From 5dbda4f41b0c5004bbb328d445121bf8ffec72ff Mon Sep 17 00:00:00 2001 From: Roman Tkachenko Date: Fri, 13 Oct 2017 17:32:45 -0700 Subject: [PATCH] Use plugins mechanism instead of oss/e flag --- constants.go | 10 --- e | 2 +- lib/auth/init.go | 2 +- lib/auth/tun_test.go | 2 +- lib/plugins/plugins.go | 89 +++++++++++++++++++++++++++ lib/runtimeflags.go | 20 ------ lib/services/role.go | 12 +--- lib/services/trustedcluster.go | 10 +-- lib/utils/utils.go | 18 ++---- lib/web/apiserver_test.go | 2 +- tool/tctl/common/tctl.go | 7 +-- tool/tctl/main.go | 3 +- tool/teleport/common/teleport.go | 9 +-- tool/teleport/common/teleport_test.go | 14 ++--- tool/teleport/main.go | 7 +-- tool/tsh/tsh.go | 2 +- 16 files changed, 118 insertions(+), 91 deletions(-) create mode 100644 lib/plugins/plugins.go diff --git a/constants.go b/constants.go index 57161eca4962b..d752efaf8fc8d 100644 --- a/constants.go +++ b/constants.go @@ -204,13 +204,3 @@ const AdminRoleName = "admin" // DefaultImplicitRole is implicit role that gets added to all service.RoleSet // objects. const DefaultImplicitRole = "default-implicit-role" - -// DistroType allows to declare what kind of distribution of Teleport -// is running -type DistroType string - -// Possible values for DistroType: -const ( - DistroTypeOSS DistroType = "community" - DistroTypeEnterprise DistroType = "enterprise" -) diff --git a/e b/e index a64ce95ec5b19..861b18b73f967 160000 --- a/e +++ b/e @@ -1 +1 @@ -Subproject commit a64ce95ec5b19b49fa58db6ff9dfcae790b4163f +Subproject commit 861b18b73f967cac40e9d3d10692c008d926d337 diff --git a/lib/auth/init.go b/lib/auth/init.go index 7677484ef8c45..02d3728ae2838 100644 --- a/lib/auth/init.go +++ b/lib/auth/init.go @@ -188,7 +188,7 @@ func Init(cfg InitConfig) (*AuthServer, *Identity, error) { log.Infof("[INIT] Created Namespace: %q", defaults.Namespace) // always create a default admin role - defaultRole := services.NewAdminRole(lib.IsEnterprise()) + defaultRole := services.NewAdminRole() err = asrv.CreateRole(defaultRole, backend.Forever) if err != nil && !trace.IsAlreadyExists(err) { return nil, nil, trace.Wrap(err) diff --git a/lib/auth/tun_test.go b/lib/auth/tun_test.go index cf80d7f25578b..05a0900e34246 100644 --- a/lib/auth/tun_test.go +++ b/lib/auth/tun_test.go @@ -101,7 +101,7 @@ func (s *TunSuite) SetUpTest(c *C) { c.Assert(err, IsNil) // create the default role - c.Assert(s.a.UpsertRole(services.NewAdminRole(false), backend.Forever), IsNil) + c.Assert(s.a.UpsertRole(services.NewAdminRole(), backend.Forever), IsNil) // set up host private key and certificate c.Assert(s.a.UpsertCertAuthority( diff --git a/lib/plugins/plugins.go b/lib/plugins/plugins.go new file mode 100644 index 0000000000000..4320fe093b19c --- /dev/null +++ b/lib/plugins/plugins.go @@ -0,0 +1,89 @@ +/* +Copyright 2017 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// package plugins allows external packages override certain behavioral +// aspects of teleport +package plugins + +import ( + "fmt" + "sync" + + "github.com/gravitational/teleport" +) + +var m = &sync.Mutex{} + +var emptyRolesHandler = func() error { + return nil +} + +// SetEmptyRolesHandler sets the callback which is called when a new trusted +// cluster with empty roles is being created +func SetEmptyRolesHandler(fn func() error) { + m.Lock() + defer m.Unlock() + emptyRolesHandler = fn +} + +// EmptyRoles handler is called when a new trusted cluster with empty roles +// is being created +func EmptyRolesHandler() error { + m.Lock() + defer m.Unlock() + return emptyRolesHandler() +} + +var defaultAllowedLogins = func() []string { + return []string{teleport.TraitInternalRoleVariable} +} + +// SetDefaultAllowedLogins sets the function that returns default allowed +// logins for a new admin role +func SetDefaultAllowedLogins(fn func() []string) { + m.Lock() + defer m.Unlock() + defaultAllowedLogins = fn +} + +// DefaultAllowedLogins