-
Notifications
You must be signed in to change notification settings - Fork 0
/
api.go
105 lines (90 loc) · 3.62 KB
/
api.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
/*
Copyright 2016 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package reversetunnel
import (
"context"
"net"
"time"
"golang.org/x/crypto/ssh/agent"
"github.com/gravitational/teleport/lib/auth"
)
// DialParams is a list of parameters used to Dial to a node within a cluster.
type DialParams struct {
// From is the source address.
From net.Addr
// To is the destination address.
To net.Addr
// UserAgent is SSH agent used to connect to the remote host. Used by the
// forwarding proxy.
UserAgent agent.Agent
// Address is used by the forwarding proxy to generate a host certificate for
// the target node. This is needed because while dialing occurs via IP
// address, tsh thinks it's connecting via DNS name and that's how it
// validates the host certificate.
Address string
// Principals are additonal principals that need to be added to the host
// certificate. Used by the recording proxy to correctly generate a host
// certificate.
Principals []string
// ServerID the hostUUID.clusterName of a Teleport node. Used with nodes
// that are connected over a reverse tunnel.
ServerID string
}
// RemoteSite represents remote teleport site that can be accessed via
// teleport tunnel or directly by proxy
//
// There are two implementations of this interface: local and remote sites.
type RemoteSite interface {
// DialAuthServer returns a net.Conn to the Auth Server of a site.
DialAuthServer() (net.Conn, error)
// Dial dials any address within the site network, in terminating
// mode it uses local instance of forwarding server to terminate
// and record the connection
Dial(DialParams) (net.Conn, error)
// DialTCP dials any address within the site network,
// ignores recording mode and always uses TCP dial, used
// in components that need direct dialer.
DialTCP(DialParams) (net.Conn, error)
// GetLastConnected returns last time the remote site was seen connected
GetLastConnected() time.Time
// GetName returns site name (identified by authority domain's name)
GetName() string
// GetStatus returns status of this site (either offline or connected)
GetStatus() string
// GetClient returns client connected to remote auth server
GetClient() (auth.ClientI, error)
// CachingAccessPoint returns access point that is lightweight
// but is resilient to auth server crashes
CachingAccessPoint() (auth.AccessPoint, error)
// GetTunnelsCount returns the amount of active inbound tunnels
// from the remote cluster
GetTunnelsCount() int
}
// Server is a TCP/IP SSH server which listens on an SSH endpoint and remote/local
// sites connect and register with it.
type Server interface {
// GetSites returns a list of connected remote sites
GetSites() []RemoteSite
// GetSite returns remote site this node belongs to
GetSite(domainName string) (RemoteSite, error)
// RemoveSite removes the site with the specified name from the list of connected sites
RemoveSite(domainName string) error
// Start starts server
Start() error
// Close closes server's operations immediately
Close() error
// Shutdown performs graceful server shutdown
Shutdown(context.Context) error
// Wait waits for server to close all outstanding operations
Wait()
}