linter fixes and small changes.

gravitational · Feb 19, 2021 · 521d83f · 521d83f
1 parent fdb11ff
commit 521d83f
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 86 deletions.
diff --git a/api/client/client.go b/api/client/client.go
@@ -105,14 +105,6 @@ func (c *Client) setDialer(creds Credentials) error {
 	return trace.Wrap(err)
 }
 
-func (c *Client) getProxyDialer() (ContextDialer, error) {
-	proxyDialer, err := NewProxyDialer(c.sshConfig, c.c.Addrs, c.c.KeepAlivePeriod, c.c.DialTimeout)
-	if err != nil {
-		return nil, trace.Wrap(err)
-	}
-	return proxyDialer, nil
-}
-
 type grpcDialer func(ctx context.Context, addr string) (net.Conn, error)
 
 // grpcDialer wraps the given ContextDialer with a grpcDialer, which
@@ -134,29 +126,30 @@ func (c *Client) connect(ctx context.Context) error {
 	// Loop over credentials and use first successful one.
 	var err error
 	var errs []error
-	for i, creds := range c.c.Credentials {
+	for _, creds := range c.c.Credentials {
 		// Load *tls.Config from the provided credentials.
 		c.tlsConfig, err = creds.TLSConfig()
 		if err != nil {
-			trace.Errorf("Credentials[%v]: failed to set TLS config: %v", i, err)
+			errs = append(errs, trace.Wrap(err))
+			continue
+		}
+
+		c.sshConfig, err = creds.SSHConfig()
+		if err != nil {
 			errs = append(errs, trace.Wrap(err))
 			continue
 		}
 
 		// Build a dialer, prefer a dialer from credentials. If no fallback to the
 		// passed in dialer and then list of addresses.
 		if err = c.setDialer(creds); err != nil {
-			trace.Errorf("Credentials[%v]: failed to set auth dialer: %v", i, err)
 			errs = append(errs, trace.Wrap(err))
 			continue
 		}
 
-		proxyDialer, _ := c.getProxyDialer()
-
 		c.conn, err = grpc.Dial(
 			constants.APIDomain,
 			grpc.WithContextDialer(c.grpcDialer(c.dialer)),
-			grpc.WithContextDialer(c.grpcDialer(proxyDialer)),
 			grpc.WithTransportCredentials(credentials.NewTLS(c.tlsConfig)),
 			grpc.WithKeepaliveParams(keepalive.ClientParameters{
 				Time:                c.c.KeepAlivePeriod,
@@ -165,7 +158,7 @@ func (c *Client) connect(ctx context.Context) error {
 			}),
 		)
 		if err != nil {
-			errs = append(errs, trace.Errorf("Credentials[%v]: failed to dial through auth: %v", i, err))
+			errs = append(errs, trace.Wrap(err))
 			continue
 		}
 		c.grpc = proto.NewAuthServiceClient(c.conn)
@@ -174,9 +167,9 @@ func (c *Client) connect(ctx context.Context) error {
 			return nil
 		}
 
-		_, err := c.Ping(context.TODO())
+		_, err := c.Ping(ctx)
 		if err != nil {
-			errs = append(errs, trace.Errorf("CredentialsProvider[%v]: failed to dial connection: %v", i, err))
+			errs = append(errs, trace.Wrap(err))
 			continue
 		}
 

diff --git a/api/client/credentials.go b/api/client/credentials.go
@@ -34,7 +34,7 @@ type Credentials interface {
 	Dialer() (ContextDialer, error)
 	// TLSConfig returns TLS configuration used to connect to Auth.
 	TLSConfig() (*tls.Config, error)
-	// SSHConfig returns SSH configuration used to connect to Auth.
+	// SSHConfig returns SSH configuration used to connect to Proxy, may be nil.
 	SSHConfig() (*ssh.ClientConfig, error)
 }
 
