api dependency reduction - utils constants (gravitational#5363)

Moved constants and utils used in /api into /api/constants and /api/utils respectively.
dkravetz · Jan 29, 2021 · 626ad24 · 626ad24
1 parent 10123c0
commit 626ad24
Show file tree

Hide file tree

Showing 77 changed files with 1,839 additions and 1,523 deletions.
diff --git a/api/client/client.go b/api/client/client.go
@@ -28,8 +28,8 @@ import (
 
 	"golang.org/x/net/http2"
 
-	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/api/client/proto"
+	"github.com/gravitational/teleport/api/constants"
 	"github.com/gravitational/teleport/api/defaults"
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/types/events"
@@ -82,7 +82,7 @@ func NewClient(cfg Config) (*Client, error) {
 	})
 
 	var err error
-	if c.conn, err = grpc.Dial(teleport.APIDomain,
+	if c.conn, err = grpc.Dial(constants.APIDomain,
 		dialer,
 		grpc.WithTransportCredentials(credentials.NewTLS(c.c.TLS)),
 		grpc.WithKeepaliveParams(keepalive.ClientParameters{
@@ -141,7 +141,7 @@ func (c *Config) CheckAndSetDefaults() error {
 	}
 	c.TLS.NextProtos = []string{http2.NextProtoTLS}
 	if c.TLS.ServerName == "" {
-		c.TLS.ServerName = teleport.APIDomain
+		c.TLS.ServerName = constants.APIDomain
 	}
 
 	return nil

diff --git a/api/constants/constants.go b/api/constants/constants.go
@@ -0,0 +1,91 @@
+/*
+Copyright 2020-2021 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package constants defines Teleport-specific constants
+package constants
+
+const (
+	// DefaultImplicitRole is implicit role that gets added to all service.RoleSet
+	// objects.
+	DefaultImplicitRole = "default-implicit-role"
+
+	// APIDomain is a default domain name for Auth server API
+	APIDomain = "teleport.cluster.local"
+
+	// EnhancedRecordingMinKernel is the minimum kernel version for the enhanced
+	// recording feature.
+	EnhancedRecordingMinKernel = "4.18.0"
+
+	// EnhancedRecordingCommand is a role option that implies command events are
+	// captured.
+	EnhancedRecordingCommand = "command"
+
+	// EnhancedRecordingDisk is a role option that implies disk events are captured.
+	EnhancedRecordingDisk = "disk"
+
+	// EnhancedRecordingNetwork is a role option that implies network events
+	// are captured.
+	EnhancedRecordingNetwork = "network"
+
+	// OTP means One-time Password Algorithm for Two-Factor Authentication.
+	OTP = "otp"
+
+	// U2F means Universal 2nd Factor.for Two-Factor Authentication.
+	U2F = "u2f"
+
+	// OFF means no second factor.for Two-Factor Authentication.
+	OFF = "off"
+
+	// Local means authentication will happen locally within the Teleport cluster.
+	Local = "local"
+
+	// OIDC means authentication will happen remotely using an OIDC connector.
+	OIDC = "oidc"
+
+	// SAML means authentication will happen remotely using a SAML connector.
+	SAML = "saml"
+
+	// Github means authentication will happen remotely using a Github connector.
+	Github = "github"
+
+	// HumanDateFormatSeconds is a human readable date formatting with seconds
+	HumanDateFormatSeconds = "Jan _2 15:04:05 UTC"
+
+	// MaxLeases serves as an identifying error string indicating that the
+	// semaphore system is rejecting an acquisition attempt due to max
+	// leases having already been reached.
+	MaxLeases = "err-max-leases"
+
+	// CertificateFormatStandard is used for normal Teleport operation without any
+	// compatibility modes.
+	CertificateFormatStandard = "standard"
+
+	// DurationNever is human friendly shortcut that is interpreted as a Duration of 0
+	DurationNever = "never"
+
+	// OIDCPromptSelectAccount instructs the Authorization Server to
+	// prompt the End-User to select a user account.
+	OIDCPromptSelectAccount = "select_account"
+
+	// KeepAliveNode is the keep alive type for SSH servers.
+	KeepAliveNode = "node"
+
+	// KeepAliveApp is the keep alive type for application server.
+	KeepAliveApp = "app"
+
+	// KeepAliveDatabase is the keep alive type for database server.
+	KeepAliveDatabase = "db"
+)
diff --git a/api/defaults/defaults.go b/api/defaults/defaults.go
@@ -20,8 +20,7 @@ package defaults
 import (
 	"time"
 
-	"github.com/gravitational/teleport"
-
+	"github.com/gravitational/teleport/api/constants"
 	"gopkg.in/square/go-jose.v2"
 )
 
@@ -59,7 +58,7 @@ const (
 // EnhancedEvents returns the default list of enhanced events.
 func EnhancedEvents() []string {
 	return []string{
-		teleport.EnhancedRecordingCommand,
-		teleport.EnhancedRecordingNetwork,
+		constants.EnhancedRecordingCommand,
+		constants.EnhancedRecordingNetwork,
 	}
 }
diff --git a/api/types/access_request.go b/api/types/access_request.go
@@ -21,7 +21,7 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/gravitational/teleport/lib/utils"
+	"github.com/gravitational/teleport/api/utils"
 
