diff --git a/lib/accessmonitoringrules/accessmonitoringrulesv1/service.go b/lib/auth/accessmonitoringrules/accessmonitoringrulesv1/service.go
similarity index 100%
rename from lib/accessmonitoringrules/accessmonitoringrulesv1/service.go
rename to lib/auth/accessmonitoringrules/accessmonitoringrulesv1/service.go
diff --git a/lib/accessmonitoringrules/accessmonitoringrulesv1/service_test.go b/lib/auth/accessmonitoringrules/accessmonitoringrulesv1/service_test.go
similarity index 100%
rename from lib/accessmonitoringrules/accessmonitoringrulesv1/service_test.go
rename to lib/auth/accessmonitoringrules/accessmonitoringrulesv1/service_test.go
diff --git a/lib/auth/grpcserver.go b/lib/auth/grpcserver.go
index 09572ddf9ce8d..6e63918f99854 100644
--- a/lib/auth/grpcserver.go
+++ b/lib/auth/grpcserver.go
@@ -49,24 +49,24 @@ import (
"github.com/gravitational/teleport/api/client"
authpb "github.com/gravitational/teleport/api/client/proto"
"github.com/gravitational/teleport/api/constants"
- "github.com/gravitational/teleport/api/gen/proto/go/assist/v1"
- accessmonitoringrules "github.com/gravitational/teleport/api/gen/proto/go/teleport/accessmonitoringrules/v1"
- auditlogpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/auditlog/v1"
- clusterconfigpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/clusterconfig/v1"
- crownjewelpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/crownjewel/v1"
- dbobjectpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/dbobject/v1"
- dbobjectimportrulev12 "github.com/gravitational/teleport/api/gen/proto/go/teleport/dbobjectimportrule/v1"
- discoveryconfigpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/discoveryconfig/v1"
- integrationpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/integration/v1"
- kubewaitingcontainerpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/kubewaitingcontainer/v1"
- loginrulepb "github.com/gravitational/teleport/api/gen/proto/go/teleport/loginrule/v1"
+ assistv1pb "github.com/gravitational/teleport/api/gen/proto/go/assist/v1"
+ accessmonitoringrulesv1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/accessmonitoringrules/v1"
+ auditlogv1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/auditlog/v1"
+ clusterconfigv1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/clusterconfig/v1"
+ crownjewelv1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/crownjewel/v1"
+ dbobjectv1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/dbobject/v1"
+ dbobjectimportrulev1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/dbobjectimportrule/v1"
+ discoveryconfigv1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/discoveryconfig/v1"
+ integrationv1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/integration/v1"
+ kubewaitingcontainerv1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/kubewaitingcontainer/v1"
+ loginrulev1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/loginrule/v1"
machineidv1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/machineid/v1"
- mfav1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/mfa/v1"
- oktapb "github.com/gravitational/teleport/api/gen/proto/go/teleport/okta/v1"
- trustpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/trust/v1"
- userloginstatev1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/userloginstate/v1"
- userspb "github.com/gravitational/teleport/api/gen/proto/go/teleport/users/v1"
- userpreferencespb "github.com/gravitational/teleport/api/gen/proto/go/userpreferences/v1"
+ mfav1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/mfa/v1"
+ oktav1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/okta/v1"
+ trustv1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/trust/v1"
+ userloginstatev1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/userloginstate/v1"
+ usersv1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/users/v1"
+ userpreferencesv1pb "github.com/gravitational/teleport/api/gen/proto/go/userpreferences/v1"
"github.com/gravitational/teleport/api/internalutils/stream"
"github.com/gravitational/teleport/api/metadata"
"github.com/gravitational/teleport/api/types"
@@ -74,7 +74,7 @@ import (
"github.com/gravitational/teleport/api/types/installers"
"github.com/gravitational/teleport/api/types/wrappers"
apiutils "github.com/gravitational/teleport/api/utils"
- "github.com/gravitational/teleport/lib/accessmonitoringrules/accessmonitoringrulesv1"
+ "github.com/gravitational/teleport/lib/auth/accessmonitoringrules/accessmonitoringrulesv1"
"github.com/gravitational/teleport/lib/auth/assist/assistv1"
