AutoUpdateConfig from the backend.
GetAutoUpdateConfig(ctx context.Context) (*autoupdate.AutoUpdateConfig, error)

// GetAutoUpdateVersion gets the AutoUpdateVersion from the backend.
GetAutoUpdateVersion(ctx context.Context) (*autoupdate.AutoUpdateVersion, error)
}

// SnowflakeSessionWatcher is watcher interface used by Snowflake web session watcher.
Expand Down Expand Up @@ -1138,6 +1145,12 @@ type Cache interface {

// IntegrationsGetter defines read/list methods for integrations.
services.IntegrationsGetter

// GetAutoUpdateConfig gets the AutoUpdateConfig from the backend.
GetAutoUpdateConfig(ctx context.Context) (*autoupdate.AutoUpdateConfig, error)

// GetAutoUpdateVersion gets the AutoUpdateVersion from the backend.
GetAutoUpdateVersion(ctx context.Context) (*autoupdate.AutoUpdateVersion, error)
}

type NodeWrapper struct {
Expand Down
1 change: 1 addition & 0 deletions lib/auth/authclient/clt.go
Original file line number Diff line number Diff line change
Expand Up @@ -1303,6 +1303,7 @@ type ClientI interface {
WebService
services.Status
services.ClusterConfiguration
services.AutoUpdateServiceGetter
services.SessionTrackerService
services.ConnectionsDiagnostic
services.SAMLIdPSession
Expand Down
46 changes: 23 additions & 23 deletions lib/auth/autoupdate/autoupdatev1/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,24 +32,24 @@ import (

// Cache defines only read-only service methods.
type Cache interface {
// GetAutoUpdateConfig gets the autoupdate configuration from the backend.
// GetAutoUpdateConfig gets the AutoUpdateConfig from the backend.
GetAutoUpdateConfig(ctx context.Context) (*autoupdate.AutoUpdateConfig, error)

// GetAutoUpdateVersion gets the autoupdate version from the backend.
// GetAutoUpdateVersion gets the AutoUpdateVersion from the backend.
GetAutoUpdateVersion(ctx context.Context) (*autoupdate.AutoUpdateVersion, error)
}

// ServiceConfig holds configuration options for the autoupdate gRPC service.
// ServiceConfig holds configuration options for the auto update gRPC service.
type ServiceConfig struct {
// Authorizer is the authorizer used to check access to resources.
Authorizer authz.Authorizer
// Backend is the backend used to store autoupdate resources.
// Backend is the backend used to store AutoUpdate resources.
Backend services.AutoUpdateService
// Cache is the cache used to store autoupdate resources.
// Cache is the cache used to store AutoUpdate resources.
Cache Cache
}

// Service implements the gRPC API layer for the Autoupdate.
// Service implements the gRPC API layer for the AutoUpdate.
type Service struct {
autoupdate.UnimplementedAutoUpdateServiceServer

Expand All @@ -58,7 +58,7 @@ type Service struct {
cache Cache
}

// NewService returns a new Autoupdate API service using the given storage layer and authorizer.
// NewService returns a new AutoUpdate API service using the given storage layer and authorizer.
func NewService(cfg ServiceConfig) (*Service, error) {
switch {
case cfg.Backend == nil:
Expand All @@ -75,7 +75,7 @@ func NewService(cfg ServiceConfig) (*Service, error) {
}, nil
}

// GetAutoUpdateConfig gets the current autoupdate config singleton.
// GetAutoUpdateConfig gets the current AutoUpdateConfig singleton.
func (s *Service) GetAutoUpdateConfig(ctx context.Context, req *autoupdate.GetAutoUpdateConfigRequest) (*autoupdate.AutoUpdateConfig, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -94,7 +94,7 @@ func (s *Service) GetAutoUpdateConfig(ctx context.Context, req *autoupdate.GetAu
return config, nil
}

// CreateAutoUpdateConfig creates autoupdate config singleton.
// CreateAutoUpdateConfig creates AutoUpdateConfig singleton.
func (s *Service) CreateAutoUpdateConfig(ctx context.Context, req *autoupdate.CreateAutoUpdateConfigRequest) (*autoupdate.AutoUpdateConfig, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -109,7 +109,7 @@ func (s *Service) CreateAutoUpdateConfig(ctx context.Context, req *autoupdate.Cr
return config, trace.Wrap(err)
}

// UpdateAutoUpdateConfig updates autoupdate config singleton.
// UpdateAutoUpdateConfig updates AutoUpdateConfig singleton.
func (s *Service) UpdateAutoUpdateConfig(ctx context.Context, req *autoupdate.UpdateAutoUpdateConfigRequest) (*autoupdate.AutoUpdateConfig, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -124,7 +124,7 @@ func (s *Service) UpdateAutoUpdateConfig(ctx context.Context, req *autoupdate.Up
return config, trace.Wrap(err)
}

// UpsertAutoUpdateConfig updates or creates autoupdate config singleton.
// UpsertAutoUpdateConfig updates or creates AutoUpdateConfig singleton.
func (s *Service) UpsertAutoUpdateConfig(ctx context.Context, req *autoupdate.UpsertAutoUpdateConfigRequest) (*autoupdate.AutoUpdateConfig, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -139,7 +139,7 @@ func (s *Service) UpsertAutoUpdateConfig(ctx context.Context, req *autoupdate.Up
return config, trace.Wrap(err)
}

// DeleteAutoUpdateConfig deletes autoupdate config singleton.
// DeleteAutoUpdateConfig deletes AutoUpdateConfig singleton.
func (s *Service) DeleteAutoUpdateConfig(ctx context.Context, req *autoupdate.DeleteAutoUpdateConfigRequest) (*emptypb.Empty, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -156,7 +156,7 @@ func (s *Service) DeleteAutoUpdateConfig(ctx context.Context, req *autoupdate.De
return &emptypb.Empty{}, nil
}

