Skip to content

Commit

Permalink
use correct session recording mode in session start and end events (#…
Browse files Browse the repository at this point in the history 
…29584)
  • Loading branch information
@capnspacehook
capnspacehook committed Jul 26, 2023
1 parent 3628eae commit c399d8a
Show file tree
Hide file tree
Showing 2 changed files with 109 additions and 2 deletions.
21 changes: 19 additions & 2 deletions lib/srv/sess.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -883,7 +883,7 @@ func (s *session) emitSessionStartEvent(ctx *ServerContext) {
RemoteAddr: ctx.ServerConn.RemoteAddr().String(),
Protocol: events.EventProtocolSSH,
},
SessionRecording: ctx.SessionRecordingConfig.GetMode(),
SessionRecording: s.sessionRecordingMode(),
InitialCommand: initialCommand,
}

Expand Down Expand Up @@ -1041,7 +1041,7 @@ func (s *session) emitSessionEndEvent() {
Interactive: s.term != nil,
StartTime: start,
EndTime: end,
SessionRecording: ctx.SessionRecordingConfig.GetMode(),
SessionRecording: s.sessionRecordingMode(),
}

for _, p := range s.participants {
Expand All @@ -1067,6 +1067,23 @@ func (s *session) emitSessionEndEvent() {
}
}

func (s *session) sessionRecordingMode() string {
sessionRecMode := s.scx.SessionRecordingConfig.GetMode()
subKind := s.serverMeta.ServerSubKind

// agentless connections always record the session at the proxy
if !services.IsRecordAtProxy(sessionRecMode) && (subKind == types.SubKindOpenSSHNode ||
subKind == types.SubKindOpenSSHEC2InstanceConnectEndpointNode) {
if services.IsRecordSync(sessionRecMode) {
sessionRecMode = types.RecordAtProxySync
} else {
sessionRecMode = types.RecordAtProxy
}
}

return sessionRecMode
}

func (s *session) setEndingContext(ctx *ServerContext) {
s.mu.Lock()
defer s.mu.Unlock()
Expand Down
90 changes: 90 additions & 0 deletions lib/srv/sess_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -908,3 +908,93 @@ func TestTrackingSession(t *testing.T) {
})
}
}

func TestSessionRecordingMode(t *testing.T) {
tests := []struct {
name string
serverSubKind string
mode string
expectedMode string
}{
{
name: "teleport node record at node",
serverSubKind: types.SubKindTeleportNode,
mode: types.RecordAtNode,
expectedMode: types.RecordAtNode,
},
{
name: "teleport node record at proxy",
serverSubKind: types.SubKindTeleportNode,
mode: types.RecordAtProxy,
expectedMode: types.RecordAtProxy,
},
{
name: "agentless node record at node",
serverSubKind: types.SubKindOpenSSHNode,
mode: types.RecordAtNode,
expectedMode: types.RecordAtProxy,
},
{
name: "agentless node record at proxy",
serverSubKind: types.SubKindOpenSSHNode,
mode: types.RecordAtProxy,
expectedMode: types.RecordAtProxy,
},
{
name: "agentless node record at node sync",
serverSubKind: types.SubKindOpenSSHNode,
mode: types.RecordAtNodeSync,
expectedMode: types.RecordAtProxySync,
},
{
name: "agentless node record at proxy sync",
serverSubKind: types.SubKindOpenSSHNode,
mode: types.RecordAtProxySync,
expectedMode: types.RecordAtProxySync,
},
{
name: "ec2 node record at node",
serverSubKind: types.SubKindOpenSSHEC2InstanceConnectEndpointNode,
mode: types.RecordAtNode,
expectedMode: types.RecordAtProxy,
},
{
name: "ec2 node record at proxy",
serverSubKind: types.SubKindOpenSSHEC2InstanceConnectEndpointNode,
mode: types.RecordAtProxy,
expectedMode: types.RecordAtProxy,
},
{
name: "ec2 node record at node sync",
serverSubKind: types.SubKindOpenSSHEC2InstanceConnectEndpointNode,
mode: types.RecordAtNodeSync,
expectedMode: types.RecordAtProxySync,
},
{
name: "ec2 node record at proxy sync",
serverSubKind: types.SubKindOpenSSHEC2InstanceConnectEndpointNode,
mode: types.RecordAtProxySync,
expectedMode: types.RecordAtProxySync,
},
}

for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
sess := session{
scx: &ServerContext{
SessionRecordingConfig: &types.SessionRecordingConfigV2{
Spec: types.SessionRecordingConfigSpecV2{
Mode: tt.mode,
},
},
},
serverMeta: apievents.ServerMetadata{
ServerSubKind: tt.serverSubKind,
},
}

gotMode := sess.sessionRecordingMode()
require.Equal(t, tt.expectedMode, gotMode)
})
}
}

0 comments on commit c399d8a

Please sign in to comment.