 	"github.com/gravitational/trace"
 	"github.com/pborman/uuid"

diff --git a/api/types/authentication.go b/api/types/authentication.go
@@ -26,9 +26,9 @@ import (
 
 	"golang.org/x/crypto/bcrypt"
 
-	"github.com/gravitational/teleport"
+	"github.com/gravitational/teleport/api/constants"
 	"github.com/gravitational/teleport/api/defaults"
-	"github.com/gravitational/teleport/lib/utils"
+	"github.com/gravitational/teleport/api/utils"
 
 	"github.com/gravitational/trace"
 	"github.com/pquerna/otp/totp"
@@ -101,8 +101,8 @@ func DefaultAuthPreference() AuthPreference {
 			Namespace: defaults.Namespace,
 		},
 		Spec: AuthPreferenceSpecV2{
-			Type:         teleport.Local,
-			SecondFactor: teleport.OTP,
+			Type:         constants.Local,
+			SecondFactor: constants.OTP,
 		},
 	}
 }
@@ -242,22 +242,22 @@ func (c *AuthPreferenceV2) CheckAndSetDefaults() error {
 
 	// if nothing is passed in, set defaults
 	if c.Spec.Type == "" {
-		c.Spec.Type = teleport.Local
+		c.Spec.Type = constants.Local
 	}
 	if c.Spec.SecondFactor == "" {
-		c.Spec.SecondFactor = teleport.OTP
+		c.Spec.SecondFactor = constants.OTP
 	}
 
 	// make sure type makes sense
 	switch c.Spec.Type {
-	case teleport.Local, teleport.OIDC, teleport.SAML, teleport.Github:
+	case constants.Local, constants.OIDC, constants.SAML, constants.Github:
 	default:
 		return trace.BadParameter("authentication type %q not supported", c.Spec.Type)
 	}
 
 	// make sure second factor makes sense
 	switch c.Spec.SecondFactor {
-	case teleport.OFF, teleport.OTP, teleport.U2F:
+	case constants.OFF, constants.OTP, constants.U2F:
 	default:
 		return trace.BadParameter("second factor type %q not supported", c.Spec.SecondFactor)
 	}

diff --git a/api/types/authority.go b/api/types/authority.go
@@ -23,10 +23,9 @@ import (
 
 	"golang.org/x/crypto/ssh"
 
-	"github.com/gravitational/teleport"
+	"github.com/gravitational/teleport/api/constants"
 	"github.com/gravitational/teleport/api/defaults"
-	"github.com/gravitational/teleport/lib/sshutils"
-	"github.com/gravitational/teleport/lib/utils"
+	"github.com/gravitational/teleport/api/utils"
 
 	"github.com/gogo/protobuf/proto"
 	"github.com/gravitational/trace"
@@ -370,7 +369,7 @@ func (ca *CertAuthorityV2) Signers() ([]ssh.Signer, error) {
 		if err != nil {
 			return nil, trace.Wrap(err)
 		}
-		signer = sshutils.AlgSigner(signer, ca.GetSigningAlg())
+		signer = utils.AlgSigner(signer, ca.GetSigningAlg())
 		out = append(out, signer)
 	}
 	return out, nil
@@ -491,7 +490,7 @@ func (r *Rotation) LastRotatedDescription() string {
 	if r.LastRotated.IsZero() {
 		return "never updated"
 	}
-	return fmt.Sprintf("last rotated %v", r.LastRotated.Format(teleport.HumanDateFormatSeconds))
+	return fmt.Sprintf("last rotated %v", r.LastRotated.Format(constants.HumanDateFormatSeconds))
 }
 
 // PhaseDescription returns human friendly description of a current rotation phase.
@@ -519,13 +518,13 @@ func (r *Rotation) String() string {
 		if r.LastRotated.IsZero() {
 			return "never updated"
 		}
-		return fmt.Sprintf("rotated %v", r.LastRotated.Format(teleport.HumanDateFormatSeconds))
+		return fmt.Sprintf("rotated %v", r.LastRotated.Format(constants.HumanDateFormatSeconds))
 	case RotationStateInProgress:
 		return fmt.Sprintf("%v (mode: %v, started: %v, ending: %v)",
 			r.PhaseDescription(),
 			r.Mode,
-			r.Started.Format(teleport.HumanDateFormatSeconds),
-			r.Started.Add(r.GracePeriod.Duration()).Format(teleport.HumanDateFormatSeconds),
+			r.Started.Format(constants.HumanDateFormatSeconds),
+			r.Started.Add(r.GracePeriod.Duration()).Format(constants.HumanDateFormatSeconds),
 		)
 	default:
 		return "unknown"

diff --git a/api/types/clusterconfig.go b/api/types/clusterconfig.go
@@ -1,5 +1,5 @@
 /*
-Copyright 2017-2019 Gravitational, Inc.
+Copyright 2017-2021 Gravitational, Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -22,7 +22,7 @@ import (
 	"time"
 