"github.com/gravitational/teleport/lib/auth/authclient"
"github.com/gravitational/teleport/lib/auth/clusterconfig/clusterconfigv1"
@@ -82,13 +82,13 @@ import (
"github.com/gravitational/teleport/lib/auth/dbobject/dbobjectv1"
"github.com/gravitational/teleport/lib/auth/dbobjectimportrule/dbobjectimportrulev1"
"github.com/gravitational/teleport/lib/auth/discoveryconfig/discoveryconfigv1"
- integrationService "github.com/gravitational/teleport/lib/auth/integration/integrationv1"
- kubewaitingcontainerv1 "github.com/gravitational/teleport/lib/auth/kubewaitingcontainer"
- "github.com/gravitational/teleport/lib/auth/loginrule"
+ "github.com/gravitational/teleport/lib/auth/integration/integrationv1"
+ "github.com/gravitational/teleport/lib/auth/kubewaitingcontainer/kubewaitingcontainerv1"
+ "github.com/gravitational/teleport/lib/auth/loginrule/loginrulev1"
"github.com/gravitational/teleport/lib/auth/machineid/machineidv1"
"github.com/gravitational/teleport/lib/auth/okta"
"github.com/gravitational/teleport/lib/auth/trust/trustv1"
- "github.com/gravitational/teleport/lib/auth/userloginstate"
+ "github.com/gravitational/teleport/lib/auth/userloginstate/userloginstatev1"
"github.com/gravitational/teleport/lib/auth/userpreferences/userpreferencesv1"
"github.com/gravitational/teleport/lib/auth/users/usersv1"
wanlib "github.com/gravitational/teleport/lib/auth/webauthn"
@@ -158,7 +158,7 @@ var (
// GRPCServer is gRPC Auth Server API
type GRPCServer struct {
authpb.UnimplementedAuthServiceServer
- auditlogpb.UnimplementedAuditLogServiceServer
+ auditlogv1pb.UnimplementedAuditLogServiceServer
*logrus.Entry
APIConfig
server *grpc.Server
@@ -1016,7 +1016,7 @@ func (g *GRPCServer) ClearAlertAcks(ctx context.Context, req *authpb.ClearAlertA
// TODO(tross): DELETE IN 16.0.0
// Deprecated: use [usersv1.Service.GetUser] instead.
func (g *GRPCServer) GetUser(ctx context.Context, req *authpb.GetUserRequest) (*types.UserV2, error) {
- resp, err := g.usersService.GetUser(ctx, &userspb.GetUserRequest{Name: req.Name, WithSecrets: req.WithSecrets})
+ resp, err := g.usersService.GetUser(ctx, &usersv1pb.GetUserRequest{Name: req.Name, WithSecrets: req.WithSecrets})
if err != nil {
return nil, trace.Wrap(err)
}
@@ -1028,7 +1028,7 @@ func (g *GRPCServer) GetUser(ctx context.Context, req *authpb.GetUserRequest) (*
// TODO(tross): DELETE IN 16.0.0
// Deprecated: use [usersv1.Service.GetUser] instead.
func (g *GRPCServer) GetCurrentUser(ctx context.Context, req *emptypb.Empty) (*types.UserV2, error) {
- resp, err := g.usersService.GetUser(ctx, &userspb.GetUserRequest{CurrentUser: true})
+ resp, err := g.usersService.GetUser(ctx, &usersv1pb.GetUserRequest{CurrentUser: true})
if err != nil {
return nil, trace.Wrap(err)
}
@@ -1395,7 +1395,7 @@ func (g *GRPCServer) Ping(ctx context.Context, req *authpb.PingRequest) (*authpb
// TODO(tross): DELETE IN 16.0.0
// Deprecated: use [usersv1.Service.CreateUser] instead.
func (g *GRPCServer) CreateUser(ctx context.Context, req *types.UserV2) (*emptypb.Empty, error) {
- resp, err := g.usersService.CreateUser(ctx, &userspb.CreateUserRequest{User: req})
+ resp, err := g.usersService.CreateUser(ctx, &usersv1pb.CreateUserRequest{User: req})
if err != nil {
return nil, trace.Wrap(err)
}
@@ -1436,7 +1436,7 @@ func (g *GRPCServer) UpdateUser(ctx context.Context, req *types.UserV2) (*emptyp
// DeleteUser deletes an existng user in a backend by username.
func (g *GRPCServer) DeleteUser(ctx context.Context, req *authpb.DeleteUserRequest) (*emptypb.Empty, error) {
- resp, err := g.usersService.DeleteUser(ctx, &userspb.DeleteUserRequest{Name: req.Name})
+ resp, err := g.usersService.DeleteUser(ctx, &usersv1pb.DeleteUserRequest{Name: req.Name})
if err != nil {
return nil, trace.Wrap(err)
}
@@ -2512,7 +2512,7 @@ func (g *GRPCServer) DeleteRole(ctx context.Context, req *authpb.DeleteRoleReque
func doMFAPresenceChallenge(ctx context.Context, actx *grpcContext, stream authpb.AuthService_MaintainSessionPresenceServer, challengeReq *authpb.PresenceMFAChallengeRequest) error {
user := actx.User.GetName()
- chalExt := &mfav1.ChallengeExtensions{Scope: mfav1.ChallengeScope_CHALLENGE_SCOPE_USER_SESSION}
+ chalExt := &mfav1pb.ChallengeExtensions{Scope: mfav1pb.ChallengeScope_CHALLENGE_SCOPE_USER_SESSION}
authChallenge, err := actx.authServer.mfaAuthChallenge(ctx, user, chalExt)
if err != nil {
return trace.Wrap(err)
@@ -2669,7 +2669,7 @@ func addMFADeviceAuthChallenge(gctx *grpcContext, stream authpb.AuthService_AddM
ctx := stream.Context()
// Note: authChallenge may be empty if this user has no existing MFA devices.
