gravitational · rosstimothy · Jun 30, 2023 · Jun 30, 2023
diff --git a/integration/appaccess/pack.go b/integration/appaccess/pack.go
@@ -45,7 +45,7 @@ import (
 	"github.com/gravitational/teleport/lib/events"
 	"github.com/gravitational/teleport/lib/httplib/csrf"
 	"github.com/gravitational/teleport/lib/httplib/reverseproxy"
-	"github.com/gravitational/teleport/lib/reversetunnel"
+	"github.com/gravitational/teleport/lib/reversetunnelclient"
 	"github.com/gravitational/teleport/lib/service"
 	"github.com/gravitational/teleport/lib/service/servicecfg"
 	"github.com/gravitational/teleport/lib/services"
@@ -753,7 +753,7 @@ func (p *Pack) startRootAppServers(t *testing.T, count int, opts AppTestOptions)
 	return servers
 }
 
-func waitForAppServer(t *testing.T, tunnel reversetunnel.Server, name string, hostUUID string, apps []servicecfg.App) {
+func waitForAppServer(t *testing.T, tunnel reversetunnelclient.Server, name string, hostUUID string, apps []servicecfg.App) {
 	// Make sure that the app server is ready to accept connections.
 	// The remote site cache needs to be filled with new registered application services.
 	waitForAppRegInRemoteSiteCache(t, tunnel, name, apps, hostUUID)
@@ -891,7 +891,7 @@ func (p *Pack) startLeafAppServers(t *testing.T, count int, opts AppTestOptions)
 	return servers
 }
 
-func waitForAppRegInRemoteSiteCache(t *testing.T, tunnel reversetunnel.Server, clusterName string, cfgApps []servicecfg.App, hostUUID string) {
+func waitForAppRegInRemoteSiteCache(t *testing.T, tunnel reversetunnelclient.Server, clusterName string, cfgApps []servicecfg.App, hostUUID string) {
 	require.Eventually(t, func() bool {
 		site, err := tunnel.GetSite(clusterName)
 		require.NoError(t, err)

diff --git a/integration/helpers/instance.go b/integration/helpers/instance.go
@@ -56,6 +56,7 @@ import (
 	"github.com/gravitational/teleport/lib/httplib/csrf"
 	"github.com/gravitational/teleport/lib/observability/tracing"
 	"github.com/gravitational/teleport/lib/reversetunnel"
+	"github.com/gravitational/teleport/lib/reversetunnelclient"
 	"github.com/gravitational/teleport/lib/service"
 	"github.com/gravitational/teleport/lib/service/servicecfg"
 	"github.com/gravitational/teleport/lib/services"
@@ -258,7 +259,7 @@ type TeleInstance struct {
 	// Internal stuff...
 	Process              *service.TeleportProcess
 	Config               *servicecfg.Config
-	Tunnel               reversetunnel.Server
+	Tunnel               reversetunnelclient.Server
 	RemoteClusterWatcher *reversetunnel.RemoteClusterTunnelManager
 
 	// Nodes is a list of additional nodes
@@ -1033,7 +1034,7 @@ type ProxyConfig struct {
 }
 
 // StartProxy starts another Proxy Server and connects it to the cluster.
-func (i *TeleInstance) StartProxy(cfg ProxyConfig, opts ...Option) (reversetunnel.Server, *service.TeleportProcess, error) {
+func (i *TeleInstance) StartProxy(cfg ProxyConfig, opts ...Option) (reversetunnelclient.Server, *service.TeleportProcess, error) {
 	dataDir, err := os.MkdirTemp("", "cluster-"+i.Secrets.SiteName+"-"+cfg.Name)
 	if err != nil {
 		return nil, nil, trace.Wrap(err)
@@ -1107,12 +1108,12 @@ func (i *TeleInstance) StartProxy(cfg ProxyConfig, opts ...Option) (reversetunne
 	log.Debugf("Teleport proxy (in instance %v) started: %v/%v events received.",
 		i.Secrets.SiteName, len(expectedEvents), len(receivedEvents))
 