 	"github.com/gravitational/teleport/api/defaults"
-	"github.com/gravitational/teleport/lib/utils"
+	"github.com/gravitational/teleport/api/utils"
 
 	"github.com/gravitational/trace"
 )
@@ -122,84 +122,6 @@ func NewClusterConfig(spec ClusterConfigSpecV3) (ClusterConfig, error) {
 	return &cc, nil
 }
 
-// DefaultClusterConfig is used as the default cluster configuration when
-// one is not specified (record at node).
-func DefaultClusterConfig() ClusterConfig {
-	return &ClusterConfigV3{
-		Kind:    KindClusterConfig,
-		Version: V3,
-		Metadata: Metadata{
-			Name:      MetaNameClusterConfig,
-			Namespace: defaults.Namespace,
-		},
-		Spec: ClusterConfigSpecV3{
-			SessionRecording:    RecordAtNode,
-			ProxyChecksHostKeys: HostKeyCheckYes,
-			KeepAliveInterval:   NewDuration(defaults.KeepAliveInterval),
-			KeepAliveCountMax:   int64(defaults.KeepAliveCountMax),
-			LocalAuth:           NewBool(true),
-		},
-	}
-}
-
-// ShouldUploadSessions returns whether audit config
-// instructs server to upload sessions
-func (a AuditConfig) ShouldUploadSessions() bool {
-	return a.AuditSessionsURI != ""
-}
-
-// AuditConfigFromObject returns audit config from interface object
-func AuditConfigFromObject(in interface{}) (*AuditConfig, error) {
-	var cfg AuditConfig
-	if in == nil {
-		return &cfg, nil
-	}
-	if err := utils.ObjectToStruct(in, &cfg); err != nil {
-		return nil, trace.Wrap(err)
-	}
-	return &cfg, nil
-}
-
-const (
-	// RecordAtNode is the default. Sessions are recorded at Teleport nodes.
-	RecordAtNode string = "node"
-
-	// RecordAtProxy enables the recording proxy which intercepts and records
-	// all sessions.
-	RecordAtProxy string = "proxy"
-
-	// RecordOff is used to disable session recording completely.
-	RecordOff string = "off"
-
-	// RecordAtNodeSync enables the nodes to stream sessions in sync mode
-	// to the auth server
-	RecordAtNodeSync string = "node-sync"
-
-	// RecordAtProxySync enables the recording proxy which intercepts and records
-	// all sessions, streams the records synchronously
-	RecordAtProxySync string = "proxy-sync"
-)
-
-// IsRecordAtProxy returns true if recording is sync or async at proxy
-func IsRecordAtProxy(mode string) bool {
-	return mode == RecordAtProxy || mode == RecordAtProxySync
-}
-
-// IsRecordSync returns true if recording is sync or async for proxy or node
-func IsRecordSync(mode string) bool {
-	return mode == RecordAtProxySync || mode == RecordAtNodeSync
-}
-
-const (
-	// HostKeyCheckYes is the default. The proxy will check the host key of the
-	// target node it connects to.
-	HostKeyCheckYes string = "yes"
-
-	// HostKeyCheckNo is used to disable host key checking. This is a insecure
-	// settings which makes MITM possible with no indications, use with caution.
-	HostKeyCheckNo string = "no"
-)
-
 // GetVersion returns resource version
 func (c *ClusterConfigV3) GetVersion() string {
 	return c.Version
@@ -381,15 +303,13 @@ func (c *ClusterConfigV3) CheckAndSetDefaults() error {
 
 	// check if the recording type is valid
 	all := []string{RecordAtNode, RecordAtProxy, RecordAtNodeSync, RecordAtProxySync, RecordOff}
-	ok := utils.SliceContainsStr(all, c.Spec.SessionRecording)
-	if !ok {
+	if !utils.SliceContainsStr(all, c.Spec.SessionRecording) {
 		return trace.BadParameter("session_recording must either be: %v", strings.Join(all, ","))
 	}
 
 	// check if host key checking mode is valid
 	all = []string{HostKeyCheckYes, HostKeyCheckNo}
-	ok = utils.SliceContainsStr(all, c.Spec.ProxyChecksHostKeys)
-	if !ok {
+	if !utils.SliceContainsStr(all, c.Spec.ProxyChecksHostKeys) {
 		return trace.BadParameter("proxy_checks_host_keys must be one of: %v", strings.Join(all, ","))
 	}
 

diff --git a/api/types/clustername.go b/api/types/clustername.go
@@ -21,7 +21,7 @@ import (
 	"time"
 
 	"github.com/gravitational/teleport/api/defaults"
-	"github.com/gravitational/teleport/lib/utils"
+	"github.com/gravitational/teleport/api/utils"
 
 	"github.com/gravitational/trace"
 )