From b5a7b057d2860823c8d01ca7d144f4aaa50f1b8e Mon Sep 17 00:00:00 2001
From: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
Date: Thu, 22 Aug 2024 14:29:42 -0400
Subject: [PATCH] Introduce a dedicated backend key type (#45706)
For the moment the type is nothing more than an alias for []byte.
This will allow for transitioning enterprise to use the new type
without breaking the builds. Once enterprise is updated and all
assumptions about a Key being a []byte are removed the alias will
be dropped in favor of making a Key its own type.
---
lib/auth/storage/storage.go | 2 +-
lib/backend/backend.go | 38 +++++------
lib/backend/buffer.go | 2 +-
lib/backend/buffer_test.go | 65 ++++++++++---------
lib/backend/dynamo/dynamodbbk.go | 24 +++----
lib/backend/etcdbk/etcd.go | 14 ++--
lib/backend/etcdbk/etcd_test.go | 4 +-
lib/backend/firestore/firestorebk.go | 24 +++----
lib/backend/helpers.go | 9 +--
lib/backend/key.go | 20 ++++++
lib/backend/kubernetes/kubernetes.go | 6 +-
lib/backend/kubernetes/kubernetes_test.go | 2 +-
lib/backend/lite/lite.go | 14 ++--
lib/backend/lite/periodic.go | 2 +-
lib/backend/memory/item.go | 2 +-
lib/backend/memory/memory.go | 10 +--
lib/backend/pgbk/pgbk.go | 8 +--
lib/backend/pgbk/wal2json_test.go | 10 +--
lib/backend/report.go | 12 ++--
lib/backend/sanitize.go | 12 ++--
lib/backend/sanitize_test.go | 6 +-
lib/backend/test/suite.go | 20 +++---
lib/backend/wrap.go | 8 +--
lib/service/service.go | 2 +-
lib/service/service_test.go | 2 +-
lib/services/local/dynamic_access.go | 4 +-
lib/services/local/events.go | 48 +++++++-------
lib/services/local/externalauditstorage.go | 4 +-
.../local/externalauditstorage_watcher.go | 2 +-
lib/services/local/generic/generic.go | 2 +-
lib/services/local/generic/helpers.go | 2 +-
lib/services/local/generic/nonce.go | 4 +-
lib/services/local/generic/nonce_test.go | 2 +-
lib/services/local/headlessauthn.go | 2 +-
lib/services/local/headlessauthn_watcher.go | 2 +-
lib/services/local/integrations.go | 2 +-
lib/services/local/plugin_data.go | 2 +-
lib/services/local/presence.go | 12 ++--
lib/services/local/session.go | 4 +-
lib/services/local/unstable.go | 2 +-
lib/services/local/userpreferences.go | 2 +-
lib/services/local/users.go | 10 +--
lib/services/unified_resource.go | 16 ++---
.../teleport/aggregating/service.go | 4 +-
44 files changed, 230 insertions(+), 214 deletions(-)
create mode 100644 lib/backend/key.go
diff --git a/lib/auth/storage/storage.go b/lib/auth/storage/storage.go
index 9596f12e1e645..76db71182e982 100644
--- a/lib/auth/storage/storage.go
+++ b/lib/auth/storage/storage.go
@@ -63,7 +63,7 @@ type stateBackend interface {
// exists, updates it otherwise)
Put(ctx context.Context, i backend.Item) (*backend.Lease, error)
// Get returns a single item or not found error
- Get(ctx context.Context, key []byte) (*backend.Item, error)
+ Get(ctx context.Context, key backend.Key) (*backend.Item, error)
}
// ProcessStorage is a backend for local process state,
diff --git a/lib/backend/backend.go b/lib/backend/backend.go
index 1cac249ea0510..e3dc116a05f5a 100644
--- a/lib/backend/backend.go
+++ b/lib/backend/backend.go
@@ -60,17 +60,17 @@ type Backend interface {
Update(ctx context.Context, i Item) (*Lease, error)
// Get returns a single item or not found error
- Get(ctx context.Context, key []byte) (*Item, error)
+ Get(ctx context.Context, key Key) (*Item, error)
// GetRange returns query range
- GetRange(ctx context.Context, startKey []byte, endKey []byte, limit int) (*GetResult, error)
+ GetRange(ctx context.Context, startKey, endKey Key, limit int) (*GetResult, error)
// Delete deletes item by key, returns NotFound error
// if item does not exist
- Delete(ctx context.Context, key []byte) error
+ Delete(ctx context.Context, key Key) error
// DeleteRange deletes range of items with keys between startKey and endKey
- DeleteRange(ctx context.Context, startKey, endKey []byte) error
+ DeleteRange(ctx context.Context, startKey, endKey Key) error
// KeepAlive keeps object from expiring, updates lease on the existing object,
// expires contains the new expiry to set on the lease,
@@ -93,7 +93,7 @@ type Backend interface {
}
// IterateRange is a helper for stepping over a range
-func IterateRange(ctx context.Context, bk Backend, startKey []byte, endKey []byte, limit int, fn func([]Item) (stop bool, err error)) error {
+func IterateRange(ctx context.Context, bk Backend, startKey, endKey Key, limit int, fn func([]Item) (stop bool, err error)) error {
if limit == 0 || limit > 10_000 {
limit = 10_000
}
@@ -130,7 +130,7 @@ func IterateRange(ctx context.Context, bk Backend, startKey []byte, endKey []byt
//
// 2. allow individual backends to expose custom streaming methods s.t. the most performant
// impl for a given backend may be used.
-func StreamRange(ctx context.Context, bk Backend, startKey, endKey []byte, pageSize int) stream.Stream[Item] {
+func StreamRange(ctx context.Context, bk Backend, startKey, endKey Key, pageSize int) stream.Stream[Item] {
return stream.PageFunc[Item](func() ([]Item, error) {
if startKey == nil {
return nil, io.EOF
@@ -167,7 +167,7 @@ type Batch interface {
// err = backend.KeepAlive(ctx, lease, expires)
type Lease struct {
// Key is an object representing lease
- Key []byte
+ Key Key
// ID is a lease ID, could be empty
// Deprecated: use Revision instead
ID int64
@@ -187,7 +187,7 @@ type Watch struct {
Name string
// Prefixes specifies prefixes to watch,
// passed to the backend implementation
- Prefixes [][]byte
+ Prefixes []Key
// QueueSize is an optional queue size
QueueSize int
// MetricComponent if set will start reporting
@@ -231,7 +231,7 @@ type Event struct {
// Item is a key value item
type Item struct {
// Key is a key of the key value item
- Key []byte
+ Key Key
// Value is a value of the key value item
Value []byte
// Expires is an optional record expiry time
@@ -287,7 +287,7 @@ const NoLimit = 0
// nextKey returns the next possible key.
