Skip to content

tshd-initiated communication for Connect #16043

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
ravicious wants to merge 6 commits into from
Closed

tshd-initiated communication for Connect #16043

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
9b46ef6
Log gateway.Close errors during test cleanups
ravicious Sep 1, 2022
d33f90f
Improve fields of gateway loggers
ravicious Sep 1, 2022
bfa55ff
Session expired message for tsh proxy db
ravicious Aug 30, 2022
b4b325b
Add ClusterEvents stream to protobufs
ravicious Aug 26, 2022
25485cf
Add implementation of cluster events stream
ravicious Sep 1, 2022
754c915
Ensure only one cluster events stream can be active at a time
ravicious Sep 1, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions lib/srv/alpnproxy/local_proxy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,10 @@ import (
"github.com/gravitational/teleport/lib/utils/aws"
)

// OnNewConnectionFunc is a callback triggered when a new downstream connection is
// accepted by the local proxy.
type OnNewConnectionFunc func(lp *LocalProxy, conn net.Conn)

// LocalProxy allows upgrading incoming connection to TLS where custom TLS values are set SNI ALPN and
// updated connection is forwarded to remote ALPN SNI teleport proxy service.
type LocalProxy struct {
Expand Down Expand Up @@ -71,6 +75,11 @@ type LocalProxyConfig struct {
Certs []tls.Certificate
// AWSCredentials are AWS Credentials used by LocalProxy for request's signature verification.
AWSCredentials *credentials.Credentials
// OnNewConnection is a callback triggered when a new downstream connection
// is accepted by the local proxy.
//
// Note that the callback blocks handling of the connection.
OnNewConnection OnNewConnectionFunc
}

// CheckAndSetDefaults verifies the constraints for LocalProxyConfig.
Expand Down Expand Up @@ -128,6 +137,11 @@ func (l *LocalProxy) Start(ctx context.Context) error {
log.WithError(err).Errorf("Failed to accept client connection.")
return trace.Wrap(err)
}

if l.cfg.OnNewConnection != nil {
l.cfg.OnNewConnection(l, conn)
}

go func() {
if err := l.handleDownstreamConnection(ctx, conn, l.cfg.SNI); err != nil {
if utils.IsOKNetworkError(err) {
Expand Down
20 changes: 20 additions & 0 deletions lib/teleterm/api/proto/v1/service.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,9 @@ service TerminalService {
rpc LoginPasswordless(stream LoginPasswordlessRequest) returns (stream LoginPasswordlessResponse);
// ClusterLogin logs out a user from cluster
rpc Logout(LogoutRequest) returns (EmptyResponse);

// TODO: Add comment.
rpc ClusterEvents(ClusterEventsRequest) returns (stream ClusterEvent);
}

// RemoveClusterRequest describes RemoveClusterRequest
Expand Down Expand Up @@ -287,4 +290,21 @@ message GetAuthSettingsRequest {
string cluster_uri = 1;
}

message ClusterEventsRequest {}

message ClusterEvent {
string cluster_uri = 1;
oneof event {
CertExpired cert_expired = 2;
NewGatewayConnectionAccepted new_gateway_connection_accepted = 3;
}
}
Comment on lines +295 to +301
Copy link
Copy Markdown
Member Author

@ravicious ravicious Sep 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is just a draft version of this message. For now I'm fairly sure that all messages will be cluster-centric. Though rewriting them to support messages that are not tied to any particular cluster shouldn't be hard.


message CertExpired {}

message NewGatewayConnectionAccepted {
string gateway_uri = 1;
string target_uri = 2;
}

message EmptyResponse {}
Loading