@@ -54,11 +54,14 @@ func (c *TLSConfigCreds) Dialer() (ContextDialer, error) {
 }
 
 func (c *TLSConfigCreds) TLSConfig() (*tls.Config, error) {
+	if c.tlsConfig == nil {
+		return nil, trace.BadParameter("tls config is nil")
+	}
 	return configure(c.tlsConfig), nil
 }
 
 func (c *TLSConfigCreds) SSHConfig() (*ssh.ClientConfig, error) {
-	return nil, trace.NotImplemented("no ssh config")
+	return nil, nil
 }
 
 // LoadKeyPair is used to load credentials from files on disk.
@@ -103,7 +106,7 @@ func (c *KeyPairCreds) TLSConfig() (*tls.Config, error) {
 }
 
 func (c *KeyPairCreds) SSHConfig() (*ssh.ClientConfig, error) {
-	return nil, trace.NotImplemented("no ssh config")
+	return nil, nil
 }
 
 // LoadIdentityFile is used to load credentials from an identity file on disk.

diff --git a/api/client/credentials_test.go b/api/client/credentials_test.go
@@ -57,7 +57,7 @@ func TestLoadIdentityFile(t *testing.T) {
 		},
 		CACerts: CACerts{
 			TLS: [][]byte{caCertPEM},
-			SSH: [][]byte{sshCert},
+			SSH: [][]byte{sshCACert},
 		},
 	}
 	err := WriteIdentityFile(idFile, path)
@@ -81,11 +81,11 @@ func TestLoadKeyPair(t *testing.T) {
 	// Write key pair and CAs files from bytes.
 	path := t.TempDir() + "username"
 	certPath, keyPath, caPath := path+".crt", path+".key", path+".cas"
-	err := ioutil.WriteFile(certPath, []byte(certPEM), 0600)
+	err := ioutil.WriteFile(certPath, certPEM, 0600)
 	require.NoError(t, err)
 	err = ioutil.WriteFile(keyPath, keyPEM, 0600)
 	require.NoError(t, err)
-	err = ioutil.WriteFile(caPath, []byte(caCertPEM), 0600)
+	err = ioutil.WriteFile(caPath, caCertPEM, 0600)
 	require.NoError(t, err)
 
 	// Load key pair from disk and build tls.Config.
@@ -98,7 +98,7 @@ func TestLoadKeyPair(t *testing.T) {
 }
 
 func getExpectedConfig(t *testing.T) *tls.Config {
-	cert, err := tls.X509KeyPair([]byte(certPEM), []byte(keyPEM))
+	cert, err := tls.X509KeyPair(certPEM, keyPEM)
 	require.NoError(t, err)
 
 	pool := x509.NewCertPool()