// If used with a key prefix, this will return
// the end of the range for that key prefix.
-func nextKey(key []byte) []byte {
+func nextKey(key Key) Key {
end := make([]byte, len(key))
copy(end, key)
for i := len(end) - 1; i >= 0; i-- {
@@ -301,10 +301,10 @@ func nextKey(key []byte) []byte {
return noEnd
}
-var noEnd = []byte{0}
+var noEnd = Key{0}
// RangeEnd returns end of the range for given key.
-func RangeEnd(key []byte) []byte {
+func RangeEnd(key Key) Key {
return nextKey(key)
}
@@ -325,7 +325,7 @@ type KeyedItem interface {
// have the HostID part.
func NextPaginationKey(ki KeyedItem) string {
key := GetPaginationKey(ki)
- return string(nextKey([]byte(key)))
+ return string(nextKey(Key(key)))
}
// GetPaginationKey returns the pagination key given item.
@@ -341,13 +341,13 @@ func GetPaginationKey(ki KeyedItem) string {
// MaskKeyName masks the given key name.
// e.g "123456789" -> "******789"
-func MaskKeyName(keyName string) []byte {
+func MaskKeyName(keyName string) string {
maskedBytes := []byte(keyName)
hiddenBefore := int(0.75 * float64(len(keyName)))
for i := 0; i < hiddenBefore; i++ {
maskedBytes[i] = '*'
}
- return maskedBytes
+ return string(maskedBytes)
}
// Items is a sortable list of backend items
@@ -421,7 +421,7 @@ const Separator = '/'
// NewKey joins parts into path separated by Separator,
// makes sure path always starts with Separator ("/")
-func NewKey(parts ...string) []byte {
+func NewKey(parts ...string) Key {
return internalKey("", parts...)
}
@@ -429,10 +429,10 @@ func NewKey(parts ...string) []byte {
// path of Key. This is to ensure range matching of a path will only
// math child paths and not other paths that have the resulting path
// as a prefix.
-func ExactKey(parts ...string) []byte {
+func ExactKey(parts ...string) Key {
return append(NewKey(parts...), Separator)
}
-func internalKey(internalPrefix string, parts ...string) []byte {
- return []byte(strings.Join(append([]string{internalPrefix}, parts...), string(Separator)))
+func internalKey(internalPrefix string, parts ...string) Key {
+ return Key(strings.Join(append([]string{internalPrefix}, parts...), string(Separator)))
}
diff --git a/lib/backend/buffer.go b/lib/backend/buffer.go
index 7456ce300a43d..98d8ce262011b 100644
--- a/lib/backend/buffer.go
+++ b/lib/backend/buffer.go
@@ -217,7 +217,7 @@ func (c *CircularBuffer) fanOutEvent(r Event) {
}
}
-func removeRedundantPrefixes(prefixes [][]byte) [][]byte {
+func removeRedundantPrefixes(prefixes []Key) []Key {
if len(prefixes) == 0 {
return prefixes
}
diff --git a/lib/backend/buffer_test.go b/lib/backend/buffer_test.go
index bb4b89cd181af..cea117b025406 100644
--- a/lib/backend/buffer_test.go
+++ b/lib/backend/buffer_test.go
@@ -18,6 +18,7 @@ package backend
import (
"context"
+ "fmt"
"testing"
"time"
@@ -48,17 +49,17 @@ func TestWatcherSimple(t *testing.T) {
t.Fatalf("Timeout waiting for event.")
}
- b.Emit(Event{Item: Item{Key: []byte{Separator}, ID: 1}})
+ b.Emit(Event{Item: Item{Key: Key("/1")}})
select {
case e := <-w.Events():
- require.Equal(t, e.Item.ID, int64(1))
+ require.Equal(t, Key("/1"), e.Item.Key)
case <-time.After(100 * time.Millisecond):
t.Fatalf("Timeout waiting for event.")
}
b.Close()
- b.Emit(Event{Item: Item{ID: 2}})
+ b.Emit(Event{Item: Item{Key: Key("/2")}})
select {
case <-w.Done():
@@ -101,12 +102,12 @@ func TestWatcherCapacity(t *testing.T) {
// emit and then consume 10 events. this is much larger than our queue size,
// but should succeed since we consume within our grace period.
for i := 0; i < 10; i++ {
- b.Emit(Event{Item: Item{Key: []byte{Separator}, ID: int64(i + 1)}})
+ b.Emit(Event{Item: Item{Key: Key(fmt.Sprintf("/%d", i+1))}})
}
for i := 0; i < 10; i++ {
select {
case e := <-w.Events():
- require.Equal(t, e.Item.ID, int64(i+1))
+ require.Equal(t, fmt.Sprintf("/%d", i+1), string(e.Item.Key))
default:
t.Fatalf("Expected events to be immediately available")
}
@@ -116,7 +117,7 @@ func TestWatcherCapacity(t *testing.T) {
clock.Advance(gracePeriod + time.Second)
// emit another event, which will cause buffer to reevaluate the grace period.
- b.Emit(Event{Item: Item{Key: []byte{Separator}, ID: int64(11)}})
+ b.Emit(Event{Item: Item{Key: Key("/11")}})
// ensure that buffer did not close watcher, since previously created backlog
// was drained within grace period.
@@ -128,13 +129,13 @@ func TestWatcherCapacity(t *testing.T) {
// create backlog again, and this time advance past grace period without draining it.
for i := 0; i < 10; i++ {
- b.Emit(Event{Item: Item{Key: []byte{Separator}, ID: int64(i + 12)}})
+ b.Emit(Event{Item: Item{Key: Key(fmt.Sprintf("/%d", i+12))}})
}
clock.Advance(gracePeriod + time.Second)
// emit another event, which will cause buffer to realize that watcher is past
// its grace period.
