Report Connect usage events

[gzdunek]

Part of #19000
Requires #19378 to be merged first. ✅
Requires #19774 to be merged first (see #19564 (comment)) ✅

This PR adds actual events sending mechanism, it receives events from Electron, converts them to prehog model anonyzmies them and then sends in batches.

EDIT:
In the first attempt I had separate definitions for prehog events in tshd. It was ineffective approach and resulted in quite a lot of boilerplate (maintaining two, very similar protos and then having to convert one model to another). After a discussion with Rafał, we decided to use prehog protos directly in tshd protos.

[gzdunek]

My thoughts about this PR:
Anonymizing and converting tshd events to prehog events introduces quite a lot of boilerplate (the events have almost the same properties and I need manually convert each of them). I’m considering getting rid of tshd's usage_events.proto and instead operating only prehog's events.
It would require:

• Performing anonymization before event leaves electron - shouldn’t be difficult, I can add a gRPC call that will run our anonymizer against the provided value
• Importing prehog's connect.proto to teleterm's service.proto - for some reason it doesn’t work, I get an error saying that imported proto doesn't exist
• Generating JS files for connect.proto

What do you think about it? Do you like the current solution, where we send authClusterId with every event that needs to be anonymized? I'm afraid it can be confusing, as we create almost complete events in Electron and then we perform one more thing in tshd :/

[avatus]

I only had a chance to look at the types today. Will finish my review tomorrow. Super neat so far tho!

[avatus]

We can reuse our EmptyResponse for this in service.proto instead of creating a new empty response here. Like this here

[ravicious]

We could use google.protobuf.Empty here, as long as it doesn't return linter errors (I'm not sure about this).

Historically, I haven't been consistent with it inside lib/teleterm. tshd_events_service.proto explicitly defines custom empty messages in order to keep backwards compatibility.

But I did a quick search right now and it turns out reusing google.protobuf.Empty (or something similar) is not a problem for backwards compatibility. Eric Anderson from the gRPC team says that old clients will not have a problem with this and the only thing it breaks is the generated types.

So I think going forward we could use google.protobuf.Empty, as we already do in the project. Unless the linter is now set up to require you to define a custom message for each RPC.

[espadolini]

The .proto is imported from gravitational/prehog, which enforces the default Buf lint rules RPC_REQUEST_STANDARD_NAME and RPC_RESPONSE_STANDARD_NAME.

[avatus]

This can also be an EmptyResponse

[gzdunek]

Done, I think it's ok to use our common EmptyResponse instead of google.protobuf.Empty.

[ravicious]

Do we need to address this before merging?

[gzdunek]

No, it works this way for Teleport events too, we can fix it later.

[ravicious]

I’m considering getting rid of tshd's usage_events.proto and instead operating only prehog's events. It would require:

• Performing anonymization before event leaves electron - shouldn’t be difficult, I can add a gRPC call that will run our anonymizer against the provided value

• Importing prehog's connect.proto to teleterm's service.proto - for some reason it doesn’t work, I get an error saying that imported proto doesn't exist

• Generating JS files for connect.proto

What do you think about it? Do you like the current solution, where we send authClusterId with every event that needs to be anonymized? I'm afraid it can be confusing, as we create almost complete events in Electron and then we perform one more thing in tshd :/

For me it's not confusing as much as it's just a lot of boilerplate.

From the side of the Electron app, I think the API looks pretty much alright – the Electron app should just send events and I don't think it wants to care about anonymization, especially since it's unable to anonymize anything on its own.

---

Could the Electron app send prehog's events to tshd through TerminalService and then tshd would anonymize the required fields before passing the events further?

If that would be possible, theoretically we could then do the minimal amount of work possible instead of having to rewrap every event.

[ravicious]

As for importing connect.proto to service.proto:

The protocol compiler searches for imported files in a set of directories specified on the protocol compiler command line using the -I/--proto_path flag. If no flag was given, it looks in the directory in which the compiler was invoked. In general you should set the --proto_path flag to the root of your project and use fully qualified names for all imports.

https://developers.google.com/protocol-buffers/docs/proto3#importing_definitions

AFAIK we now use buf instead of protoc, so maybe enabling that requires changes to buf's config.

[gzdunek]

Could the Electron app send prehog's events to tshd through TerminalService and then tshd would anonymize the required fields before passing the events further?

Unfortunately, it is not possible as tshd events (the ones that need to be anonymized) have one additional field - auth_cluster_id. It is needed to create the anonymizer. The prehog events don't have this field.

EDIT: we can send event + auth cluster id

[gzdunek]

I just pushed the changes, so we don't have tshd usage events anymore and there is much less boilerplate.

We should merge changes to the protobuf generation first, @ravicious promised to create a PR for that :)

[ravicious]

I opened #19774 which reorganizes protos into a single workspace.

I made a couple of small changes compared to #19700. Once #19774 is merged, you will need to do the following in this PR:

• Add lib/prehog/buf-teleterm.gen.yaml

lib/prehog/buf-teleterm.gen.yaml

# buf-teleterm.gen.yaml is identical to buf.gen.yaml,
# with the exception of three addidiotal JS plugins.
version: v1
managed:
  enabled: true
  go_package_prefix:
    default: github.com/gravitational/teleport/lib/prehog/gen
plugins:
  - name: go
    path: lib/prehog/bin/protoc-gen-go
    out: lib/prehog/gen
    opt:
      - paths=source_relative
  - name: connect-go
    path: lib/prehog/bin/protoc-gen-connect-go
    out: lib/prehog/gen
    opt:
      - paths=source_relative

  - name: js
    out: lib/prehog/gen-js
    opt:
      - import_style=commonjs,binary
  - name: grpc
    out: lib/prehog/gen-js
    opt: grpc_js
    path: grpc_tools_node_protoc_plugin
  - name: ts
    out: lib/prehog/gen-js
    opt: "service=grpc-node"

• Extend grpc-teleterm/host to generate prehog protos as well.

grpc-teleterm/host: protos/all
	$(BUF) generate --template=lib/prehog/buf-teleterm.gen.yaml lib/prehog/proto
	$(BUF) generate --template=lib/teleterm/buf.gen.yaml lib/teleterm/api/proto

• Add go_package in lib/prehog/proto/prehog/v1alpha/teleport.proto

option go_package = "github.com/gravitational/teleport/lib/prehog/gen/prehog/v1alpha";

[gzdunek]

License check was failing on the following files:

lib/prehog/gen-js/prehog/v1alpha/teleport_grpc_pb.d.ts
lib/prehog/gen-js/prehog/v1alpha/connect_grpc_pb.d.ts
lib/prehog/gen-js/prehog/v1alpha/connect_pb.d.ts
lib/prehog/gen-js/prehog/v1alpha/teleport_pb.d.ts

I added lib/prehog/gen-js/** to the ignored files list.

[gzdunek]

I updated the PR:

• updated connect.proto to match the final version from prehog
• added changes related to JS files generation (from Report Connect usage events #19564 (comment))
• removed hardcoded prehog address, instead it will be passed from Electron (similarly to other runtime values)

[ravicious]

What's the advantage of doing it this way vs using a string with "upload"/"download"?

[gzdunek]

I followed Edoardo suggestion, I think isUpload is easier to understand than direction.

[ravicious]

Let's put it below DaemonCertsDir and above DatabaseService.

[gzdunek]

Right, I meant to put it like that.