-	// Extract and set reversetunnel.Server and reversetunnel.AgentPool upon
+	// Extract and set reversetunnelclient.Server and reversetunnel.AgentPool upon
 	// receipt of a ProxyReverseTunnelReady event
 	for _, re := range receivedEvents {
 		switch re.Name {
 		case service.ProxyReverseTunnelReady:
-			ts, ok := re.Payload.(reversetunnel.Server)
+			ts, ok := re.Payload.(reversetunnelclient.Server)
 			if ok {
 				return ts, process, nil
 			}
@@ -1220,12 +1221,12 @@ func (i *TeleInstance) Start() error {
 		return trace.Wrap(err)
 	}
 
-	// Extract and set reversetunnel.Server and reversetunnel.AgentPool upon
+	// Extract and set reversetunnelclient.Server and reversetunnel.AgentPool upon
 	// receipt of a ProxyReverseTunnelReady and ProxyAgentPoolReady respectively.
 	for _, re := range receivedEvents {
 		switch re.Name {
 		case service.ProxyReverseTunnelReady:
-			ts, ok := re.Payload.(reversetunnel.Server)
+			ts, ok := re.Payload.(reversetunnelclient.Server)
 			if ok {
 				i.Tunnel = ts
 			}

diff --git a/integration/helpers/trustedclusters.go b/integration/helpers/trustedclusters.go
@@ -28,7 +28,7 @@ import (
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/utils/retryutils"
 	"github.com/gravitational/teleport/lib/auth"
-	"github.com/gravitational/teleport/lib/reversetunnel"
+	"github.com/gravitational/teleport/lib/reversetunnelclient"
 )
 
 // WaitForTunnelConnections waits for remote tunnels connections
@@ -76,7 +76,7 @@ func TryCreateTrustedCluster(t *testing.T, authServer *auth.Server, trustedClust
 	require.FailNow(t, "Timeout creating trusted cluster")
 }
 
-func WaitForClusters(tun reversetunnel.Server, expected int) func() bool {
+func WaitForClusters(tun reversetunnelclient.Server, expected int) func() bool {
 	return func() bool {
 		clusters, err := tun.GetSites()
 		if err != nil {
@@ -129,7 +129,7 @@ func WaitForNodeCount(ctx context.Context, t *TeleInstance, clusterName string,
 }
 
 // WaitForActiveTunnelConnections waits for remote cluster to report a minimum number of active connections
-func WaitForActiveTunnelConnections(t *testing.T, tunnel reversetunnel.Server, clusterName string, expectedCount int) {
+func WaitForActiveTunnelConnections(t *testing.T, tunnel reversetunnelclient.Server, clusterName string, expectedCount int) {
 	require.Eventually(t, func() bool {
 		cluster, err := tunnel.GetSite(clusterName)
 		if err != nil {

diff --git a/integration/integration_test.go b/integration/integration_test.go
@@ -84,7 +84,7 @@ import (
 	"github.com/gravitational/teleport/lib/events/filesessions"
 	"github.com/gravitational/teleport/lib/modules"
 	"github.com/gravitational/teleport/lib/pam"
-	"github.com/gravitational/teleport/lib/reversetunnel"
+	"github.com/gravitational/teleport/lib/reversetunnelclient"
 	"github.com/gravitational/teleport/lib/service"
 	"github.com/gravitational/teleport/lib/service/servicecfg"
 	"github.com/gravitational/teleport/lib/services"
@@ -3810,7 +3810,7 @@ func testDiscoveryRecovers(t *testing.T, suite *integrationTestSuite) {
 	var reverseTunnelAddr string
 
 	// Helper function for adding a new proxy to "main".
-	addNewMainProxy := func(name string) (reversetunnel.Server, helpers.ProxyConfig) {
+	addNewMainProxy := func(name string) (reversetunnelclient.Server, helpers.ProxyConfig) {
 		t.Logf("adding main proxy %q...", name)
 		newConfig := helpers.ProxyConfig{
 			Name:              name,

diff --git a/integration/proxy/proxy_helpers.go b/integration/proxy/proxy_helpers.go
@@ -55,7 +55,7 @@ import (
 	"github.com/gravitational/teleport/lib/client"
 	"github.com/gravitational/teleport/lib/defaults"
 	"github.com/gravitational/teleport/lib/fixtures"
-	"github.com/gravitational/teleport/lib/reversetunnel"
+	"github.com/gravitational/teleport/lib/reversetunnelclient"
 	"github.com/gravitational/teleport/lib/service/servicecfg"
 	"github.com/gravitational/teleport/lib/services"
 	"github.com/gravitational/teleport/lib/srv/alpnproxy"
@@ -602,7 +602,7 @@ func makeNodeConfig(nodeName, proxyAddr string) *servicecfg.Config {
 }
 