- b.Emit(Event{Item: Item{Key: []byte{Separator}, ID: int64(22)}})
+ b.Emit(Event{Item: Item{Key: Key("/22")}})
select {
case <-w.Done():
@@ -174,7 +175,7 @@ func TestWatcherCreationGracePeriod(t *testing.T) {
// emit enough events to create a backlog
for i := 0; i < queueSize*2; i++ {
- b.Emit(Event{Item: Item{Key: []byte{Separator}}})
+ b.Emit(Event{Item: Item{Key: Key{Separator}}})
}
select {
@@ -189,7 +190,7 @@ func TestWatcherCreationGracePeriod(t *testing.T) {
// advance well past the backlog grace period, but not past the creation grace period
clock.Advance(backlogGracePeriod * 2)
- b.Emit(Event{Item: Item{Key: []byte{Separator}}})
+ b.Emit(Event{Item: Item{Key: Key{Separator}}})
select {
case <-w.Done():
@@ -200,7 +201,7 @@ func TestWatcherCreationGracePeriod(t *testing.T) {
// advance well past creation grace period
clock.Advance(creationGracePeriod)
- b.Emit(Event{Item: Item{Key: []byte{Separator}}})
+ b.Emit(Event{Item: Item{Key: Key{Separator}}})
select {
case <-w.Done():
default:
@@ -236,29 +237,29 @@ func TestWatcherClose(t *testing.T) {
// TestRemoveRedundantPrefixes removes redundant prefixes
func TestRemoveRedundantPrefixes(t *testing.T) {
type tc struct {
- in [][]byte
- out [][]byte
+ in []Key
+ out []Key
}
tcs := []tc{
{
- in: [][]byte{},
- out: [][]byte{},
+ in: []Key{},
+ out: []Key{},
},
{
- in: [][]byte{[]byte("/a")},
- out: [][]byte{[]byte("/a")},
+ in: []Key{Key("/a")},
+ out: []Key{Key("/a")},
},
{
- in: [][]byte{[]byte("/a"), []byte("/")},
- out: [][]byte{[]byte("/")},
+ in: []Key{Key("/a"), Key("/")},
+ out: []Key{Key("/")},
},
{
- in: [][]byte{[]byte("/b"), []byte("/a")},
- out: [][]byte{[]byte("/a"), []byte("/b")},
+ in: []Key{Key("/b"), Key("/a")},
+ out: []Key{Key("/a"), Key("/b")},
},
{
- in: [][]byte{[]byte("/a/b"), []byte("/a"), []byte("/a/b/c"), []byte("/d")},
- out: [][]byte{[]byte("/a"), []byte("/d")},
+ in: []Key{Key("/a/b"), Key("/a"), Key("/a/b/c"), Key("/d")},
+ out: []Key{Key("/a"), Key("/d")},
},
}
for _, tc := range tcs {
@@ -276,7 +277,7 @@ func TestWatcherMulti(t *testing.T) {
defer b.Close()
b.SetInit()
- w, err := b.NewWatcher(ctx, Watch{Prefixes: [][]byte{[]byte("/a"), []byte("/a/b")}})
+ w, err := b.NewWatcher(ctx, Watch{Prefixes: []Key{Key("/a"), Key("/a/b")}})
require.NoError(t, err)
defer w.Close()
@@ -287,11 +288,11 @@ func TestWatcherMulti(t *testing.T) {
t.Fatalf("Timeout waiting for event.")
}
- b.Emit(Event{Item: Item{Key: []byte("/a/b/c"), ID: 1}})
+ b.Emit(Event{Item: Item{Key: Key("/a/b/c")}})
select {
case e := <-w.Events():
- require.Equal(t, e.Item.ID, int64(1))
+ require.Equal(t, Key("/a/b/c"), e.Item.Key)
case <-time.After(100 * time.Millisecond):
t.Fatalf("Timeout waiting for event.")
}
@@ -320,7 +321,7 @@ func TestWatcherReset(t *testing.T) {
t.Fatalf("Timeout waiting for event.")
}
- b.Emit(Event{Item: Item{Key: []byte{Separator}, ID: 1}})
+ b.Emit(Event{Item: Item{Key: Key("/1")}})
b.Clear()
// make sure watcher has been closed
@@ -341,11 +342,11 @@ func TestWatcherReset(t *testing.T) {
t.Fatalf("Timeout waiting for event.")
}
- b.Emit(Event{Item: Item{Key: []byte{Separator}, ID: 2}})
+ b.Emit(Event{Item: Item{Key: Key("/2")}})
select {
case e := <-w2.Events():
- require.Equal(t, e.Item.ID, int64(2))
+ require.Equal(t, Key("/2"), e.Item.Key)
case <-time.After(100 * time.Millisecond):
t.Fatalf("Timeout waiting for event.")
}
@@ -356,10 +357,10 @@ func TestWatcherTree(t *testing.T) {
wt := newWatcherTree()
require.Equal(t, wt.rm(nil), false)
- w1 := &BufferWatcher{Watch: Watch{Prefixes: [][]byte{[]byte("/a"), []byte("/a/a1"), []byte("/c")}}}
- require.Equal(t, wt.rm(w1), false)
+ w1 := &BufferWatcher{Watch: Watch{Prefixes: []Key{Key("/a"), Key("/a/a1"), Key("/c")}}}
+ require.False(t, wt.rm(w1))
- w2 := &BufferWatcher{Watch: Watch{Prefixes: [][]byte{[]byte("/a")}}}
+ w2 := &BufferWatcher{Watch: Watch{Prefixes: []Key{Key("/a")}}}
wt.add(w1)
wt.add(w2)
diff --git a/lib/backend/dynamo/dynamodbbk.go b/lib/backend/dynamo/dynamodbbk.go
index f8d2aa3742b75..4aba248313395 100644
--- a/lib/backend/dynamo/dynamodbbk.go
+++ b/lib/backend/dynamo/dynamodbbk.go
@@ -381,7 +381,7 @@ func (b *Backend) Update(ctx context.Context, item backend.Item) (*backend.Lease
}
// GetRange returns range of elements
-func (b *Backend) GetRange(ctx context.Context, startKey []byte, endKey []byte, limit int) (*backend.GetResult, error) {
+func (b *Backend) GetRange(ctx context.Context, startKey, endKey backend.Key, limit int) (*backend.GetResult, error) {
if len(startKey) == 0 {
return nil, trace.BadParameter("missing parameter startKey")
}
@@ -410,7 +410,7 @@ func (b *Backend) GetRange(ctx context.Context, startKey []byte, endKey []byte,
return &backend.GetResult{Items: values}, nil
}
-func (b *Backend) getAllRecords(ctx context.Context, startKey []byte, endKey []byte, limit int) (*getResult, error) {
+func (b *Backend) getAllRecords(ctx context.Context, startKey, endKey backend.Key, limit int) (*getResult, error) {
var result getResult
// this code is being extra careful here not to introduce endless loop
@@ -444,7 +444,7 @@ const (
)
// DeleteRange deletes range of items with keys between startKey and endKey
-func (b *Backend) DeleteRange(ctx context.Context, startKey, endKey []byte) error {
+func (b *Backend) DeleteRange(ctx context.Context, startKey, endKey backend.Key) error {
if len(startKey) == 0 {
return trace.BadParameter("missing parameter startKey")
}
@@ -491,7 +491,7 @@ func (b *Backend) DeleteRange(ctx context.Context, startKey, endKey []byte) erro
}
// Get returns a single item or not found error
-func (b *Backend) Get(ctx context.Context, key []byte) (*backend.Item, error) {
