Skip to content

[web] Add isModeratedSession flag to web ssh session #24238

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
avatus merged 4 commits into from
Apr 12, 2023
Merged

[web] Add isModeratedSession flag to web ssh session #24238

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
fc288e3
Add isModeratedSession flag to web ssh session
avatus Apr 6, 2023
ac8e396
Fix lint
avatus Apr 6, 2023
7a50afb
Change to snakecase
avatus Apr 7, 2023
9d8718c
Change to moderated
avatus Apr 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions lib/session/session.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,8 @@ type Session struct {
AppName string `json:"app_name"`
// Owner is the name of the session owner, ie the one who created the session.
Owner string `json:"owner"`
// Moderated is true if the session requires moderation.
Moderated bool `json:"moderated"`
Comment thread
zmb3 marked this conversation as resolved.
}

// Participants returns the usernames of the current session participants.
Expand Down
14 changes: 12 additions & 2 deletions lib/web/apiserver.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2534,7 +2534,7 @@ func (h *Handler) siteNodeConnect(

if req.SessionID.IsZero() {
// An existing session ID was not provided so we need to create a new one.
sessionData, err = h.generateSession(ctx, clt, req, clusterName, sessionCtx.cfg.User)
sessionData, err = h.generateSession(ctx, clt, req, clusterName, sessionCtx)
if err != nil {
h.log.WithError(err).Debug("Unable to generate new ssh session.")
return nil, trace.Wrap(err)
Expand Down Expand Up @@ -2602,12 +2602,13 @@ func (h *Handler) siteNodeConnect(
return nil, nil
}

func (h *Handler) generateSession(ctx context.Context, clt auth.ClientI, req *TerminalRequest, clusterName string, owner string) (session.Session, error) {
func (h *Handler) generateSession(ctx context.Context, clt auth.ClientI, req *TerminalRequest, clusterName string, scx *SessionContext) (session.Session, error) {
var (
id string
host string
port int
)
owner := scx.cfg.User
h.log.Infof("Generating new session for %s\n", clusterName)

if _, err := uuid.Parse(req.Server); err != nil {
Expand Down Expand Up @@ -2695,13 +2696,20 @@ func (h *Handler) generateSession(ctx context.Context, clt auth.ClientI, req *Te
port = 0
id = req.Server
}
accessChecker, err := scx.GetUserAccessChecker()
Comment thread
zmb3 marked this conversation as resolved.
if err != nil {
return session.Session{}, trace.Wrap(err)
}
policySets := accessChecker.SessionPolicySets()
accessEvaluator := auth.NewSessionAccessEvaluator(policySets, types.SSHSessionKind, owner)

return session.Session{
Login: req.Login,
ServerID: id,
ClusterName: clusterName,
ServerHostname: host,
ServerHostPort: port,
Moderated: accessEvaluator.IsModerated(),
ID: session.NewID(),
Created: time.Now().UTC(),
LastActive: time.Now().UTC(),
Expand Down Expand Up @@ -2808,6 +2816,7 @@ func trackerToLegacySession(tracker types.SessionTracker, clusterName string) se
// note: we don't populate the RemoteAddr field since it isn't used and we don't have an equivalent value
})
}
accessEvaluator := auth.NewSessionAccessEvaluator(tracker.GetHostPolicySets(), types.SSHSessionKind, tracker.GetHostUser())

return session.Session{
Kind: tracker.GetSessionKind(),
Expand All @@ -2828,6 +2837,7 @@ func trackerToLegacySession(tracker types.SessionTracker, clusterName string) se
KubernetesClusterName: tracker.GetKubeCluster(),
DesktopName: tracker.GetDesktopName(),
AppName: tracker.GetAppName(),
Moderated: accessEvaluator.IsModerated(),
DatabaseName: tracker.GetDatabaseName(),
Owner: tracker.GetHostUser(),
}
Expand Down
1 change: 1 addition & 0 deletions web/packages/teleport/src/Console/DocumentSsh/DocumentSsh.story.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,4 +99,5 @@ const session: Session = {
parties: [],
addr: '1.1.1.1:1111',
participantModes: ['observer', 'moderator', 'peer'],
moderated: false,
};
5 changes: 5 additions & 0 deletions web/packages/teleport/src/Sessions/fixtures/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ export const sessions: Session[] = [
clusterId: 'im-a-cluster-name',
resourceName: 'minikube',
participantModes: ['observer', 'moderator', 'peer'],
moderated: false,
},
{
kind: 'ssh',
Expand All @@ -52,6 +53,7 @@ export const sessions: Session[] = [
addr: 'd5d6d695-97c5-4bef-b052-0f5c6203d7a1',
clusterId: 'im-a-cluster-name',
participantModes: ['observer', 'moderator'],
moderated: false,
},
{
kind: 'desktop',
Expand All @@ -70,6 +72,7 @@ export const sessions: Session[] = [
addr: 'd5d6d695-97c5-4bef-b052-0f5c6203d7a1',
clusterId: 'im-a-cluster-name',
participantModes: ['observer', 'moderator', 'peer'],
moderated: false,
},
{
kind: 'db',
Expand All @@ -88,6 +91,7 @@ export const sessions: Session[] = [
addr: 'd5d6d695-97c5-4bef-b052-0f5c6203d7a1',
clusterId: 'im-a-cluster-name',
participantModes: ['observer'],
moderated: false,
},
{
kind: 'app',
Expand All @@ -106,5 +110,6 @@ export const sessions: Session[] = [
addr: 'd5d6d695-97c5-4bef-b052-0f5c6203d7a1',
clusterId: 'im-a-cluster-name',
participantModes: ['observer', 'moderator', 'peer'],
moderated: false,
},
];
2 changes: 2 additions & 0 deletions web/packages/teleport/src/services/session/makeSession.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ export default function makeSession(json): Session {
server_addr,
parties,
participantModes,
moderated,
} = json;

const createdDate = created ? new Date(created) : null;
Expand All @@ -58,6 +59,7 @@ export default function makeSession(json): Session {
parties: parties ? parties.map(p => makeParticipant(p)) : [],
addr: server_addr ? server_addr.replace(PORT_REGEX, '') : '',
participantModes: participantModes ?? [],
moderated,
};
}

Expand Down
2 changes: 2 additions & 0 deletions web/packages/teleport/src/services/session/types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@ export interface Session {
resourceName: string;
// participantModes are the participant modes that are available to the user listing this session.
participantModes: ParticipantMode[];
// whether this session requires moderation or not. this is NOT if the session is currently being actively moderated
moderated: boolean;
}

export type SessionMetadata = {
Expand Down