- chalExt := &mfav1.ChallengeExtensions{Scope: mfav1.ChallengeScope_CHALLENGE_SCOPE_MANAGE_DEVICES}
+ chalExt := &mfav1pb.ChallengeExtensions{Scope: mfav1pb.ChallengeScope_CHALLENGE_SCOPE_MANAGE_DEVICES}
authChallenge, err := auth.mfaAuthChallenge(ctx, user, chalExt)
if err != nil {
return trace.Wrap(err)
@@ -2812,7 +2812,7 @@ func deleteMFADeviceAuthChallenge(gctx *grpcContext, stream authpb.AuthService_D
auth := gctx.authServer
user := gctx.User.GetName()
- chalExt := &mfav1.ChallengeExtensions{Scope: mfav1.ChallengeScope_CHALLENGE_SCOPE_MANAGE_DEVICES}
+ chalExt := &mfav1pb.ChallengeExtensions{Scope: mfav1pb.ChallengeScope_CHALLENGE_SCOPE_MANAGE_DEVICES}
authChallenge, err := auth.mfaAuthChallenge(ctx, user, chalExt)
if err != nil {
return trace.Wrap(err)
@@ -3039,7 +3039,7 @@ func userSingleUseCertsAuthChallenge(gctx *grpcContext, stream authpb.AuthServic
auth := gctx.authServer
user := gctx.User.GetName()
- chalExt := &mfav1.ChallengeExtensions{Scope: mfav1.ChallengeScope_CHALLENGE_SCOPE_USER_SESSION}
+ chalExt := &mfav1pb.ChallengeExtensions{Scope: mfav1pb.ChallengeScope_CHALLENGE_SCOPE_USER_SESSION}
challenge, err := auth.mfaAuthChallenge(ctx, user, chalExt)
if err != nil {
return nil, trace.Wrap(err)
@@ -5777,8 +5777,7 @@ func NewGRPCServer(cfg GRPCServerConfig) (*GRPCServer, error) {
if err != nil {
return nil, trace.Wrap(err)
}
-
- userspb.RegisterUsersServiceServer(server, usersService)
+ usersv1pb.RegisterUsersServiceServer(server, usersService)
botService, err := machineidv1.NewBotService(machineidv1.BotServiceConfig{
Authorizer: cfg.Authorizer,
@@ -5800,7 +5799,7 @@ func NewGRPCServer(cfg GRPCServerConfig) (*GRPCServer, error) {
if err != nil {
return nil, trace.Wrap(err, "creating database objectImportRule service")
}
- dbobjectimportrulev12.RegisterDatabaseObjectImportRuleServiceServer(server, dbObjectImportRuleService)
+ dbobjectimportrulev1pb.RegisterDatabaseObjectImportRuleServiceServer(server, dbObjectImportRuleService)
workloadIdentityService, err := machineidv1.NewWorkloadIdentityService(machineidv1.WorkloadIdentityServiceConfig{
Authorizer: cfg.Authorizer,
@@ -5834,7 +5833,7 @@ func NewGRPCServer(cfg GRPCServerConfig) (*GRPCServer, error) {
if err != nil {
return nil, trace.Wrap(err, "creating database object service")
}
- dbobjectpb.RegisterDatabaseObjectServiceServer(server, dbObjectService)
+ dbobjectv1pb.RegisterDatabaseObjectServiceServer(server, dbObjectService)
authServer := &GRPCServer{
APIConfig: cfg.APIConfig,
@@ -5868,7 +5867,7 @@ func NewGRPCServer(cfg GRPCServerConfig) (*GRPCServer, error) {
authpb.RegisterAuthServiceServer(server, authServer)
collectortracepb.RegisterTraceServiceServer(server, authServer)
- auditlogpb.RegisterAuditLogServiceServer(server, authServer)
+ auditlogv1pb.RegisterAuditLogServiceServer(server, authServer)
trust, err := trustv1.NewService(&trustv1.ServiceConfig{
Authorizer: cfg.Authorizer,
@@ -5879,7 +5878,7 @@ func NewGRPCServer(cfg GRPCServerConfig) (*GRPCServer, error) {
if err != nil {
return nil, trace.Wrap(err)
}
- trustpb.RegisterTrustServiceServer(server, trust)
+ trustv1pb.RegisterTrustServiceServer(server, trust)
// Initialize and register the assist service.