+func (b *Backend) Get(ctx context.Context, key backend.Key) (*backend.Item, error) {
r, err := b.getKey(ctx, key)
if err != nil {
return nil, err
@@ -560,7 +560,7 @@ func (b *Backend) CompareAndSwap(ctx context.Context, expected backend.Item, rep
}
// Delete deletes item by key
-func (b *Backend) Delete(ctx context.Context, key []byte) error {
+func (b *Backend) Delete(ctx context.Context, key backend.Key) error {
if len(key) == 0 {
return trace.BadParameter("missing parameter key")
}
@@ -837,13 +837,13 @@ const (
// prependPrefix adds leading 'teleport/' to the key for backwards compatibility
// with previous implementation of DynamoDB backend
-func prependPrefix(key []byte) string {
+func prependPrefix(key backend.Key) string {
return keyPrefix + string(key)
}
// trimPrefix removes leading 'teleport' from the key
-func trimPrefix(key string) []byte {
- return []byte(strings.TrimPrefix(key, keyPrefix))
+func trimPrefix(key string) backend.Key {
+ return backend.Key(strings.TrimPrefix(key, keyPrefix))
}
// create helper creates a new key/value pair in Dynamo with a given expiration
@@ -884,7 +884,7 @@ func (b *Backend) create(ctx context.Context, item backend.Item, mode int) error
return nil
}
-func (b *Backend) deleteKey(ctx context.Context, key []byte) error {
+func (b *Backend) deleteKey(ctx context.Context, key backend.Key) error {
av, err := dynamodbattribute.MarshalMap(keyLookup{
HashKey: hashKey,
FullPath: prependPrefix(key),
@@ -899,7 +899,7 @@ func (b *Backend) deleteKey(ctx context.Context, key []byte) error {
return nil
}
-func (b *Backend) deleteKeyIfExpired(ctx context.Context, key []byte) error {
+func (b *Backend) deleteKeyIfExpired(ctx context.Context, key backend.Key) error {
_, err := b.svc.DeleteItemWithContext(ctx, &dynamodb.DeleteItemInput{
TableName: aws.String(b.TableName),
Key: keyToAttributeValueMap(key),
@@ -915,7 +915,7 @@ func (b *Backend) deleteKeyIfExpired(ctx context.Context, key []byte) error {
return trace.Wrap(err)
}
-func (b *Backend) getKey(ctx context.Context, key []byte) (*record, error) {
+func (b *Backend) getKey(ctx context.Context, key backend.Key) (*record, error) {
av, err := dynamodbattribute.MarshalMap(keyLookup{
HashKey: hashKey,
FullPath: prependPrefix(key),
@@ -1001,7 +1001,7 @@ func fullPathToAttributeValueMap(fullPath string) map[string]*dynamodb.Attribute
}
}
-func keyToAttributeValueMap(key []byte) map[string]*dynamodb.AttributeValue {
+func keyToAttributeValueMap(key backend.Key) map[string]*dynamodb.AttributeValue {
return fullPathToAttributeValueMap(prependPrefix(key))
}
diff --git a/lib/backend/etcdbk/etcd.go b/lib/backend/etcdbk/etcd.go
index 205736f7d4466..64a32295c1443 100644
--- a/lib/backend/etcdbk/etcd.go
+++ b/lib/backend/etcdbk/etcd.go
@@ -642,7 +642,7 @@ func (b *EtcdBackend) NewWatcher(ctx context.Context, watch backend.Watch) (back
}
// GetRange returns query range
-func (b *EtcdBackend) GetRange(ctx context.Context, startKey, endKey []byte, limit int) (*backend.GetResult, error) {
+func (b *EtcdBackend) GetRange(ctx context.Context, startKey, endKey backend.Key, limit int) (*backend.GetResult, error) {
if len(startKey) == 0 {
return nil, trace.BadParameter("missing parameter startKey")
}
@@ -818,7 +818,7 @@ func (b *EtcdBackend) KeepAlive(ctx context.Context, lease backend.Lease, expire
}
// Get returns a single item or not found error
-func (b *EtcdBackend) Get(ctx context.Context, key []byte) (*backend.Item, error) {
+func (b *EtcdBackend) Get(ctx context.Context, key backend.Key) (*backend.Item, error) {
re, err := b.clients.Next().Get(ctx, b.prependPrefix(key))
if err != nil {
return nil, convertErr(err)
@@ -835,7 +835,7 @@ func (b *EtcdBackend) Get(ctx context.Context, key []byte) (*backend.Item, error
}
// Delete deletes item by key
-func (b *EtcdBackend) Delete(ctx context.Context, key []byte) error {
+func (b *EtcdBackend) Delete(ctx context.Context, key backend.Key) error {
start := b.clock.Now()
re, err := b.clients.Next().Delete(ctx, b.prependPrefix(key))
writeLatencies.Observe(time.Since(start).Seconds())
@@ -851,7 +851,7 @@ func (b *EtcdBackend) Delete(ctx context.Context, key []byte) error {
}
// DeleteRange deletes range of items with keys between startKey and endKey
-func (b *EtcdBackend) DeleteRange(ctx context.Context, startKey, endKey []byte) error {
+func (b *EtcdBackend) DeleteRange(ctx context.Context, startKey, endKey backend.Key) error {
if len(startKey) == 0 {
return trace.BadParameter("missing parameter startKey")
}
@@ -1018,10 +1018,10 @@ func fromType(eventType mvccpb.Event_EventType) types.OpType {
}
}
-func (b *EtcdBackend) trimPrefix(in []byte) []byte {
- return bytes.TrimPrefix(in, []byte(b.cfg.Key))
+func (b *EtcdBackend) trimPrefix(in backend.Key) backend.Key {
+ return bytes.TrimPrefix(in, backend.Key(b.cfg.Key))
}
-func (b *EtcdBackend) prependPrefix(in []byte) string {
+func (b *EtcdBackend) prependPrefix(in backend.Key) string {
return b.cfg.Key + string(in)
}
diff --git a/lib/backend/etcdbk/etcd_test.go b/lib/backend/etcdbk/etcd_test.go
index 8c4c1d396f36c..df1f76f1326ef 100644
--- a/lib/backend/etcdbk/etcd_test.go
+++ b/lib/backend/etcdbk/etcd_test.go
@@ -116,7 +116,7 @@ func TestPrefix(t *testing.T) {
// When I push an item with a key starting with "/" into etcd via the
// _prefixed_ client...
item := backend.Item{
- Key: []byte("/foo"),
+ Key: backend.Key("/foo"),
Value: []byte("bar"),
}
_, err = prefixedUut.Put(ctx, item)
@@ -134,7 +134,7 @@ func TestPrefix(t *testing.T) {
// When I push an item with a key that does _not_ start with a separator
// char (i.e. "/") into etcd via the _prefixed_ client...