returns default allowed logins for a new admin role +func DefaultAllowedLogins() []string { + m.Lock() + defer m.Unlock() + return defaultAllowedLogins() +} + +var versionPrinter = func() { + ver := fmt.Sprintf("Teleport v%s", teleport.Version) + if teleport.Gitref != "" { + ver = fmt.Sprintf("%s git:%s", ver, teleport.Gitref) + } + fmt.Println(ver) +} + +// SetVersionPrinter sets the method that prints teleport version +func SetVersionPrinter(fn func()) { + m.Lock() + defer m.Unlock() + versionPrinter = fn +} + +// VersionPrinter prints teleport version +func VersionPrinter() { + m.Lock() + defer m.Unlock() + versionPrinter() +} diff --git a/lib/runtimeflags.go b/lib/runtimeflags.go index 1cab3bc50a558..e4fefac1331b2 100644 --- a/lib/runtimeflags.go +++ b/lib/runtimeflags.go @@ -31,16 +31,9 @@ package lib import ( "sync" - - "github.com/gravitational/teleport" ) var ( - // currentDistroType contains the type of teleport binary: enterprise or - // open source this flag does not enable any enterprise features, but it - // makes the default experience of the OSS users nicer. - currentDistroType teleport.DistroType = teleport.DistroTypeOSS - // insecureDevMode is set to 'true' when teleport is started with a hidden // --insecure flag. This mode is only useful for learning Teleport and following // quick starts: it disables HTTPS certificate validation @@ -50,19 +43,6 @@ var ( flagLock sync.Mutex ) -func SetDistroType(t teleport.DistroType) { - flagLock.Lock() - defer flagLock.Unlock() - currentDistroType = t -} - -// IsEnterprise returns 'true' if Teleport is packaged with enterprise runime -func IsEnterprise() bool { - flagLock.Lock() - defer flagLock.Unlock() - return currentDistroType == teleport.DistroTypeEnterprise -} - // SetInsecureDevMode turns the 'insecure' mode on. In this mode Teleport accpets // self-signed HTTPS certificates (for development only!) func SetInsecureDevMode(m bool) { diff --git a/lib/services/role.go b/lib/services/role.go index ec33e87b7fff6..e2adae3f53efd 100644 --- a/lib/services/role.go +++ b/lib/services/role.go @@ -24,6 +24,7 @@ import ( "github.com/gravitational/teleport" "github.com/gravitational/teleport/lib/defaults" + "github.com/gravitational/teleport/lib/plugins" "github.com/gravitational/teleport/lib/utils" "github.com/gravitational/teleport/lib/utils/parse" @@ -79,7 +80,7 @@ func RoleNameForCertAuthority(name string) string { // NewAdminRole is the default admin role for all local users if another role // is not explicitly assigned (Enterprise only). -func NewAdminRole(isEnterprise bool) Role { +func NewAdminRole() Role { role := &RoleV3{ Kind: KindRole, Version: V3, @@ -98,14 +99,7 @@ func NewAdminRole(isEnterprise bool) Role { }, }, } - - // the default role also has "root" for enterprise users - allowedLogins := []string{teleport.TraitInternalRoleVariable} - if isEnterprise { - allowedLogins = append(allowedLogins, teleport.Root) - } - role.SetLogins(Allow, allowedLogins) - + role.SetLogins(Allow, plugins.DefaultAllowedLogins()) return role } diff --git a/lib/services/trustedcluster.go b/lib/services/trustedcluster.go index 5e675b23d34ca..bfcc2130fced6 100644 --- a/lib/services/trustedcluster.go +++ b/lib/services/trustedcluster.go @@ -22,8 +22,8 @@ import ( "time" "github.com/gravitational/teleport" - "github.com/gravitational/teleport/lib" "github.com/gravitational/teleport/lib/defaults" + "github.com/gravitational/teleport/lib/plugins" "github.com/gravitational/teleport/lib/utils" "github.com/gravitational/trace" @@ -251,8 +251,8 @@ func (c *TrustedClusterV2) CheckAndSetDefaults() error { } // we are not mentioning Roles parameter because we are deprecating it if len(c.Spec.Roles) == 0 && len(c.Spec.RoleMap) == 0 { - if lib.IsEnterprise() { - return trace.BadParameter("missing 'role_map' parameter") + if err := plugins.EmptyRolesHandler(); err != nil { + return trace.Wrap(err) } // OSS