move readonly types to services/readonly

Author: rosstimothy

api/types/app.go

@@ -88,55 +88,6 @@ type Application interface {
 	GetCORS() *CORSPolicy
 }
 
-// ReadOnlyApplication is a read only variant of Application.
-type ReadOnlyApplication interface {
-	// ReadOnlyResourceWithLabels provides common resource methods.
-	ReadOnlyResourceWithLabels
-	// GetNamespace returns the app namespace.
-	GetNamespace() string
-	// GetStaticLabels returns the app static labels.
-	GetStaticLabels() map[string]string
-	// GetDynamicLabels returns the app dynamic labels.
-	GetDynamicLabels() map[string]CommandLabel
-	// String returns string representation of the app.
-	String() string
-	// GetDescription returns the app description.
-	GetDescription() string
-	// GetURI returns the app connection endpoint.
-	GetURI() string
-	// GetPublicAddr returns the app public address.
-	GetPublicAddr() string
-	// GetInsecureSkipVerify returns the app insecure setting.
-	GetInsecureSkipVerify() bool
-	// GetRewrite returns the app rewrite configuration.
-	GetRewrite() *Rewrite
-	// IsAWSConsole returns true if this app is AWS management console.
-	IsAWSConsole() bool
-	// IsAzureCloud returns true if this app represents Azure Cloud instance.
-	IsAzureCloud() bool
-	// IsGCP returns true if this app represents GCP instance.
-	IsGCP() bool
-	// IsTCP returns true if this app represents a TCP endpoint.
-	IsTCP() bool
-	// GetProtocol returns the application protocol.
-	GetProtocol() string
-	// GetAWSAccountID returns value of label containing AWS account ID on this app.
-	GetAWSAccountID() string
-	// GetAWSExternalID returns the AWS External ID configured for this app.
-	GetAWSExternalID() string
-	// GetUserGroups will get the list of user group IDs associated with the application.
-	GetUserGroups() []string
-	// Copy returns a copy of this app resource.
-	Copy() *AppV3
-	// GetIntegration will return the Integration.
-	// If present, the Application must use the Integration's credentials instead of ambient credentials to access Cloud APIs.
-	GetIntegration() string
-	// GetRequiredAppNames will return a list of required apps names that should be authenticated during this apps authentication process.
-	GetRequiredAppNames() []string
-	// GetCORS returns the CORS configuration for the app.
-	GetCORS() *CORSPolicy
-}
-
 // NewAppV3 creates a new app resource.
 func NewAppV3(meta Metadata, spec AppSpecV3) (*AppV3, error) {
 	app := &AppV3{

api/types/database.go

@@ -147,94 +147,6 @@ type Database interface {
 	IsUsernameCaseInsensitive() bool
 }
 