item = backend.Item{
- Key: []byte("foo"),
+ Key: backend.Key("foo"),
Value: []byte("bar"),
}
_, err = prefixedUut.Put(ctx, item)
diff --git a/lib/backend/firestore/firestorebk.go b/lib/backend/firestore/firestorebk.go
index e20bcb0654738..a2417ee011cc3 100644
--- a/lib/backend/firestore/firestorebk.go
+++ b/lib/backend/firestore/firestorebk.go
@@ -107,11 +107,11 @@ type Backend struct {
}
type record struct {
- Key []byte `firestore:"key,omitempty"`
- Timestamp int64 `firestore:"timestamp,omitempty"`
- Expires int64 `firestore:"expires,omitempty"`
- ID int64 `firestore:"id,omitempty"`
- Value []byte `firestore:"value,omitempty"`
+ Key backend.Key `firestore:"key,omitempty"`
+ Timestamp int64 `firestore:"timestamp,omitempty"`
+ Expires int64 `firestore:"expires,omitempty"`
+ ID int64 `firestore:"id,omitempty"`
+ Value []byte `firestore:"value,omitempty"`
}
// legacyRecord is an older version of record used to marshal backend.Items.
@@ -154,7 +154,7 @@ func newRecordFromDoc(doc *firestore.DocumentSnapshot) (*record, error) {
return nil, ConvertGRPCError(err)
}
r = record{
- Key: []byte(rl.Key),
+ Key: backend.Key(rl.Key),
Value: []byte(rl.Value),
Timestamp: rl.Timestamp,
Expires: rl.Expires,
@@ -382,7 +382,7 @@ func (b *Backend) Update(ctx context.Context, item backend.Item) (*backend.Lease
return b.newLease(item), nil
}
-func (b *Backend) getRangeDocs(ctx context.Context, startKey []byte, endKey []byte, limit int) ([]*firestore.DocumentSnapshot, error) {
+func (b *Backend) getRangeDocs(ctx context.Context, startKey, endKey backend.Key, limit int) ([]*firestore.DocumentSnapshot, error) {
if len(startKey) == 0 {
return nil, trace.BadParameter("missing parameter startKey")
}
@@ -417,7 +417,7 @@ func (b *Backend) getRangeDocs(ctx context.Context, startKey []byte, endKey []by
}
// GetRange returns range of elements
-func (b *Backend) GetRange(ctx context.Context, startKey []byte, endKey []byte, limit int) (*backend.GetResult, error) {
+func (b *Backend) GetRange(ctx context.Context, startKey, endKey backend.Key, limit int) (*backend.GetResult, error) {
docSnaps, err := b.getRangeDocs(ctx, startKey, endKey, limit)
if err != nil {
return nil, trace.Wrap(err)
@@ -456,7 +456,7 @@ func (b *Backend) GetRange(ctx context.Context, startKey []byte, endKey []byte,
}
// DeleteRange deletes range of items with keys between startKey and endKey
-func (b *Backend) DeleteRange(ctx context.Context, startKey, endKey []byte) error {
+func (b *Backend) DeleteRange(ctx context.Context, startKey, endKey backend.Key) error {
docs, err := b.getRangeDocs(ctx, startKey, endKey, backend.DefaultRangeLimit)
if err != nil {
return trace.Wrap(err)
@@ -466,7 +466,7 @@ func (b *Backend) DeleteRange(ctx context.Context, startKey, endKey []byte) erro
}
// Get returns a single item or not found error
-func (b *Backend) Get(ctx context.Context, key []byte) (*backend.Item, error) {
+func (b *Backend) Get(ctx context.Context, key backend.Key) (*backend.Item, error) {
if len(key) == 0 {
return nil, trace.BadParameter("missing parameter key")
}
@@ -550,7 +550,7 @@ func (b *Backend) CompareAndSwap(ctx context.Context, expected backend.Item, rep
}
// Delete deletes item by key
-func (b *Backend) Delete(ctx context.Context, key []byte) error {
+func (b *Backend) Delete(ctx context.Context, key backend.Key) error {
if len(key) == 0 {
return trace.BadParameter("missing parameter key")
}
@@ -638,7 +638,7 @@ func (b *Backend) newLease(item backend.Item) *backend.Lease {
// IDs. See
// https://firebase.google.com/docs/firestore/quotas#collections_documents_and_fields
// for Firestore limitations.
-func (b *Backend) keyToDocumentID(key []byte) string {
+func (b *Backend) keyToDocumentID(key backend.Key) string {
// URL-safe base64 will not have periods or forward slashes.
// This should satisfy the Firestore requirements.
return base64.URLEncoding.EncodeToString(key)
diff --git a/lib/backend/helpers.go b/lib/backend/helpers.go
index 64386e2581a48..f9eae94437032 100644
--- a/lib/backend/helpers.go
+++ b/lib/backend/helpers.go
@@ -27,20 +27,15 @@ import (
)
const (
- flagsPrefix = ".flags"
locksPrefix = ".locks"
)
-func FlagKey(parts ...string) []byte {
- return internalKey(flagsPrefix, parts...)
-}
-
-func lockKey(parts ...string) []byte {
+func lockKey(parts ...string) Key {
return internalKey(locksPrefix, parts...)
}
type Lock struct {
- key []byte
+ key Key
id []byte
ttl time.Duration
}
diff --git a/lib/backend/key.go b/lib/backend/key.go
new file mode 100644
index 0000000000000..2ff85090ef9fd
--- /dev/null
+++ b/lib/backend/key.go
@@ -0,0 +1,20 @@
+// Teleport
+// Copyright (C) 2024 Gravitational, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+
+package backend
+
+// Key is the unique identifier for an [Item].
+type Key = []byte
diff --git a/lib/backend/kubernetes/kubernetes.go b/lib/backend/kubernetes/kubernetes.go
index 04b44ae46f071..40fafcd2f584f 100644
--- a/lib/backend/kubernetes/kubernetes.go
+++ b/lib/backend/kubernetes/kubernetes.go
@@ -219,7 +219,7 @@ func (b *Backend) Exists(ctx context.Context) bool {
// Get reads the secret and extracts the key from it.
// If the secret does not exist or the key is not found it returns trace.Notfound,
// otherwise returns the underlying error.
-func (b *Backend) Get(ctx context.Context, key []byte) (*backend.Item, error) {
+func (b *Backend) Get(ctx context.Context, key backend.Key) (*backend.Item, error) {
b.mu.Lock()
defer b.mu.Unlock()
@@ -258,7 +258,7 @@ func (b *Backend) getSecret(ctx context.Context) (*corev1.Secret, error) {
// readSecretData reads the secret content and extracts the content for key.
// returns an error if the key does not exist or the data is empty.