assistSrv, err := assistv1.NewService(&assistv1.ServiceConfig{
@@ -5892,8 +5891,8 @@ func NewGRPCServer(cfg GRPCServerConfig) (*GRPCServer, error) {
if err != nil {
return nil, trace.Wrap(err)
}
- assist.RegisterAssistServiceServer(server, assistSrv)
- assist.RegisterAssistEmbeddingServiceServer(server, assistSrv)
+ assistv1pb.RegisterAssistServiceServer(server, assistSrv)
+ assistv1pb.RegisterAssistEmbeddingServiceServer(server, assistSrv)
// create server with no-op role to pass to JoinService server
serverWithNopRole, err := serverWithNopRole(cfg)
@@ -5910,9 +5909,9 @@ func NewGRPCServer(cfg GRPCServerConfig) (*GRPCServer, error) {
if err != nil {
return nil, trace.Wrap(err)
}
- oktapb.RegisterOktaServiceServer(server, oktaServiceServer)
+ oktav1pb.RegisterOktaServiceServer(server, oktaServiceServer)
- integrationServiceServer, err := integrationService.NewService(&integrationService.ServiceConfig{
+ integrationServiceServer, err := integrationv1.NewService(&integrationv1.ServiceConfig{
Authorizer: cfg.Authorizer,
Backend: cfg.AuthServer.Services,
Cache: cfg.AuthServer.Cache,
@@ -5923,9 +5922,9 @@ func NewGRPCServer(cfg GRPCServerConfig) (*GRPCServer, error) {
if err != nil {
return nil, trace.Wrap(err)
}
- integrationpb.RegisterIntegrationServiceServer(server, integrationServiceServer)
+ integrationv1pb.RegisterIntegrationServiceServer(server, integrationServiceServer)
- integrationAWSOIDCServiceServer, err := integrationService.NewAWSOIDCService(&integrationService.AWSOIDCServiceConfig{
+ integrationAWSOIDCServiceServer, err := integrationv1.NewAWSOIDCService(&integrationv1.AWSOIDCServiceConfig{
Authorizer: cfg.Authorizer,
IntegrationService: integrationServiceServer,
Cache: cfg.AuthServer,
@@ -5935,7 +5934,7 @@ func NewGRPCServer(cfg GRPCServerConfig) (*GRPCServer, error) {
if err != nil {
return nil, trace.Wrap(err)
}
- integrationpb.RegisterAWSOIDCServiceServer(server, integrationAWSOIDCServiceServer)
+ integrationv1pb.RegisterAWSOIDCServiceServer(server, integrationAWSOIDCServiceServer)
discoveryConfig, err := discoveryconfigv1.NewService(discoveryconfigv1.ServiceConfig{
Authorizer: cfg.Authorizer,
@@ -5946,7 +5945,7 @@ func NewGRPCServer(cfg GRPCServerConfig) (*GRPCServer, error) {
if err != nil {
return nil, trace.Wrap(err)
}
- discoveryconfigpb.RegisterDiscoveryConfigServiceServer(server, discoveryConfig)
+ discoveryconfigv1pb.RegisterDiscoveryConfigServiceServer(server, discoveryConfig)
crownJewel, err := crownjewelv1.NewService(crownjewelv1.ServiceConfig{
Authorizer: cfg.Authorizer,
@@ -5956,7 +5955,7 @@ func NewGRPCServer(cfg GRPCServerConfig) (*GRPCServer, error) {
if err != nil {
return nil, trace.Wrap(err)
}
- crownjewelpb.RegisterCrownJewelServiceServer(server, crownJewel)
+ crownjewelv1pb.RegisterCrownJewelServiceServer(server, crownJewel)
// Initialize and register the user preferences service.
userPreferencesSrv, err := userpreferencesv1.NewService(&userpreferencesv1.ServiceConfig{
@@ -5966,7 +5965,7 @@ func NewGRPCServer(cfg GRPCServerConfig) (*GRPCServer, error) {
if err != nil {
return nil, trace.Wrap(err)
}
- userpreferencespb.RegisterUserPreferencesServiceServer(server, userPreferencesSrv)
+ userpreferencesv1pb.RegisterUserPreferencesServiceServer(server, userPreferencesSrv)
// Initialize and register the user login state service.
userLoginState, err := local.NewUserLoginStateService(cfg.AuthServer.bk)
@@ -5974,14 +5973,14 @@ func NewGRPCServer(cfg GRPCServerConfig) (*GRPCServer, error) {
return nil, trace.Wrap(err)
}
- userLoginStateServer, err := userloginstate.NewService(userloginstate.ServiceConfig{
+ userLoginStateServer, err := userloginstatev1.NewService(userloginstatev1.ServiceConfig{
Authorizer: cfg.Authorizer,
UserLoginStates: userLoginState,
})
if err != nil {
return nil, trace.Wrap(err)
}
- userloginstatev1.RegisterUserLoginStateServiceServer(server, userLoginStateServer)
+ userloginstatev1pb.RegisterUserLoginStateServiceServer(server, userLoginStateServer)
clusterConfigService, err := clusterconfigv1.NewService(clusterconfigv1.ServiceConfig{
Cache: cfg.AuthServer.Cache,
@@ -6000,7 +5999,7 @@ func NewGRPCServer(cfg GRPCServerConfig) (*GRPCServer, error) {
return nil, trace.Wrap(err)
}
- clusterconfigpb.RegisterClusterConfigServiceServer(server, clusterConfigService)
+ clusterconfigv1pb.RegisterClusterConfigServiceServer(server, clusterConfigService)
// Initialize and register the Kubernetes waiting container service.