-// ReadOnlyDatabase is a read only variant of Database.
-type ReadOnlyDatabase interface {
-	// ReadOnlyResourceWithLabels provides common resource methods.
-	ReadOnlyResourceWithLabels
-	// GetNamespace returns the database namespace.
-	GetNamespace() string
-	// GetStaticLabels returns the database static labels.
-	GetStaticLabels() map[string]string
-	// GetDynamicLabels returns the database dynamic labels.
-	GetDynamicLabels() map[string]CommandLabel
-	// String returns string representation of the database.
-	String() string
-	// GetDescription returns the database description.
-	GetDescription() string
-	// GetProtocol returns the database protocol.
-	GetProtocol() string
-	// GetURI returns the database connection endpoint.
-	GetURI() string
-	// GetCA returns the database CA certificate.
-	GetCA() string
-	// GetTLS returns the database TLS configuration.
-	GetTLS() DatabaseTLS
-	// GetStatusCA gets the database CA certificate in the status field.
-	GetStatusCA() string
-	// GetMySQL returns the database options from spec.
-	GetMySQL() MySQLOptions
-	// GetOracle returns the database options from spec.
-	GetOracle() OracleOptions
-	// GetMySQLServerVersion returns the MySQL server version either from configuration or
-	// reported by the database.
-	GetMySQLServerVersion() string
-	// GetAWS returns the database AWS metadata.
-	GetAWS() AWS
-	// GetGCP returns GCP information for Cloud SQL databases.
-	GetGCP() GCPCloudSQL
-	// GetAzure returns Azure database server metadata.
-	GetAzure() Azure
-	// GetAD returns Active Directory database configuration.
-	GetAD() AD
-	// GetType returns the database authentication type: self-hosted, RDS, Redshift or Cloud SQL.
-	GetType() string
-	// GetSecretStore returns secret store configurations.
-	GetSecretStore() SecretStore
-	// GetManagedUsers returns a list of database users that are managed by Teleport.
-	GetManagedUsers() []string
-	// GetMongoAtlas returns Mongo Atlas database metadata.
-	GetMongoAtlas() MongoAtlas
-	// IsRDS returns true if this is an RDS/Aurora database.
-	IsRDS() bool
-	// IsRDSProxy returns true if this is an RDS Proxy database.
-	IsRDSProxy() bool
-	// IsRedshift returns true if this is a Redshift database.
-	IsRedshift() bool
-	// IsCloudSQL returns true if this is a Cloud SQL database.
-	IsCloudSQL() bool
-	// IsAzure returns true if this is an Azure database.
-	IsAzure() bool
-	// IsElastiCache returns true if this is an AWS ElastiCache database.
-	IsElastiCache() bool
-	// IsMemoryDB returns true if this is an AWS MemoryDB database.
-	IsMemoryDB() bool
-	// IsAWSHosted returns true if database is hosted by AWS.
-	IsAWSHosted() bool
-	// IsCloudHosted returns true if database is hosted in the cloud (AWS, Azure or Cloud SQL).
-	IsCloudHosted() bool
-	// RequireAWSIAMRolesAsUsers returns true for database types that require
-	// AWS IAM roles as database users.
-	RequireAWSIAMRolesAsUsers() bool
-	// SupportAWSIAMRoleARNAsUsers returns true for database types that support
-	// AWS IAM roles as database users.
-	SupportAWSIAMRoleARNAsUsers() bool
-	// Copy returns a copy of this database resource.
-	Copy() *DatabaseV3
-	// GetAdminUser returns database privileged user information.
-	GetAdminUser() DatabaseAdminUser
-	// SupportsAutoUsers returns true if this database supports automatic
-	// user provisioning.
-	SupportsAutoUsers() bool
-	// GetEndpointType returns the endpoint type of the database, if available.
-	GetEndpointType() string
-	// GetCloud gets the cloud this database is running on, or an empty string if it
-	// isn't running on a cloud provider.
-	GetCloud() string
-	// IsUsernameCaseInsensitive returns true if the database username is case
-	// insensitive.
-	IsUsernameCaseInsensitive() bool
-}
-
 // NewDatabaseV3 creates a new database resource.
 func NewDatabaseV3(meta Metadata, spec DatabaseSpecV3) (*DatabaseV3, error) {
 	database := &DatabaseV3{

api/types/kubernetes.go

@@ -80,43 +80,6 @@ type KubeCluster interface {
 	GetCloud() string
 }
 
-// ReadOnlyKubeCluster is a read only variant of KubeCluster.
-type ReadOnlyKubeCluster interface {
-	// ReadOnlyResourceWithLabels provides common resource methods.
-	ReadOnlyResourceWithLabels
-	// GetNamespace returns the kube cluster namespace.
-	GetNamespace() string
-	// GetStaticLabels returns the kube cluster static labels.
-	GetStaticLabels() map[string]string
-	// GetDynamicLabels returns the kube cluster dynamic labels.
-	GetDynamicLabels() map[string]CommandLabel
-	// GetKubeconfig returns the kubeconfig payload.
-	GetKubeconfig() []byte
-	// String returns string representation of the kube cluster.
-	String() string
-	// GetDescription returns the kube cluster description.
-	GetDescription() string
-	// GetAzureConfig gets the Azure config.
-	GetAzureConfig() KubeAzure
-	// GetAWSConfig gets the AWS config.
-	GetAWSConfig() KubeAWS
-	// GetGCPConfig gets the GCP config.
-	GetGCPConfig() KubeGCP
-	// IsAzure indentifies if the KubeCluster contains Azure details.
-	IsAzure() bool
-	// IsAWS indentifies if the KubeCluster contains AWS details.
-	IsAWS() bool
-	// IsGCP indentifies if the KubeCluster contains GCP details.
-	IsGCP() bool
-	// IsKubeconfig identifies if the KubeCluster contains kubeconfig data.
-	IsKubeconfig() bool
-	// Copy returns a copy of this kube cluster resource.
-	Copy() *KubernetesClusterV3
-	// GetCloud gets the cloud this kube cluster is running on, or an empty string if it
-	// isn't running on a cloud provider.
-	GetCloud() string
-}
-
 // DiscoveredEKSCluster represents a server discovered by EKS discovery fetchers.
 type DiscoveredEKSCluster interface {
 	// KubeCluster is base discovered cluster.