-func (b *Backend) readSecretData(ctx context.Context, key []byte) (*backend.Item, error) {
+func (b *Backend) readSecretData(ctx context.Context, key backend.Key) (*backend.Item, error) {
secret, err := b.getSecret(ctx)
if err != nil {
return nil, trace.Wrap(err)
@@ -350,7 +350,7 @@ func generateSecretAnnotations(namespace, releaseNameEnv string) map[string]stri
// backendKeyToSecret replaces the "/" with "."
// "/" chars are not allowed in Kubernetes Secret keys.
-func backendKeyToSecret(k []byte) string {
+func backendKeyToSecret(k backend.Key) string {
return strings.ReplaceAll(string(k), "/", ".")
}
diff --git a/lib/backend/kubernetes/kubernetes_test.go b/lib/backend/kubernetes/kubernetes_test.go
index cc04c8f7a7fb6..2a7cb055fac6a 100644
--- a/lib/backend/kubernetes/kubernetes_test.go
+++ b/lib/backend/kubernetes/kubernetes_test.go
@@ -140,7 +140,7 @@ func TestBackend_Get(t *testing.T) {
}
type args struct {
- key []byte
+ key backend.Key
}
tests := []struct {
diff --git a/lib/backend/lite/lite.go b/lib/backend/lite/lite.go
index b578da5f24ba2..6b66d4b0544db 100644
--- a/lib/backend/lite/lite.go
+++ b/lib/backend/lite/lite.go
@@ -682,7 +682,7 @@ func (l *Backend) Update(ctx context.Context, i backend.Item) (*backend.Lease, e
}
// Get returns a single item or not found error
-func (l *Backend) Get(ctx context.Context, key []byte) (*backend.Item, error) {
+func (l *Backend) Get(ctx context.Context, key backend.Key) (*backend.Item, error) {
if len(key) == 0 {
return nil, trace.BadParameter("missing parameter key")
}
@@ -697,7 +697,7 @@ func (l *Backend) Get(ctx context.Context, key []byte) (*backend.Item, error) {
}
// getInTransaction returns an item, works in transaction
-func (l *Backend) getInTransaction(ctx context.Context, key []byte, tx *sql.Tx, item *backend.Item) error {
+func (l *Backend) getInTransaction(ctx context.Context, key backend.Key, tx *sql.Tx, item *backend.Item) error {
// When in mirror mode, don't set the current time so the SELECT query
// returns expired items.
var now time.Time
@@ -725,7 +725,7 @@ func (l *Backend) getInTransaction(ctx context.Context, key []byte, tx *sql.Tx,
}
// GetRange returns query range
-func (l *Backend) GetRange(ctx context.Context, startKey []byte, endKey []byte, limit int) (*backend.GetResult, error) {
+func (l *Backend) GetRange(ctx context.Context, startKey, endKey backend.Key, limit int) (*backend.GetResult, error) {
if len(startKey) == 0 {
return nil, trace.BadParameter("missing parameter startKey")
}
@@ -823,7 +823,7 @@ func (l *Backend) KeepAlive(ctx context.Context, lease backend.Lease, expires ti
})
}
-func (l *Backend) deleteInTransaction(ctx context.Context, key []byte, tx *sql.Tx) error {
+func (l *Backend) deleteInTransaction(ctx context.Context, key backend.Key, tx *sql.Tx) error {
stmt, err := tx.PrepareContext(ctx, "DELETE FROM kv WHERE key = ?")
if err != nil {
return trace.Wrap(err)
@@ -858,7 +858,7 @@ func (l *Backend) deleteInTransaction(ctx context.Context, key []byte, tx *sql.T
// Delete deletes item by key, returns NotFound error
// if item does not exist
-func (l *Backend) Delete(ctx context.Context, key []byte) error {
+func (l *Backend) Delete(ctx context.Context, key backend.Key) error {
if len(key) == 0 {
return trace.BadParameter("missing parameter key")
}
@@ -869,7 +869,7 @@ func (l *Backend) Delete(ctx context.Context, key []byte) error {
// DeleteRange deletes range of items with keys between startKey and endKey
// Note that elements deleted by range do not produce any events
-func (l *Backend) DeleteRange(ctx context.Context, startKey, endKey []byte) error {
+func (l *Backend) DeleteRange(ctx context.Context, startKey, endKey backend.Key) error {
if len(startKey) == 0 {
return trace.BadParameter("missing parameter startKey")
}
@@ -889,7 +889,7 @@ func (l *Backend) DeleteRange(ctx context.Context, startKey, endKey []byte) erro
return trace.Wrap(err)
}
defer rows.Close()
- var keys [][]byte
+ var keys []backend.Key
for rows.Next() {
var key []byte
if err := rows.Scan(&key); err != nil {
diff --git a/lib/backend/lite/periodic.go b/lib/backend/lite/periodic.go
index 6c17502144d25..0b310d49b16a2 100644
--- a/lib/backend/lite/periodic.go
+++ b/lib/backend/lite/periodic.go
@@ -86,7 +86,7 @@ func (l *Backend) removeExpiredKeys() error {
return trace.Wrap(err)
}
defer rows.Close()
- var keys [][]byte
+ var keys []backend.Key
for rows.Next() {
var key []byte
if err := rows.Scan(&key); err != nil {
diff --git a/lib/backend/memory/item.go b/lib/backend/memory/item.go
index 95fb5ee1e43fc..9fe9a9262cce8 100644
--- a/lib/backend/memory/item.go
+++ b/lib/backend/memory/item.go
@@ -48,7 +48,7 @@ func (i *btreeItem) Less(iother btree.Item) bool {
// prefixItem is used for prefix matches on a B-Tree
type prefixItem struct {
// prefix is a prefix to match
- prefix []byte
+ prefix backend.Key
}
// Less is used for Btree operations
diff --git a/lib/backend/memory/memory.go b/lib/backend/memory/memory.go
index 152cb038f2d8e..b1db099f8373d 100644
--- a/lib/backend/memory/memory.go
+++ b/lib/backend/memory/memory.go
@@ -181,7 +181,7 @@ func (m *Memory) Create(ctx context.Context, i backend.Item) (*backend.Lease, er
}
// Get returns a single item or not found error
-func (m *Memory) Get(ctx context.Context, key []byte) (*backend.Item, error) {
+func (m *Memory) Get(ctx context.Context, key backend.Key) (*backend.Item, error) {
if len(key) == 0 {
return nil, trace.BadParameter("missing parameter key")
}
@@ -272,7 +272,7 @@ func (m *Memory) PutRange(ctx context.Context, items []backend.Item) error {
// Delete deletes item by key, returns NotFound error
// if item does not exist
-func (m *Memory) Delete(ctx context.Context, key []byte) error {
+func (m *Memory) Delete(ctx context.Context, key backend.Key) error {
if len(key) == 0 {
return trace.BadParameter("missing parameter key")
}
@@ -297,7 +297,7 @@ func (m *Memory) Delete(ctx context.Context, key []byte) error {
// DeleteRange deletes range of items with keys between startKey and endKey
// Note that elements deleted by range do not produce any events
-func (m *Memory) DeleteRange(ctx context.Context, startKey, endKey []byte) error {
+func (m *Memory) DeleteRange(ctx context.Context, startKey, endKey backend.Key) error {
if len(startKey) == 0 {
return trace.BadParameter("missing parameter startKey")
}
@@ -322,7 +322,7 @@ func (m *Memory) DeleteRange(ctx context.Context, startKey, endKey []byte) error