kubeWaitingContsServer, err := kubewaitingcontainerv1.NewService(kubewaitingcontainerv1.ServiceConfig{
@@ -6011,7 +6010,7 @@ func NewGRPCServer(cfg GRPCServerConfig) (*GRPCServer, error) {
if err != nil {
return nil, trace.Wrap(err)
}
- kubewaitingcontainerpb.RegisterKubeWaitingContainersServiceServer(server, kubeWaitingContsServer)
+ kubewaitingcontainerv1pb.RegisterKubeWaitingContainersServiceServer(server, kubeWaitingContsServer)
accessMonitoringRuleServer, err := accessmonitoringrulesv1.NewService(&accessmonitoringrulesv1.ServiceConfig{
Authorizer: cfg.Authorizer,
@@ -6021,13 +6020,13 @@ func NewGRPCServer(cfg GRPCServerConfig) (*GRPCServer, error) {
if err != nil {
return nil, trace.Wrap(err)
}
- accessmonitoringrules.RegisterAccessMonitoringRulesServiceServer(server, accessMonitoringRuleServer)
+ accessmonitoringrulesv1pb.RegisterAccessMonitoringRulesServiceServer(server, accessMonitoringRuleServer)
// Only register the service if this is an open source build. Enterprise builds
// register the actual service via an auth plugin, if we register here then all
// Enterprise builds would fail with a duplicate service registered error.
if cfg.PluginRegistry == nil || !cfg.PluginRegistry.IsRegistered("auth.enterprise") {
- loginrulepb.RegisterLoginRuleServiceServer(server, loginrule.NotImplementedService{})
+ loginrulev1pb.RegisterLoginRuleServiceServer(server, loginrulev1.NotImplementedService{})
}
return authServer, nil
@@ -6081,7 +6080,7 @@ func (g *GRPCServer) authenticate(ctx context.Context) (*grpcContext, error) {
}
// GetUnstructuredEvents searches for events on the backend and sends them back in an unstructured format.
-func (g *GRPCServer) GetUnstructuredEvents(ctx context.Context, req *auditlogpb.GetUnstructuredEventsRequest) (*auditlogpb.EventsUnstructured, error) {
+func (g *GRPCServer) GetUnstructuredEvents(ctx context.Context, req *auditlogv1pb.GetUnstructuredEventsRequest) (*auditlogv1pb.EventsUnstructured, error) {
auth, err := g.authenticate(ctx)
if err != nil {
return nil, trace.Wrap(err)
@@ -6099,7 +6098,7 @@ func (g *GRPCServer) GetUnstructuredEvents(ctx context.Context, req *auditlogpb.
return nil, trace.Wrap(err)
}
- unstructuredEvents := make([]*auditlogpb.EventUnstructured, 0, len(rawEvents))
+ unstructuredEvents := make([]*auditlogv1pb.EventUnstructured, 0, len(rawEvents))
for _, event := range rawEvents {
unstructuredEvent, err := apievents.ToUnstructured(event)
if err != nil {
@@ -6108,14 +6107,14 @@ func (g *GRPCServer) GetUnstructuredEvents(ctx context.Context, req *auditlogpb.
unstructuredEvents = append(unstructuredEvents, unstructuredEvent)
}
- return &auditlogpb.EventsUnstructured{
+ return &auditlogv1pb.EventsUnstructured{
Items: unstructuredEvents,
LastKey: lastkey,
}, nil
}
// StreamUnstructuredSessionEvents streams all events from a given session recording as an unstructured format.
-func (g *GRPCServer) StreamUnstructuredSessionEvents(req *auditlogpb.StreamUnstructuredSessionEventsRequest, stream auditlogpb.AuditLogService_StreamUnstructuredSessionEventsServer) error {
+func (g *GRPCServer) StreamUnstructuredSessionEvents(req *auditlogv1pb.StreamUnstructuredSessionEventsRequest, stream auditlogv1pb.AuditLogService_StreamUnstructuredSessionEventsServer) error {
auth, err := g.authenticate(stream.Context())
if err != nil {
return trace.Wrap(err)
diff --git a/lib/auth/kubewaitingcontainer/service.go b/lib/auth/kubewaitingcontainer/kubewaitingcontainerv1/service.go
similarity index 99%
rename from lib/auth/kubewaitingcontainer/service.go
rename to lib/auth/kubewaitingcontainer/kubewaitingcontainerv1/service.go
index 579ccccd00dde..0f45a1271bbb0 100644
--- a/lib/auth/kubewaitingcontainer/service.go
+++ b/lib/auth/kubewaitingcontainer/kubewaitingcontainerv1/service.go
@@ -14,7 +14,7 @@
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see .