api/types/kubernetes_server.go

@@ -60,32 +60,6 @@ type KubeServer interface {
 	ProxiedService
 }
 
-// ReadOnlyKubeServer is a read only variant of KubeServer.
-type ReadOnlyKubeServer interface {
-	// ReadOnlyResourceWithLabels provides common resource methods.
-	ReadOnlyResourceWithLabels
-	// GetNamespace returns server namespace.
-	GetNamespace() string
-	// GetTeleportVersion returns the teleport version the server is running on.
-	GetTeleportVersion() string
-	// GetHostname returns the server hostname.
-	GetHostname() string
-	// GetHostID returns ID of the host the server is running on.
-	GetHostID() string
-	// GetRotation gets the state of certificate authority rotation.
-	GetRotation() Rotation
-	// String returns string representation of the server.
-	String() string
-	// Copy returns a copy of this kube server object.
-	Copy() KubeServer
-	// CloneResource returns a copy of the KubeServer as a ResourceWithLabels
-	CloneResource() ResourceWithLabels
-	// GetCluster returns the Kubernetes Cluster this kube server proxies.
-	GetCluster() KubeCluster
-	// GetProxyIDs returns a list of proxy ids this service is connected to.
-	GetProxyIDs() []string
-}
-
 // NewKubernetesServerV3 creates a new kube server instance.
 func NewKubernetesServerV3(meta Metadata, spec KubernetesServerSpecV3) (*KubernetesServerV3, error) {
 	s := &KubernetesServerV3{

api/types/resource.go

@@ -66,24 +66,6 @@ type Resource interface {
 	SetRevision(string)
 }
 
-// ReadOnlyResource is a read only variant of Resource.
-type ReadOnlyResource interface {
-	// GetKind returns resource kind
-	GetKind() string
-	// GetSubKind returns resource subkind
-	GetSubKind() string
-	// GetVersion returns resource version
-	GetVersion() string
-	// GetName returns the name of the resource
-	GetName() string
-	// Expiry returns object expiry setting
-	Expiry() time.Time
-	// GetMetadata returns object metadata
-	GetMetadata() Metadata
-	// GetRevision returns the revision
-	GetRevision() string
-}
-
 // IsSystemResource checks to see if the given resource is considered
 // part of the teleport system, as opposed to some user created resource
 // or preset.
@@ -127,13 +109,6 @@ type ResourceWithOrigin interface {
 	SetOrigin(string)
 }
 
-// ReadOnlyResourceWithOrigin is a read only variant of ResourceWithOrigin.
-type ReadOnlyResourceWithOrigin interface {
-	ReadOnlyResource
-	// Origin returns the origin value of the resource.
-	Origin() string
-}
-
 // ResourceWithLabels is a common interface for resources that have labels.
 type ResourceWithLabels interface {
 	// ResourceWithOrigin is the base resource interface.
@@ -151,20 +126,6 @@ type ResourceWithLabels interface {
 	MatchSearch(searchValues []string) bool
 }
 
-// ReadOnlyResourceWithLabels is a read only variant of ResourceWithLabels.
-type ReadOnlyResourceWithLabels interface {
-	ReadOnlyResourceWithOrigin
-	// GetLabel retrieves the label with the provided key.
-	GetLabel(key string) (value string, ok bool)
-	// GetAllLabels returns all resource's labels.
-	GetAllLabels() map[string]string
-	// GetStaticLabels returns the resource's static labels.
-	GetStaticLabels() map[string]string
-	// MatchSearch goes through select field values of a resource
-	// and tries to match against the list of search values.
-	MatchSearch(searchValues []string) bool
-}
-
 // EnrichedResource is a [ResourceWithLabels] wrapped with
 // additional user-specific information.
 type EnrichedResource struct {