 // waitForActivePeerProxyConnections waits for remote cluster to report a minimum number of active proxy peer connections
-func waitForActivePeerProxyConnections(t *testing.T, tunnel reversetunnel.Server, expectedCount int) { //nolint:unused // Only used by skipped test TestProxyTunnelStrategyProxyPeering
+func waitForActivePeerProxyConnections(t *testing.T, tunnel reversetunnelclient.Server, expectedCount int) { //nolint:unused // Only used by skipped test TestProxyTunnelStrategyProxyPeering
 	require.Eventually(t, func() bool {
 		return tunnel.GetProxyPeerClient().GetConnectionsCount() >= expectedCount
 	},

diff --git a/lib/benchmark/web.go b/lib/benchmark/web.go
@@ -77,7 +77,7 @@ func (s WebSSHBenchmark) BenchBuilder(ctx context.Context, tc *client.TeleportCl
 			return nil, trace.BadParameter("random ssh bench commands must use the format <user>@all <command>")
 		}
 
-		servers, err := s.getServers(ctx, tc)
+		servers, err := getServers(ctx, tc)
 		if err != nil {
 			return nil, trace.Wrap(err)
 		}
@@ -92,10 +92,39 @@ func (s WebSSHBenchmark) BenchBuilder(ctx context.Context, tc *client.TeleportCl
 	}, nil
 }
 
+type webSession struct {
+	mu         sync.Mutex
+	webSession types.WebSession
+	clt        *client.WebClient
+}
+
+func (s *webSession) renew(ctx context.Context) {
+	for {
+		select {
+		case <-ctx.Done():
+			return
+		case <-time.After(time.Until(s.expires().Add(-3 * time.Minute))):
+			resp, err := s.clt.PostJSON(ctx, s.clt.Endpoint("webapi", "sessions", "renew"), nil)
+			if err != nil {
+				continue
+			}
+
+			session, err := client.GetSessionFromResponse(resp)
+			if err != nil {
+				continue
+			}
+
+			s.mu.Lock()
+			s.webSession = session
+			s.mu.Unlock()
+		}
+	}
+}
+
 // runCommand starts a non-interactive SSH session and executes the provided
 // command before terminating the session.
 func (s WebSSHBenchmark) runCommand(ctx context.Context, tc *client.TeleportClient, webSess *webSession, host, command string) error {
-	stream, err := s.connectToHost(ctx, tc, webSess, host)
+	stream, err := connectToHost(ctx, tc, webSess, host)
 	if err != nil {
 		return trace.Wrap(err)
 	}
@@ -112,29 +141,8 @@ func (s WebSSHBenchmark) runCommand(ctx context.Context, tc *client.TeleportClie
 	return nil
 }
 
-// getServers returns all [types.Server] that the authenticated user has
-// access to.
-func (s WebSSHBenchmark) getServers(ctx context.Context, tc *client.TeleportClient) ([]types.Server, error) {
-	clt, err := tc.ConnectToCluster(ctx)
-	if err != nil {
-		return nil, trace.Wrap(err)
-	}
-	defer clt.Close()
-
-	resources, err := apiclient.GetAllResources[types.Server](ctx, clt.AuthClient, tc.ResourceFilter(types.KindNode))
-	if err != nil {
-		return nil, trace.Wrap(err)
-	}
-
-	if len(resources) == 0 {
-		return nil, trace.BadParameter("no target hosts available")
-	}
-
-	return resources, nil
-}
-
 // connectToHost opens an SSH session to the target host via the Proxy web api.
-func (s WebSSHBenchmark) connectToHost(ctx context.Context, tc *client.TeleportClient, webSession *webSession, host string) (*web.TerminalStream, error) {
+func connectToHost(ctx context.Context, tc *client.TeleportClient, webSession *webSession, host string) (io.ReadWriteCloser, error) {
 	req := web.TerminalRequest{
 		Server: host,
 		Login:  tc.HostLogin,
@@ -185,33 +193,25 @@ func (s WebSSHBenchmark) connectToHost(ctx context.Context, tc *client.TeleportC
 	return stream, trace.Wrap(err)
 }
 