}
// GetRange returns query range
-func (m *Memory) GetRange(ctx context.Context, startKey []byte, endKey []byte, limit int) (*backend.GetResult, error) {
+func (m *Memory) GetRange(ctx context.Context, startKey, endKey backend.Key, limit int) (*backend.GetResult, error) {
if len(startKey) == 0 {
return nil, trace.BadParameter("missing parameter startKey")
}
@@ -416,7 +416,7 @@ func (m *Memory) generateID() int64 {
return atomic.AddInt64(&m.nextID, 1)
}
-func (m *Memory) getRange(ctx context.Context, startKey, endKey []byte, limit int) backend.GetResult {
+func (m *Memory) getRange(ctx context.Context, startKey, endKey backend.Key, limit int) backend.GetResult {
var res backend.GetResult
m.tree.AscendRange(&btreeItem{Item: backend.Item{Key: startKey}}, &btreeItem{Item: backend.Item{Key: endKey}}, func(item *btreeItem) bool {
res.Items = append(res.Items, item.Item)
diff --git a/lib/backend/pgbk/pgbk.go b/lib/backend/pgbk/pgbk.go
index b8ebb9daf17cb..59443880aefd6 100644
--- a/lib/backend/pgbk/pgbk.go
+++ b/lib/backend/pgbk/pgbk.go
@@ -357,7 +357,7 @@ func (b *Backend) Update(ctx context.Context, i backend.Item) (*backend.Lease, e
}
// Get implements [backend.Backend].
-func (b *Backend) Get(ctx context.Context, key []byte) (*backend.Item, error) {
+func (b *Backend) Get(ctx context.Context, key backend.Key) (*backend.Item, error) {
item, err := pgcommon.RetryIdempotent(ctx, b.log, func() (*backend.Item, error) {
batch := new(pgx.Batch)
// batches run in an implicit transaction
@@ -403,7 +403,7 @@ func (b *Backend) Get(ctx context.Context, key []byte) (*backend.Item, error) {
}
// GetRange implements [backend.Backend].
-func (b *Backend) GetRange(ctx context.Context, startKey []byte, endKey []byte, limit int) (*backend.GetResult, error) {
+func (b *Backend) GetRange(ctx context.Context, startKey, endKey backend.Key, limit int) (*backend.GetResult, error) {
if limit <= 0 {
limit = backend.DefaultRangeLimit
}
@@ -454,7 +454,7 @@ func (b *Backend) GetRange(ctx context.Context, startKey []byte, endKey []byte,
}
// Delete implements [backend.Backend].
-func (b *Backend) Delete(ctx context.Context, key []byte) error {
+func (b *Backend) Delete(ctx context.Context, key backend.Key) error {
deleted, err := pgcommon.Retry(ctx, b.log, func() (bool, error) {
tag, err := b.pool.Exec(ctx,
"DELETE FROM kv WHERE kv.key = $1 AND (kv.expires IS NULL OR kv.expires > now())", nonNil(key))
@@ -474,7 +474,7 @@ func (b *Backend) Delete(ctx context.Context, key []byte) error {
}
// DeleteRange implements [backend.Backend].
-func (b *Backend) DeleteRange(ctx context.Context, startKey []byte, endKey []byte) error {
+func (b *Backend) DeleteRange(ctx context.Context, startKey, endKey backend.Key) error {
// this is the only backend operation that might affect a disproportionate
// amount of rows at the same time; in actual operation, DeleteRange hardly
// ever deletes more than dozens of items at once, and logical decoding
diff --git a/lib/backend/pgbk/wal2json_test.go b/lib/backend/pgbk/wal2json_test.go
index eebbda9caec29..4078784bba4cb 100644
--- a/lib/backend/pgbk/wal2json_test.go
+++ b/lib/backend/pgbk/wal2json_test.go
@@ -153,7 +153,7 @@ func TestMessage(t *testing.T) {
require.Empty(t, cmp.Diff(evs[0], backend.Event{
Type: types.OpPut,
Item: backend.Item{
- Key: []byte("foo"),
+ Key: backend.Key("foo"),
Value: []byte(""),
ID: idFromRevision(rev),
},
@@ -177,7 +177,7 @@ func TestMessage(t *testing.T) {
require.Empty(t, cmp.Diff(evs[0], backend.Event{
Type: types.OpPut,
Item: backend.Item{
- Key: []byte("foo"),
+ Key: backend.Key("foo"),
Value: []byte("foo2"),
ID: idFromRevision(rev),
},
@@ -205,13 +205,13 @@ func TestMessage(t *testing.T) {
require.Empty(t, cmp.Diff(evs[0], backend.Event{
Type: types.OpDelete,
Item: backend.Item{
- Key: []byte("foo"),
+ Key: backend.Key("foo"),
},
}))
require.Empty(t, cmp.Diff(evs[1], backend.Event{
Type: types.OpPut,
Item: backend.Item{
- Key: []byte("foo2"),
+ Key: backend.Key("foo2"),
Value: []byte("foo2"),
Expires: time.Date(2023, 9, 5, 15, 57, 1, 340426000, time.UTC),
ID: idFromRevision(rev),
@@ -248,7 +248,7 @@ func TestMessage(t *testing.T) {
require.Empty(t, cmp.Diff(evs[0], backend.Event{
Type: types.OpDelete,
Item: backend.Item{
- Key: []byte("foo"),
+ Key: backend.Key("foo"),
},
}))
}
diff --git a/lib/backend/report.go b/lib/backend/report.go
index b661ecd7b7f51..3585a83581fee 100644
--- a/lib/backend/report.go
+++ b/lib/backend/report.go
@@ -118,7 +118,7 @@ func (s *Reporter) GetName() string {
}
// GetRange returns query range
-func (s *Reporter) GetRange(ctx context.Context, startKey []byte, endKey []byte, limit int) (*GetResult, error) {
+func (s *Reporter) GetRange(ctx context.Context, startKey, endKey Key, limit int) (*GetResult, error) {
ctx, span := s.Tracer.Start(
ctx,
"backend/GetRange",
@@ -220,7 +220,7 @@ func (s *Reporter) Update(ctx context.Context, i Item) (*Lease, error) {
}
// Get returns a single item or not found error
-func (s *Reporter) Get(ctx context.Context, key []byte) (*Item, error) {
+func (s *Reporter) Get(ctx context.Context, key Key) (*Item, error) {
ctx, span := s.Tracer.Start(
ctx,
"backend/Get",
@@ -265,7 +265,7 @@ func (s *Reporter) CompareAndSwap(ctx context.Context, expected Item, replaceWit
}
// Delete deletes item by key
-func (s *Reporter) Delete(ctx context.Context, key []byte) error {
+func (s *Reporter) Delete(ctx context.Context, key Key) error {
ctx, span := s.Tracer.Start(
ctx,
"backend/Delete",
@@ -287,7 +287,7 @@ func (s *Reporter) Delete(ctx context.Context, key []byte) error {
}
// DeleteRange deletes range of items
-func (s *Reporter) DeleteRange(ctx context.Context, startKey []byte, endKey []byte) error {
+func (s *Reporter) DeleteRange(ctx context.Context, startKey, endKey Key) error {
ctx, span := s.Tracer.Start(
ctx,
"backend/DeleteRange",
@@ -376,7 +376,7 @@ type topRequestsCacheKey struct {
}
// trackRequests tracks top requests, endKey is supplied for ranges
-func (s *Reporter) trackRequest(opType types.OpType, key []byte, endKey []byte) {
+func (s *Reporter) trackRequest(opType types.OpType, key Key, endKey Key) {
if len(key) == 0 {
return
}
@@ -446,7 +446,7 @@ func buildKeyLabel(key string, sensitivePrefixes, singletonPrefixes []string, is
// if the first non-empty segment is a secret range and there are at least two non-empty
// segments, then the second non-empty segment should be masked.