diff --git a/api/client/tunneldialer.go b/api/client/tunneldialer.go
@@ -131,59 +131,3 @@ func ConnectProxyTransport(sconn ssh.Conn, req *DialReq, exclusive bool) (*utils
 	}
 	return utils.NewChConn(sconn, channel), false, nil
 }
-
-// // FindReverseTunnel uses the web proxy to discover where the SSH reverse tunnel
-// // server is running.
-// func FindReverseTunnel(ctx context.Context, addrs []utils.NetAddr, insecureTLS bool) (string, error) {
-// 	var errs []error
-// 	for _, addr := range addrs {
-// 		// In insecure mode, any certificate is accepted. In secure mode the hosts
-// 		// CAs are used to validate the certificate on the proxy.
-// 		resp, err := client.Find(ctx, addr.String(), insecureTLS, nil)
-// 		if err == nil {
-// 			return tunnelAddr(addr, resp.Proxy)
-// 		}
-// 		errs = append(errs, err)
-// 	}
-// 	return "", trace.NewAggregate(errs...)
-// }
-
-// // tunnelAddr returns the tunnel address in the following preference order:
-// //  1. Reverse Tunnel Public Address.
-// //  2. SSH Proxy Public Address.
-// //  3. HTTP Proxy Public Address.
-// //  4. Tunnel Listen Address.
-// func tunnelAddr(webAddr utils.NetAddr, settings client.ProxySettings) (string, error) {
-// 	// Extract the port the tunnel server is listening on.
-// 	netAddr, err := utils.ParseHostPortAddr(settings.SSH.TunnelListenAddr, defaults.SSHProxyTunnelListenPort)
-// 	if err != nil {
-// 		return "", trace.Wrap(err)
-// 	}
-// 	tunnelPort := netAddr.Port(defaults.SSHProxyTunnelListenPort)
-
-// 	// If a tunnel public address is set, nothing else has to be done, return it.
-// 	if settings.SSH.TunnelPublicAddr != "" {
-// 		return settings.SSH.TunnelPublicAddr, nil
-// 	}
-
-// 	// If a tunnel public address has not been set, but a related HTTP or SSH
-// 	// public address has been set, extract the hostname but use the port from
-// 	// the tunnel listen address.
-// 	if settings.SSH.SSHPublicAddr != "" {
-// 		addr, err := utils.ParseHostPortAddr(settings.SSH.SSHPublicAddr, tunnelPort)
-// 		if err != nil {
-// 			return "", trace.Wrap(err)
-// 		}
-// 		return net.JoinHostPort(addr.Host(), strconv.Itoa(tunnelPort)), nil
-// 	}
-// 	if settings.SSH.PublicAddr != "" {
-// 		addr, err := utils.ParseHostPortAddr(settings.SSH.PublicAddr, tunnelPort)
-// 		if err != nil {
-// 			return "", trace.Wrap(err)
-// 		}
-// 		return net.JoinHostPort(addr.Host(), strconv.Itoa(tunnelPort)), nil
-// 	}
-
-// 	// If nothing is set, fallback to the address we dialed.
-// 	return net.JoinHostPort(webAddr.Host(), strconv.Itoa(tunnelPort)), nil
-// }
diff --git a/examples/go-client/main.go b/examples/go-client/main.go
@@ -44,13 +44,13 @@ func main() {
 	clt, err := client.New(ctx, client.Config{
 		// Addrs can be auth, proxy, or webproxy addresses. Each will be dialed until one
 		// provides a successful connection.
-		Addrs: []string{"localhost:3025", "localhost:3024", "proxy.example.com:3080"},
+		Addrs: []string{"localhost:3080", "localhost:3024", "localhost:3025"},
 		// Multiple credentials can be tried by providing credentialProviders. The first
 		// provider to provide valid credentials will be used to authenticate the client.
 		Credentials: []client.Credentials{
 			client.LoadIdentityFile(idFilePath),
-			client.LoadKeyPair(crtPath, keyPath, casPath),
-			client.LoadTLS(tlsConfig),
+			// client.LoadKeyPair(crtPath, keyPath, casPath),
+			// client.LoadTLS(tlsConfig),
 		},
 	})
 	if err != nil {

diff --git a/tool/tsh/tsh.go b/tool/tsh/tsh.go
@@ -35,8 +35,8 @@ import (
 	"golang.org/x/crypto/ssh/agent"
 
 	"github.com/gravitational/teleport"
+	apiclient "github.com/gravitational/teleport/api/client"
 	"github.com/gravitational/teleport/api/types"
-	apiutils "github.com/gravitational/teleport/api/utils"
 	"github.com/gravitational/teleport/lib/asciitable"
 	"github.com/gravitational/teleport/lib/auth"
 	"github.com/gravitational/teleport/lib/backend"
@@ -824,7 +824,7 @@ func setupNoninteractiveClient(tc *client.TeleportClient, key *client.Key) error
 						return false
 					}
 					for _, caKey := range caKeys {
-						if apiutils.KeysEqual(caKey, hostCAKey) {
+						if apiclient.KeysEqual(caKey, hostCAKey) {
 							return true
 						}
 					}
@@ -1700,7 +1700,7 @@ func authFromIdentity(k *client.Key) (ssh.AuthMethod, error) {
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
-	return apiutils.NewAuthMethodForCert(signer), nil
+	return apiclient.NewAuthMethodForCert(signer), nil
 }
 
 // onShow reads an identity file (a public SSH key or a cert) and dumps it to stdout