-type webSession struct {
-	mu         sync.Mutex
-	webSession types.WebSession
-	clt        *client.WebClient
-}
-
-func (s *webSession) renew(ctx context.Context) {
-	for {
-		select {
-		case <-ctx.Done():
-			return
-		case <-time.After(time.Until(s.expires().Add(-3 * time.Minute))):
-			resp, err := s.clt.PostJSON(ctx, s.clt.Endpoint("webapi", "sessions", "renew"), nil)
-			if err != nil {
-				continue
-			}
+// getServers returns all [types.Server] that the authenticated user has
+// access to.
+func getServers(ctx context.Context, tc *client.TeleportClient) ([]types.Server, error) {
+	clt, err := tc.ConnectToCluster(ctx)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	defer clt.Close()
 
-			session, err := client.GetSessionFromResponse(resp)
-			if err != nil {
-				continue
-			}
+	resources, err := apiclient.GetAllResources[types.Server](ctx, clt.AuthClient, tc.ResourceFilter(types.KindNode))
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
 
-			s.mu.Lock()
-			s.webSession = session
-			s.mu.Unlock()
-		}
+	if len(resources) == 0 {
+		return nil, trace.BadParameter("no target hosts available")
 	}
+
+	return resources, nil
 }
 
 func (s *webSession) expires() time.Time {

diff --git a/lib/client/conntest/database/mysql.go b/lib/client/conntest/database/mysql.go
@@ -29,12 +29,27 @@ import (
 	"github.com/sirupsen/logrus"
 
 	"github.com/gravitational/teleport/lib/defaults"
-	"github.com/gravitational/teleport/lib/srv/db/common"
 )
 
 // MySQLPinger implements the DatabasePinger interface for the MySQL protocol.
 type MySQLPinger struct{}
 
+// convertError converts the error from MySQL client since it can be wrapped in an [errors.Causer].
+// The MySQL engine in the agent already does this, but we need it here because
+// the error is from the MySQL client.
+func convertError(err error) error {
+	// causer defines an interface for errors wrapped by the [errors] package.
+	type causer interface {
+		Cause() error
+	}
+
+	if causer, ok := err.(causer); ok {
+		return trace.Wrap(causer.Cause())
+	}
+
+	return trace.Wrap(err)
+}
+
 // Ping connects to the database and issues a basic select statement to validate the connection.
 func (p *MySQLPinger) Ping(ctx context.Context, params PingParams) error {
 	if err := params.CheckAndSetDefaults(defaults.ProtocolMySQL); err != nil {
@@ -50,10 +65,7 @@ func (p *MySQLPinger) Ping(ctx context.Context, params PingParams) error {
 		nd.DialContext,
 	)
 	if err != nil {
-		// convert the error from MySQL client since it can be wrapped in a "Causer".
-		// The MySQL engine in the agent already does this, but we need it here because
-		// the error is from the MySQL client.
-		return trace.Wrap(common.ConvertError(err))
+		return convertError(err)
 	}
 
 	defer func() {
@@ -63,7 +75,7 @@ func (p *MySQLPinger) Ping(ctx context.Context, params PingParams) error {
 	}()
 
 	if err := conn.Ping(); err != nil {
-		return trace.Wrap(common.ConvertError(err))
+		return convertError(err)
 	}
 
 	return nil

diff --git a/lib/kube/proxy/forwarder.go b/lib/kube/proxy/forwarder.go
@@ -86,7 +86,6 @@ import (
 	"github.com/gravitational/teleport/lib/kube/proxy/streamproto"
 	kubeutils "github.com/gravitational/teleport/lib/kube/utils"
 	"github.com/gravitational/teleport/lib/multiplexer"
-	"github.com/gravitational/teleport/lib/reversetunnel"
 	"github.com/gravitational/teleport/lib/reversetunnelclient"
 	"github.com/gravitational/teleport/lib/service/servicecfg"
 	"github.com/gravitational/teleport/lib/services"
@@ -115,7 +114,7 @@ const (
 // ForwarderConfig specifies configuration for proxy forwarder
 type ForwarderConfig struct {
 	// ReverseTunnelSrv is the teleport reverse tunnel server
-	ReverseTunnelSrv reversetunnel.Server
+	ReverseTunnelSrv reversetunnelclient.Server
 	// ClusterName is a local cluster name
 	ClusterName string
 	// Keygen points to a key generator implementation