-package kubewaitingcontainer
+package kubewaitingcontainerv1
import (
"context"
diff --git a/lib/auth/kubewaitingcontainer/service_test.go b/lib/auth/kubewaitingcontainer/kubewaitingcontainerv1/service_test.go
similarity index 99%
rename from lib/auth/kubewaitingcontainer/service_test.go
rename to lib/auth/kubewaitingcontainer/kubewaitingcontainerv1/service_test.go
index 958ea577c0cb2..637d42b72b8e3 100644
--- a/lib/auth/kubewaitingcontainer/service_test.go
+++ b/lib/auth/kubewaitingcontainer/kubewaitingcontainerv1/service_test.go
@@ -14,7 +14,7 @@
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see .
-package kubewaitingcontainer
+package kubewaitingcontainerv1
import (
"context"
diff --git a/lib/auth/loginrule/service.go b/lib/auth/loginrule/loginrulev1/service.go
similarity index 99%
rename from lib/auth/loginrule/service.go
rename to lib/auth/loginrule/loginrulev1/service.go
index 3a982f7e76224..d46951ac943d7 100644
--- a/lib/auth/loginrule/service.go
+++ b/lib/auth/loginrule/loginrulev1/service.go
@@ -16,7 +16,7 @@
* along with this program. If not, see .
*/
-package loginrule
+package loginrulev1
import (
"context"
diff --git a/lib/auth/userloginstate/service.go b/lib/auth/userloginstate/userloginstatev1/service.go
similarity index 99%
rename from lib/auth/userloginstate/service.go
rename to lib/auth/userloginstate/userloginstatev1/service.go
index 743a7753f8929..1b4bbb43cc2a1 100644
--- a/lib/auth/userloginstate/service.go
+++ b/lib/auth/userloginstate/userloginstatev1/service.go
@@ -16,7 +16,7 @@
* along with this program. If not, see .
*/
-package userloginstate
+package userloginstatev1
import (
"context"
diff --git a/lib/auth/userloginstate/service_test.go b/lib/auth/userloginstate/userloginstatev1/service_test.go
similarity index 79%
rename from lib/auth/userloginstate/service_test.go
rename to lib/auth/userloginstate/userloginstatev1/service_test.go
index 59e64f6b36305..9a7418844ed44 100644
--- a/lib/auth/userloginstate/service_test.go
+++ b/lib/auth/userloginstate/userloginstatev1/service_test.go
@@ -16,7 +16,7 @@
* along with this program. If not, see .
*/
-package userloginstate
+package userloginstatev1
import (
"context"
@@ -28,7 +28,7 @@ import (
"github.com/jonboulle/clockwork"
"github.com/stretchr/testify/require"
- userloginstatev1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/userloginstate/v1"
+ userloginstatepb "github.com/gravitational/teleport/api/gen/proto/go/teleport/userloginstate/v1"
"github.com/gravitational/teleport/api/types"
"github.com/gravitational/teleport/api/types/header"
"github.com/gravitational/teleport/api/types/trait"
@@ -68,24 +68,24 @@ func TestGetUserLoginStates(t *testing.T) {
ctx, noAccessCtx, svc := initSvc(t)
- getResp, err := svc.GetUserLoginStates(ctx, &userloginstatev1.GetUserLoginStatesRequest{})
+ getResp, err := svc.GetUserLoginStates(ctx, &userloginstatepb.GetUserLoginStatesRequest{})
require.NoError(t, err)
require.Empty(t, getResp.UserLoginStates)
uls1 := newUserLoginState(t, "1", nil, stRoles, stTraits, stRoles, stTraits)
uls2 := newUserLoginState(t, "2", nil, stRoles, stTraits, stRoles, stTraits)
- _, err = svc.UpsertUserLoginState(ctx, &userloginstatev1.UpsertUserLoginStateRequest{UserLoginState: conv.ToProto(uls1)})
+ _, err = svc.UpsertUserLoginState(ctx, &userloginstatepb.UpsertUserLoginStateRequest{UserLoginState: conv.ToProto(uls1)})
require.NoError(t, err)
- _, err = svc.UpsertUserLoginState(ctx, &userloginstatev1.UpsertUserLoginStateRequest{UserLoginState: conv.ToProto(uls2)})
+ _, err = svc.UpsertUserLoginState(ctx, &userloginstatepb.UpsertUserLoginStateRequest{UserLoginState: conv.ToProto(uls2)})
require.NoError(t, err)
- getResp, err = svc.GetUserLoginStates(ctx, &userloginstatev1.GetUserLoginStatesRequest{})
+ getResp, err = svc.GetUserLoginStates(ctx, &userloginstatepb.GetUserLoginStatesRequest{})
require.NoError(t, err)
require.Empty(t, cmp.Diff([]*userloginstate.UserLoginState{uls1, uls2}, mustFromProtoAll(t, getResp.UserLoginStates...), cmpOpts...))
