From 614c26cba40beedebedabda904a3355fa583c0e1 Mon Sep 17 00:00:00 2001 From: joerger Date: Sat, 17 Aug 2024 14:49:23 -0700 Subject: [PATCH 1/2] Disable tcp app session recording. --- lib/srv/app/connections_handler.go | 22 +++------------------- lib/srv/app/tcpserver.go | 14 ++++++++++---- 2 files changed, 13 insertions(+), 23 deletions(-) diff --git a/lib/srv/app/connections_handler.go b/lib/srv/app/connections_handler.go index 38457df745ff9..179f6e4bec284 100644 --- a/lib/srv/app/connections_handler.go +++ b/lib/srv/app/connections_handler.go @@ -384,25 +384,9 @@ func (c *ConnectionsHandler) sessionStartTime(ctx context.Context) time.Time { // newTCPServer creates a server that proxies TCP applications. func (c *ConnectionsHandler) newTCPServer() (*tcpServer, error) { return &tcpServer{ - newAudit: func(ctx context.Context, sessionID string) (common.Audit, error) { - // Audit stream is using server context, not session context, - // to make sure that session is uploaded even after it is closed. - rec, err := c.newSessionRecorder(c.closeContext, c.sessionStartTime(ctx), sessionID) - if err != nil { - return nil, trace.Wrap(err) - } - audit, err := common.NewAudit(common.AuditConfig{ - Emitter: c.cfg.Emitter, - Recorder: rec, - }) - if err != nil { - return nil, trace.Wrap(err) - } - - return audit, nil - }, - hostID: c.cfg.HostID, - log: c.log, + emitter: c.cfg.Emitter, + hostID: c.cfg.HostID, + log: c.log, }, nil } diff --git a/lib/srv/app/tcpserver.go b/lib/srv/app/tcpserver.go index 11f255b927654..ee1478dfc26d8 100644 --- a/lib/srv/app/tcpserver.go +++ b/lib/srv/app/tcpserver.go @@ -27,15 +27,17 @@ import ( apidefaults "github.com/gravitational/teleport/api/defaults" apitypes "github.com/gravitational/teleport/api/types" + apievents "github.com/gravitational/teleport/api/types/events" + "github.com/gravitational/teleport/lib/events" "github.com/gravitational/teleport/lib/srv/app/common" "github.com/gravitational/teleport/lib/tlsca" "github.com/gravitational/teleport/lib/utils" ) type tcpServer struct { - newAudit func(ctx context.Context, sessionID string) (common.Audit, error) - hostID string - log *slog.Logger + emitter apievents.Emitter + hostID string + log *slog.Logger } // handleConnection handles connection from a TCP application. @@ -55,10 +57,14 @@ func (s *tcpServer) handleConnection(ctx context.Context, clientConn net.Conn, i return trace.Wrap(err) } - audit, err := s.newAudit(ctx, identity.RouteToApp.SessionID) + audit, err := common.NewAudit(common.AuditConfig{ + Emitter: s.emitter, + Recorder: events.WithNoOpPreparer(events.NewDiscardRecorder()), + }) if err != nil { return trace.Wrap(err) } + if err := audit.OnSessionStart(ctx, s.hostID, identity, app); err != nil { return trace.Wrap(err) } From 9e70361c5f1c471a2ea0c0d8a12623075711443d Mon Sep 17 00:00:00 2001 From: joerger Date: Sat, 17 Aug 2024 14:50:43 -0700 Subject: [PATCH 2/2] Fix app session end event failure due to context canceled. --- lib/srv/app/tcpserver.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/srv/app/tcpserver.go b/lib/srv/app/tcpserver.go index ee1478dfc26d8..4604f55013b3f 100644 --- a/lib/srv/app/tcpserver.go +++ b/lib/srv/app/tcpserver.go @@ -69,6 +69,8 @@ func (s *tcpServer) handleConnection(ctx context.Context, clientConn net.Conn, i return trace.Wrap(err) } defer func() { + // The connection context may be closed once the connection is closed. + ctx := context.Background() if err := audit.OnSessionEnd(ctx, s.hostID, identity, app); err != nil { s.log.WarnContext(ctx, "Failed to emit session end event for app.", "app", app.GetName(), "error", err) }