forked from gravitational/teleport
/
provisioning.go
133 lines (112 loc) · 3.77 KB
/
provisioning.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
/*
Copyright 2021 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package services
import (
"context"
"time"
"github.com/gravitational/trace"
"github.com/zmb3/teleport/api/types"
"github.com/zmb3/teleport/lib/utils"
)
// Provisioner governs adding new nodes to the cluster
type Provisioner interface {
// UpsertToken adds provisioning tokens for the auth server
UpsertToken(ctx context.Context, token types.ProvisionToken) error
// CreateToken adds provisioning tokens for the auth server
CreateToken(ctx context.Context, token types.ProvisionToken) error
// GetToken finds and returns token by id
GetToken(ctx context.Context, token string) (types.ProvisionToken, error)
// DeleteToken deletes provisioning token
// Imlementations must guarantee that this returns trace.NotFound error if the token doesn't exist
DeleteToken(ctx context.Context, token string) error
// DeleteAllTokens deletes all provisioning tokens
DeleteAllTokens() error
// GetTokens returns all non-expired tokens
GetTokens(ctx context.Context) ([]types.ProvisionToken, error)
}
// MustCreateProvisionToken returns a new valid provision token
// or panics, used in tests
func MustCreateProvisionToken(token string, roles types.SystemRoles, expires time.Time) types.ProvisionToken {
t, err := types.NewProvisionToken(token, roles, expires)
if err != nil {
panic(err)
}
return t
}
// UnmarshalProvisionToken unmarshals the ProvisionToken resource from JSON.
func UnmarshalProvisionToken(data []byte, opts ...MarshalOption) (types.ProvisionToken, error) {
if len(data) == 0 {
return nil, trace.BadParameter("missing provision token data")
}
cfg, err := CollectOptions(opts)
if err != nil {
return nil, trace.Wrap(err)
}
var h types.ResourceHeader
err = utils.FastUnmarshal(data, &h)
if err != nil {
return nil, trace.Wrap(err)
}
switch h.Version {
case "":
var p types.ProvisionTokenV1
err := utils.FastUnmarshal(data, &p)
if err != nil {
return nil, trace.Wrap(err)
}
v2 := p.V2()
if cfg.ID != 0 {
v2.SetResourceID(cfg.ID)
}
return v2, nil
case types.V2:
var p types.ProvisionTokenV2
if err := utils.FastUnmarshal(data, &p); err != nil {
return nil, trace.BadParameter(err.Error())
}
if err := p.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
if cfg.ID != 0 {
p.SetResourceID(cfg.ID)
}
return &p, nil
}
return nil, trace.BadParameter("server resource version %v is not supported", h.Version)
}
// MarshalProvisionToken marshals the ProvisionToken resource to JSON.
func MarshalProvisionToken(provisionToken types.ProvisionToken, opts ...MarshalOption) ([]byte, error) {
if err := provisionToken.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
cfg, err := CollectOptions(opts)
if err != nil {
return nil, trace.Wrap(err)
}
switch provisionToken := provisionToken.(type) {
case *types.ProvisionTokenV2:
if !cfg.PreserveResourceID {
// avoid modifying the original object
// to prevent unexpected data races
copy := *provisionToken
copy.SetResourceID(0)
provisionToken = ©
}
if cfg.GetVersion() == types.V1 {
return utils.FastMarshal(provisionToken.V1())
}
return utils.FastMarshal(provisionToken)
default:
return nil, trace.BadParameter("unrecognized provision token version %T", provisionToken)
}
}