- _, err = svc.GetUserLoginStates(noAccessCtx, &userloginstatev1.GetUserLoginStatesRequest{})
+ _, err = svc.GetUserLoginStates(noAccessCtx, &userloginstatepb.GetUserLoginStatesRequest{})
require.True(t, trace.IsAccessDenied(err))
}
@@ -94,20 +94,20 @@ func TestUpsertUserLoginStates(t *testing.T) {
ctx, noAccessCtx, svc := initSvc(t)
- getResp, err := svc.GetUserLoginStates(ctx, &userloginstatev1.GetUserLoginStatesRequest{})
+ getResp, err := svc.GetUserLoginStates(ctx, &userloginstatepb.GetUserLoginStatesRequest{})
require.NoError(t, err)
require.Empty(t, getResp.UserLoginStates)
uls1 := newUserLoginState(t, "1", nil, stRoles, stTraits, stRoles, stTraits)
uls2 := newUserLoginState(t, "2", nil, stRoles, stTraits, stRoles, stTraits)
- _, err = svc.UpsertUserLoginState(ctx, &userloginstatev1.UpsertUserLoginStateRequest{UserLoginState: conv.ToProto(uls1)})
+ _, err = svc.UpsertUserLoginState(ctx, &userloginstatepb.UpsertUserLoginStateRequest{UserLoginState: conv.ToProto(uls1)})
require.NoError(t, err)
- _, err = svc.UpsertUserLoginState(noAccessCtx, &userloginstatev1.UpsertUserLoginStateRequest{UserLoginState: conv.ToProto(uls2)})
+ _, err = svc.UpsertUserLoginState(noAccessCtx, &userloginstatepb.UpsertUserLoginStateRequest{UserLoginState: conv.ToProto(uls2)})
require.True(t, trace.IsAccessDenied(err))
- getResp, err = svc.GetUserLoginStates(ctx, &userloginstatev1.GetUserLoginStatesRequest{})
+ getResp, err = svc.GetUserLoginStates(ctx, &userloginstatepb.GetUserLoginStatesRequest{})
require.NoError(t, err)
require.Empty(t, cmp.Diff([]*userloginstate.UserLoginState{uls1}, mustFromProtoAll(t, getResp.UserLoginStates...), cmpOpts...))
}
@@ -117,22 +117,22 @@ func TestGetUserLoginState(t *testing.T) {
ctx, noAccessCtx, svc := initSvc(t)
- getResp, err := svc.GetUserLoginStates(ctx, &userloginstatev1.GetUserLoginStatesRequest{})
+ getResp, err := svc.GetUserLoginStates(ctx, &userloginstatepb.GetUserLoginStatesRequest{})
require.NoError(t, err)
require.Empty(t, getResp.UserLoginStates)
uls1 := newUserLoginState(t, "1", nil, stRoles, stTraits, stRoles, stTraits)
- _, err = svc.UpsertUserLoginState(ctx, &userloginstatev1.UpsertUserLoginStateRequest{UserLoginState: conv.ToProto(uls1)})
+ _, err = svc.UpsertUserLoginState(ctx, &userloginstatepb.UpsertUserLoginStateRequest{UserLoginState: conv.ToProto(uls1)})
require.NoError(t, err)
- get, err := svc.GetUserLoginState(ctx, &userloginstatev1.GetUserLoginStateRequest{
+ get, err := svc.GetUserLoginState(ctx, &userloginstatepb.GetUserLoginStateRequest{
Name: uls1.GetName(),
})
require.NoError(t, err)
require.Empty(t, cmp.Diff(uls1, mustFromProto(t, get), cmpOpts...))
- _, err = svc.GetUserLoginState(noAccessCtx, &userloginstatev1.GetUserLoginStateRequest{
+ _, err = svc.GetUserLoginState(noAccessCtx, &userloginstatepb.GetUserLoginStateRequest{
Name: uls1.GetName(),
})
require.True(t, trace.IsAccessDenied(err))
@@ -143,25 +143,25 @@ func TestDeleteUserLoginState(t *testing.T) {
ctx, _, svc := initSvc(t)
- getResp, err := svc.GetUserLoginStates(ctx, &userloginstatev1.GetUserLoginStatesRequest{})
+ getResp, err := svc.GetUserLoginStates(ctx, &userloginstatepb.GetUserLoginStatesRequest{})
require.NoError(t, err)
require.Empty(t, getResp.UserLoginStates)
uls1 := newUserLoginState(t, "1", nil, stRoles, stTraits, stRoles, stTraits)
- _, err = svc.UpsertUserLoginState(ctx, &userloginstatev1.UpsertUserLoginStateRequest{UserLoginState: conv.ToProto(uls1)})
+ _, err = svc.UpsertUserLoginState(ctx, &userloginstatepb.UpsertUserLoginStateRequest{UserLoginState: conv.ToProto(uls1)})
require.NoError(t, err)
- get, err := svc.GetUserLoginState(ctx, &userloginstatev1.GetUserLoginStateRequest{
+ get, err := svc.GetUserLoginState(ctx, &userloginstatepb.GetUserLoginStateRequest{
Name: uls1.GetName(),
})
require.NoError(t, err)
require.Empty(t, cmp.Diff(uls1, mustFromProto(t, get), cmpOpts...))