api/types/server.go

@@ -103,62 +103,6 @@ type Server interface {
 	GetAWSAccountID() string
 }
 
-// ReadOnlyServer is a read only variant of Server.
-type ReadOnlyServer interface {
-	// ReadOnlyResourceWithLabels provides common resource headers
-	ReadOnlyResourceWithLabels
-	// GetTeleportVersion returns the teleport version the server is running on
-	GetTeleportVersion() string
-	// GetAddr return server address
-	GetAddr() string
-	// GetHostname returns server hostname
-	GetHostname() string
-	// GetNamespace returns server namespace
-	GetNamespace() string
-	// GetLabels returns server's static label key pairs
-	GetLabels() map[string]string
-	// GetCmdLabels gets command labels
-	GetCmdLabels() map[string]CommandLabel
-	// GetPublicAddr returns a public address where this server can be reached.
-	GetPublicAddr() string
-	// GetPublicAddrs returns a list of public addresses where this server can be reached.
-	GetPublicAddrs() []string
-	// GetRotation gets the state of certificate authority rotation.
-	GetRotation() Rotation
-	// GetUseTunnel gets if a reverse tunnel should be used to connect to this node.
-	GetUseTunnel() bool
-	// String returns string representation of the server
-	String() string
-	// GetPeerAddr returns the peer address of the server.
-	GetPeerAddr() string
-	// GetProxyIDs returns a list of proxy ids this service is connected to.
-	GetProxyIDs() []string
-	// DeepCopy creates a clone of this server value
-	DeepCopy() Server
-
-	// CloneResource is used to return a clone of the Server and match the CloneAny interface
-	// This is helpful when interfacing with multiple types at the same time in unified resources
-	CloneResource() ResourceWithLabels
-
-	// GetCloudMetadata gets the cloud metadata for the server.
-	GetCloudMetadata() *CloudMetadata
-	// GetAWSInfo returns the AWSInfo for the server.
-	GetAWSInfo() *AWSInfo
-
-	// IsOpenSSHNode returns whether the connection to this Server must use OpenSSH.
-	// This returns true for SubKindOpenSSHNode and SubKindOpenSSHEICENode.
-	IsOpenSSHNode() bool
-
-	// IsEICE returns whether the Node is an EICE instance.
-	// Must be `openssh-ec2-ice` subkind and have the AccountID and InstanceID information (AWS Metadata or Labels).
-	IsEICE() bool
-
-	// GetAWSInstanceID returns the AWS Instance ID if this node comes from an EC2 instance.
-	GetAWSInstanceID() string
-	// GetAWSAccountID returns the AWS Account ID if this node comes from an EC2 instance.
-	GetAWSAccountID() string
-}
-
 // NewServer creates an instance of Server.
 func NewServer(name, kind string, spec ServerSpecV2) (Server, error) {
 	return NewServerWithLabels(name, kind, spec, map[string]string{})

lib/kube/proxy/server.go

@@ -45,6 +45,7 @@ import (
 	"github.com/gravitational/teleport/lib/multiplexer"
 	"github.com/gravitational/teleport/lib/reversetunnel"
 	"github.com/gravitational/teleport/lib/services"
+	"github.com/gravitational/teleport/lib/services/readonly"
 	"github.com/gravitational/teleport/lib/srv"
 	"github.com/gravitational/teleport/lib/srv/ingress"
 )
@@ -98,7 +99,7 @@ type TLSServerConfig struct {
 	// kubernetes cluster name. Proxy uses this map to route requests to the correct
 	// kubernetes_service. The servers are kept in memory to avoid making unnecessary
 	// unmarshal calls followed by filtering and to improve memory usage.
-	KubernetesServersWatcher *services.GenericWatcher[types.KubeServer, types.ReadOnlyKubeServer]
+	KubernetesServersWatcher *services.GenericWatcher[types.KubeServer, readonly.KubeServer]
 	// PROXYProtocolMode controls behavior related to unsigned PROXY protocol headers.
 	PROXYProtocolMode multiplexer.PROXYProtocolMode
 	// InventoryHandle is used to send kube server heartbeats via the inventory control stream.
@@ -170,7 +171,7 @@ type TLSServer struct {
 	closeContext context.Context
 	closeFunc    context.CancelFunc
 	// kubeClusterWatcher monitors changes to kube cluster resources.
-	kubeClusterWatcher *services.GenericWatcher[types.KubeCluster, types.ReadOnlyKubeCluster]
+	kubeClusterWatcher *services.GenericWatcher[types.KubeCluster, readonly.KubeCluster]
 	// reconciler reconciles proxied kube clusters with kube_clusters resources.
 	reconciler *services.Reconciler[types.KubeCluster]
 	// monitoredKubeClusters contains all kube clusters the proxied kube_clusters are
@@ -620,7 +621,7 @@ func (t *TLSServer) getKubernetesServersForKubeClusterFunc() (getKubeServersByNa
 		}, nil
 	case ProxyService:
 		return func(ctx context.Context, name string) ([]types.KubeServer, error) {
-			servers, err := t.KubernetesServersWatcher.CurrentResourcesWithFilter(ctx, func(ks types.ReadOnlyKubeServer) bool {
+			servers, err := t.KubernetesServersWatcher.CurrentResourcesWithFilter(ctx, func(ks readonly.KubeServer) bool {
 				return ks.GetCluster().GetName() == name
 			})
 			return servers, trace.Wrap(err)
@@ -632,7 +633,7 @@ func (t *TLSServer) getKubernetesServersForKubeClusterFunc() (getKubeServersByNa
 			// and forward the request to the next proxy.
 			kube, err := t.getKubeClusterWithServiceLabels(name)
 			if err != nil {
-				servers, err := t.KubernetesServersWatcher.CurrentResourcesWithFilter(ctx, func(ks types.ReadOnlyKubeServer) bool {
+				servers, err := t.KubernetesServersWatcher.CurrentResourcesWithFilter(ctx, func(ks readonly.KubeServer) bool {
 					return ks.GetCluster().GetName() == name
 				})
 				return servers, trace.Wrap(err)