// GetAutoUpdateVersion gets the current autoupdate version singleton.
// GetAutoUpdateVersion gets the current AutoUpdateVersion singleton.
func (s *Service) GetAutoUpdateVersion(ctx context.Context, req *autoupdate.GetAutoUpdateVersionRequest) (*autoupdate.AutoUpdateVersion, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -175,7 +175,7 @@ func (s *Service) GetAutoUpdateVersion(ctx context.Context, req *autoupdate.GetA
return version, nil
}

// CreateAutoUpdateVersion creates autoupdate version singleton.
// CreateAutoUpdateVersion creates AutoUpdateVersion singleton.
func (s *Service) CreateAutoUpdateVersion(ctx context.Context, req *autoupdate.CreateAutoUpdateVersionRequest) (*autoupdate.AutoUpdateVersion, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -186,11 +186,11 @@ func (s *Service) CreateAutoUpdateVersion(ctx context.Context, req *autoupdate.C
return nil, trace.Wrap(err)
}

autoupdateVersion, err := s.backend.CreateAutoUpdateVersion(ctx, req.Version)
return autoupdateVersion, trace.Wrap(err)
autoUpdateVersion, err := s.backend.CreateAutoUpdateVersion(ctx, req.Version)
return autoUpdateVersion, trace.Wrap(err)
}

// UpdateAutoUpdateVersion updates autoupdate version singleton.
// UpdateAutoUpdateVersion updates AutoUpdateVersion singleton.
func (s *Service) UpdateAutoUpdateVersion(ctx context.Context, req *autoupdate.UpdateAutoUpdateVersionRequest) (*autoupdate.AutoUpdateVersion, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -201,11 +201,11 @@ func (s *Service) UpdateAutoUpdateVersion(ctx context.Context, req *autoupdate.U
return nil, trace.Wrap(err)
}

autoupdateVersion, err := s.backend.UpdateAutoUpdateVersion(ctx, req.Version)
return autoupdateVersion, trace.Wrap(err)
autoUpdateVersion, err := s.backend.UpdateAutoUpdateVersion(ctx, req.Version)
return autoUpdateVersion, trace.Wrap(err)
}

// UpsertAutoUpdateVersion updates or creates autoupdate version singleton.
// UpsertAutoUpdateVersion updates or creates AutoUpdateVersion singleton.
func (s *Service) UpsertAutoUpdateVersion(ctx context.Context, req *autoupdate.UpsertAutoUpdateVersionRequest) (*autoupdate.AutoUpdateVersion, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand All @@ -216,11 +216,11 @@ func (s *Service) UpsertAutoUpdateVersion(ctx context.Context, req *autoupdate.U
return nil, trace.Wrap(err)
}

autoupdateVersion, err := s.backend.UpsertAutoUpdateVersion(ctx, req.Version)
return autoupdateVersion, trace.Wrap(err)
autoUpdateVersion, err := s.backend.UpsertAutoUpdateVersion(ctx, req.Version)
return autoUpdateVersion, trace.Wrap(err)
}

// DeleteAutoUpdateVersion deletes autoupdate version singleton.
// DeleteAutoUpdateVersion deletes AutoUpdateVersion singleton.
func (s *Service) DeleteAutoUpdateVersion(ctx context.Context, req *autoupdate.DeleteAutoUpdateVersionRequest) (*emptypb.Empty, error) {
authCtx, err := s.authorizer.Authorize(ctx)
if err != nil {
Expand Down
2 changes: 1 addition & 1 deletion lib/auth/grpcserver.go
Original file line number Diff line number Diff line change
Expand Up @@ -5721,7 +5721,7 @@ func NewGRPCServer(cfg GRPCServerConfig) (*GRPCServer, error) {
autoUpdateServiceServer, err := autoupdatev1.NewService(autoupdatev1.ServiceConfig{
Authorizer: cfg.Authorizer,
Backend: cfg.AuthServer.Services,
Cache: cfg.AuthServer.Services,
Cache: cfg.AuthServer.Cache,
})
if err != nil {
return nil, trace.Wrap(err)
Expand Down
1 change: 1 addition & 0 deletions lib/auth/helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -334,6 +334,7 @@ func NewTestAuthServer(cfg TestAuthServerConfig) (*TestAuthServer, error) {
AppSession: svces.Identity,
Apps: svces.Apps,
ClusterConfig: svces.ClusterConfiguration,
AutoUpdateService: svces.AutoUpdateService,
DatabaseServices: svces.DatabaseServices,
Databases: svces.Databases,
DiscoveryConfigs: svces.DiscoveryConfigs,
Expand Down
2 changes: 2 additions & 0 deletions lib/authz/permissions.go
Original file line number Diff line number Diff line change
Expand Up @@ -688,6 +688,8 @@ func roleSpecForProxy(clusterName string) types.RoleSpecV6 {
types.NewRule(types.KindSAMLIdPServiceProvider, services.RO()),
types.NewRule(types.KindUserGroup, services.RO()),
types.NewRule(types.KindClusterMaintenanceConfig, services.RO()),
types.NewRule(types.KindAutoUpdateConfig, services.RO()),
types.NewRule(types.KindAutoUpdateVersion, services.RO()),
types.NewRule(types.KindIntegration, append(services.RO(), types.VerbUse)),
types.NewRule(types.KindAuditQuery, services.RO()),
types.NewRule(types.KindSecurityReport, services.RO()),
Expand Down
Loading

0 comments on commit cf3078a

Please sign in to comment.