- _, err = svc.DeleteUserLoginState(ctx, &userloginstatev1.DeleteUserLoginStateRequest{Name: uls1.GetName()})
+ _, err = svc.DeleteUserLoginState(ctx, &userloginstatepb.DeleteUserLoginStateRequest{Name: uls1.GetName()})
require.NoError(t, err)
- _, err = svc.GetUserLoginState(ctx, &userloginstatev1.GetUserLoginStateRequest{Name: uls1.GetName()})
+ _, err = svc.GetUserLoginState(ctx, &userloginstatepb.GetUserLoginStateRequest{Name: uls1.GetName()})
require.True(t, trace.IsNotFound(err))
}
@@ -170,27 +170,27 @@ func TestDeleteAllAccessLists(t *testing.T) {
ctx, _, svc := initSvc(t)
- getResp, err := svc.GetUserLoginStates(ctx, &userloginstatev1.GetUserLoginStatesRequest{})
+ getResp, err := svc.GetUserLoginStates(ctx, &userloginstatepb.GetUserLoginStatesRequest{})
require.NoError(t, err)
require.Empty(t, getResp.UserLoginStates)
uls1 := newUserLoginState(t, "1", nil, stRoles, stTraits, stRoles, stTraits)
uls2 := newUserLoginState(t, "2", nil, stRoles, stTraits, stRoles, stTraits)
- _, err = svc.UpsertUserLoginState(ctx, &userloginstatev1.UpsertUserLoginStateRequest{UserLoginState: conv.ToProto(uls1)})
+ _, err = svc.UpsertUserLoginState(ctx, &userloginstatepb.UpsertUserLoginStateRequest{UserLoginState: conv.ToProto(uls1)})
require.NoError(t, err)
- _, err = svc.UpsertUserLoginState(ctx, &userloginstatev1.UpsertUserLoginStateRequest{UserLoginState: conv.ToProto(uls2)})
+ _, err = svc.UpsertUserLoginState(ctx, &userloginstatepb.UpsertUserLoginStateRequest{UserLoginState: conv.ToProto(uls2)})
require.NoError(t, err)
- getResp, err = svc.GetUserLoginStates(ctx, &userloginstatev1.GetUserLoginStatesRequest{})
+ getResp, err = svc.GetUserLoginStates(ctx, &userloginstatepb.GetUserLoginStatesRequest{})
require.NoError(t, err)
require.Empty(t, cmp.Diff([]*userloginstate.UserLoginState{uls1, uls2}, mustFromProtoAll(t, getResp.UserLoginStates...), cmpOpts...))
- _, err = svc.DeleteAllUserLoginStates(ctx, &userloginstatev1.DeleteAllUserLoginStatesRequest{})
+ _, err = svc.DeleteAllUserLoginStates(ctx, &userloginstatepb.DeleteAllUserLoginStatesRequest{})
require.NoError(t, err)
- getResp, err = svc.GetUserLoginStates(ctx, &userloginstatev1.GetUserLoginStatesRequest{})
+ getResp, err = svc.GetUserLoginStates(ctx, &userloginstatepb.GetUserLoginStatesRequest{})
require.NoError(t, err)
require.Empty(t, getResp.UserLoginStates)
}
@@ -298,7 +298,7 @@ func genUserContext(ctx context.Context, username string, groups []string) conte
})
}
-func mustFromProto(t *testing.T, uls *userloginstatev1.UserLoginState) *userloginstate.UserLoginState {
+func mustFromProto(t *testing.T, uls *userloginstatepb.UserLoginState) *userloginstate.UserLoginState {
t.Helper()
out, err := conv.FromProto(uls)
@@ -307,7 +307,7 @@ func mustFromProto(t *testing.T, uls *userloginstatev1.UserLoginState) *userlogi
return out
}
-func mustFromProtoAll(t *testing.T, ulsList ...*userloginstatev1.UserLoginState) []*userloginstate.UserLoginState {
+func mustFromProtoAll(t *testing.T, ulsList ...*userloginstatepb.UserLoginState) []*userloginstate.UserLoginState {
t.Helper()
var convertedUlsList []*userloginstate.UserLoginState
@@ -319,3 +319,21 @@ func mustFromProtoAll(t *testing.T, ulsList ...*userloginstatev1.UserLoginState)
return convertedUlsList
}
+
+func newUserLoginState(t *testing.T, name string, labels map[string]string, originalRoles []string, originalTraits map[string][]string,
+ roles []string, traits map[string][]string) *userloginstate.UserLoginState {
+ t.Helper()
+
+ uls, err := userloginstate.New(header.Metadata{
+ Name: name,
+ Labels: labels,
+ }, userloginstate.Spec{
+ OriginalRoles: originalRoles,
+ OriginalTraits: originalTraits,
+ Roles: roles,
+ Traits: traits,
+ })
+ require.NoError(t, err)
+
+ return uls
+}