teleport uses 'admin' by default: c.Spec.RoleMap = RoleMap{ @@ -427,9 +427,9 @@ const RoleMapSchema = `{ "items": { "type": "object", "additionalProperties": false, - "properties": { + "properties": { "local": { - "type": "array", + "type": "array", "items": { "type": "string" } diff --git a/lib/utils/utils.go b/lib/utils/utils.go index b873d071c399c..f7456a143e57a 100644 --- a/lib/utils/utils.go +++ b/lib/utils/utils.go @@ -17,7 +17,6 @@ limitations under the License. package utils import ( - "fmt" "io" "io/ioutil" "net" @@ -28,6 +27,7 @@ import ( "time" "github.com/gravitational/teleport" + "github.com/gravitational/teleport/lib/plugins" "github.com/gravitational/trace" "github.com/pborman/uuid" "golang.org/x/crypto/ssh" @@ -166,19 +166,9 @@ func ReadOrMakeHostUUID(dataDir string) (string, error) { return id, nil } -// PrintVersion prints human readable version. -// - distro: name of the distribution. Empty string for OSS or "enterprise" -func PrintVersion(distro teleport.DistroType) { - if distro == teleport.DistroTypeEnterprise { - distro = " " + distro - } else { - distro = "" - } - ver := fmt.Sprintf("Teleport%s v%s", distro, teleport.Version) - if teleport.Gitref != "" { - ver = fmt.Sprintf("%s git:%s", ver, teleport.Gitref) - } - fmt.Println(ver) +// PrintVersion prints human readable version +func PrintVersion() { + plugins.VersionPrinter() } // HumanTimeFormat formats time as recognized by humans diff --git a/lib/web/apiserver_test.go b/lib/web/apiserver_test.go index 7759766a8f03f..b3feb962e565f 100644 --- a/lib/web/apiserver_test.go +++ b/lib/web/apiserver_test.go @@ -192,7 +192,7 @@ func (s *WebSuite) SetUpTest(c *C) { c.Assert(err, IsNil) // create the default role - c.Assert(s.authServer.UpsertRole(services.NewAdminRole(false), backend.Forever), IsNil) + c.Assert(s.authServer.UpsertRole(services.NewAdminRole(), backend.Forever), IsNil) // configure cluster authentication preferences cap, err := services.NewAuthPreference(services.AuthPreferenceSpecV2{ diff --git a/tool/tctl/common/tctl.go b/tool/tctl/common/tctl.go index 669f95a1dcac7..749e40c029c54 100644 --- a/tool/tctl/common/tctl.go +++ b/tool/tctl/common/tctl.go @@ -21,7 +21,6 @@ import ( "os" "github.com/gravitational/teleport" - "github.com/gravitational/teleport/lib" "github.com/gravitational/teleport/lib/auth" "github.com/gravitational/teleport/lib/config" "github.com/gravitational/teleport/lib/defaults" @@ -61,11 +60,9 @@ type CLICommand interface { // "distributions" like OSS or Enterprise // // distribution: name of the Teleport distribution -func Run(distro teleport.DistroType, commands []CLICommand) { +func Run(commands []CLICommand) { utils.InitLogger(utils.LoggingForCLI, logrus.WarnLevel) - lib.SetDistroType(distro) - // app is the command line parser app := utils.InitCLIParser("tctl", GlobalHelpString) @@ -101,7 +98,7 @@ func Run(distro teleport.DistroType, commands []CLICommand) { // "version" command? if selectedCmd == ver.FullCommand() { - utils.PrintVersion(distro) + utils.PrintVersion() return } diff --git a/tool/tctl/main.go b/tool/tctl/main.go index adebdd9cab06e..45fcc59c4dc8e 100644 --- a/tool/tctl/main.go +++ b/tool/tctl/main.go @@ -17,7 +17,6 @@ limitations under the License. package main import ( - "github.com/gravitational/teleport" "github.com/gravitational/teleport/tool/tctl/common" ) @@ -29,5 +28,5 @@ func main() { &common.AuthCommand{}, &common.ResourceCommand{}, } - common.Run(teleport.DistroTypeOSS, commands) + common.Run(commands) } diff --git a/tool/teleport/common/teleport.go b/tool/teleport/common/teleport.go index 136b675d276bf..a1348a312ca26 100644 --- a/tool/teleport/common/teleport.go +++ b/tool/teleport/common/teleport.go @@ -26,7 +26,6 @@ import ( "strings" "github.com/gravitational/teleport" - "github.com/gravitational/teleport/lib" "github.com/gravitational/teleport/lib/config" "github.com/gravitational/teleport/lib/defaults" "github.com/gravitational/teleport/lib/service" @@ -42,14 +41,10 @@ import ( // same as main() but has a testing switch // - cmdlineArgs are passed from main() -// - distro can be "" (OSS version) or "enterprise" // - testRun is 'true' when running under an integration test -func Run(cmdlineArgs []string, distro teleport.DistroType, testRun bool) (executedCommand string, conf *service.Config) { +func Run(cmdlineArgs []string, testRun bool) (executedCommand string, conf *service.Config) { var err error - // initialize the teleport library with the proper distro flag - lib.SetDistroType(distro) - // configure trace's errors to produce full stack traces isDebug, _ := strconv.ParseBool(os.Getenv(teleport.VerboseLogsEnvVar)) if isDebug { @@ -185,7 +180,7 @@ func Run(cmdlineArgs []string, distro teleport.DistroType, testRun bool) (execut case dump.FullCommand(): onConfigDump() case ver.FullCommand(): - utils.PrintVersion(distro) + utils.PrintVersion() } if err != nil { utils.FatalError(err) diff --git a/tool/teleport/common/teleport_test.go b/tool/teleport/common/teleport_test.go index 69038ed14b81b..db9a30acf4e7e 100644 --- a/tool/teleport/common/teleport_test.go +++ b/tool/teleport/common/teleport_test.go @@ -30,10 +30,6 @@ import ( "gopkg.in/check.v1" ) -const ( - ossDistro = "" -) - // bootstrap check func TestTeleportMain(t *testing.T) { check.TestingT(t) } @@ -70,7 +66,7 @@ func (s *MainTestSuite) SetUpSuite(c *check.C) { } func (s *MainTestSuite) TestDefault(c *check.C) { - cmd, conf := Run([]string{"start"}, ossDistro, true) + cmd, conf := Run([]string{"start"}, true) c.Assert(cmd, check.Equals, "start") c.Assert(conf.Hostname, check.Equals, s.hostname) c.Assert(conf.DataDir, check.Equals, "/tmp/teleport/var/lib/teleport") @@ -82,17 +78,17 @@ func (s *MainTestSuite) TestDefault(c *check.C) { } func (s *MainTestSuite) TestRolesFlag(c *check.C) { - cmd, conf := Run([]string{"start", "--roles=node"}, ossDistro, true) + cmd, conf := Run([]string{"start", "--roles=node"}, true) c.Assert(conf.SSH.Enabled, check.Equals, true) c.Assert(conf.Auth.Enabled, check.Equals, false) c.Assert(conf.Proxy.Enabled, check.Equals, false) - cmd, conf = Run([]string{"start", "--roles=proxy"}, ossDistro, true) + cmd, conf = Run([]string{"start", "--roles=proxy"}, true) c.Assert(conf.SSH.Enabled, check.Equals, false) c.Assert(conf.Auth.Enabled, check.Equals, false) c.Assert(conf.Proxy.Enabled, check.Equals, true) - cmd, conf = Run([]string{"start", "--roles=auth"}, ossDistro, true) + cmd, conf = Run([]string{"start", "--roles=auth"}, true) c.Assert(conf.SSH.Enabled, check.Equals, false) c.Assert(conf.Auth.Enabled, check.Equals, true) c.Assert(conf.Proxy.Enabled, check.Equals, false) @@ -100,7 +96,7 @@ func (s *MainTestSuite) TestRolesFlag(c *check.C) { } func (s *MainTestSuite) TestConfigFile(c *check.C) { - cmd, conf := Run([]string{"start", "--roles=node", "--labels=a=a1,b=b1", "--config=" + s.configFile}, ossDistro, true) + cmd, conf := Run([]string{"start", "--roles=node", "--labels=a=a1,b=b1", "--config=" + s.configFile}, true) c.Assert(cmd, check.Equals, "start") c.Assert(conf.SSH.Enabled, check.Equals, true) c.Assert(conf.Auth.Enabled, check.Equals, false) diff --git a/tool/teleport/main.go b/tool/teleport/main.go index 3ae135406a339..dff378a64266d 100644 --- a/tool/teleport/main.go +++ b/tool/teleport/main.go @@ -23,9 +23,6 @@ import ( ) func main() { - const ( - testRun = false - ossDistribution = "" - ) - common.Run(os.Args[1:], ossDistribution, testRun) + const testRun = false + common.Run(os.Args[1:], testRun) } diff --git a/tool/tsh/tsh.go b/tool/tsh/tsh.go index 8531e766481b5..bbf8cb29e2250 100644 --- a/tool/tsh/tsh.go +++ b/tool/tsh/tsh.go @@ -248,7 +248,7 @@ func Run(args []string, underTest bool) { switch command { case ver.FullCommand(): - utils.PrintVersion("") + utils.PrintVersion() case ssh.FullCommand(): onSSH(&cf) case bench.FullCommand():