if finalLen-realStart > 1 && slices.Contains(sensitivePrefixes, parts[realStart]) {
- parts[realStart+1] = string(MaskKeyName(parts[realStart+1]))
+ parts[realStart+1] = MaskKeyName(parts[realStart+1])
}
return strings.Join(parts[:finalLen], string(Separator))
diff --git a/lib/backend/sanitize.go b/lib/backend/sanitize.go
index c36828b4ca0e4..11cf6c3d649ff 100644
--- a/lib/backend/sanitize.go
+++ b/lib/backend/sanitize.go
@@ -40,12 +40,12 @@ var denyPatterns = []*regexp.Regexp{
}
// isKeySafe checks if the passed in key conforms to whitelist
-func isKeySafe(s []byte) bool {
+func isKeySafe(s Key) bool {
return allowPattern.Match(s) && !denyPatternsMatch(s) && utf8.Valid(s)
}
// denyPatternsMatch checks if the passed in key conforms to the deny patterns.
-func denyPatternsMatch(s []byte) bool {
+func denyPatternsMatch(s Key) bool {
for _, pattern := range denyPatterns {
if pattern.Match(s) {
return true
@@ -69,7 +69,7 @@ func NewSanitizer(backend Backend) *Sanitizer {
}
// GetRange returns query range
-func (s *Sanitizer) GetRange(ctx context.Context, startKey []byte, endKey []byte, limit int) (*GetResult, error) {
+func (s *Sanitizer) GetRange(ctx context.Context, startKey, endKey Key, limit int) (*GetResult, error) {
if !isKeySafe(startKey) {
return nil, trace.BadParameter(errorMessage, startKey)
}
@@ -104,7 +104,7 @@ func (s *Sanitizer) Update(ctx context.Context, i Item) (*Lease, error) {
}
// Get returns a single item or not found error
-func (s *Sanitizer) Get(ctx context.Context, key []byte) (*Item, error) {
+func (s *Sanitizer) Get(ctx context.Context, key Key) (*Item, error) {
if !isKeySafe(key) {
return nil, trace.BadParameter(errorMessage, key)
}
@@ -122,7 +122,7 @@ func (s *Sanitizer) CompareAndSwap(ctx context.Context, expected Item, replaceWi
}
// Delete deletes item by key
-func (s *Sanitizer) Delete(ctx context.Context, key []byte) error {
+func (s *Sanitizer) Delete(ctx context.Context, key Key) error {
if !isKeySafe(key) {
return trace.BadParameter(errorMessage, key)
}
@@ -130,7 +130,7 @@ func (s *Sanitizer) Delete(ctx context.Context, key []byte) error {
}
// DeleteRange deletes range of items
-func (s *Sanitizer) DeleteRange(ctx context.Context, startKey []byte, endKey []byte) error {
+func (s *Sanitizer) DeleteRange(ctx context.Context, startKey, endKey Key) error {
// we only validate the start key, since we often compute the end key
// in order to delete a bunch of related entries
if !isKeySafe(startKey) {
diff --git a/lib/backend/sanitize_test.go b/lib/backend/sanitize_test.go
index dca2b696014be..939e9749f810f 100644
--- a/lib/backend/sanitize_test.go
+++ b/lib/backend/sanitize_test.go
@@ -142,11 +142,11 @@ func (n *nopBackend) GetName() string {
return "nop"
}
-func (n *nopBackend) Get(_ context.Context, _ []byte) (*Item, error) {
+func (n *nopBackend) Get(_ context.Context, _ Key) (*Item, error) {
return &Item{}, nil
}
-func (n *nopBackend) GetRange(_ context.Context, startKey []byte, endKey []byte, limit int) (*GetResult, error) {
+func (n *nopBackend) GetRange(_ context.Context, startKey, endKey Key, limit int) (*GetResult, error) {
return &GetResult{Items: []Item{
{Key: []byte("foo"), Value: []byte("bar")},
}}, nil
@@ -168,7 +168,7 @@ func (n *nopBackend) CompareAndSwap(_ context.Context, _ Item, _ Item) (*Lease,
return &Lease{}, nil
}
-func (n *nopBackend) Delete(_ context.Context, _ []byte) error {
+func (n *nopBackend) Delete(_ context.Context, _ Key) error {
return nil
}
diff --git a/lib/backend/test/suite.go b/lib/backend/test/suite.go
index b9265eb21b6e2..950e3a025e738 100644
--- a/lib/backend/test/suite.go
+++ b/lib/backend/test/suite.go
@@ -516,7 +516,7 @@ func testKeepAlive(t *testing.T, newBackend Constructor) {
defer cancel()
// When I create a new watcher...
- watcher, err := uut.NewWatcher(ctx, backend.Watch{Prefixes: [][]byte{prefix("")}})
+ watcher, err := uut.NewWatcher(ctx, backend.Watch{Prefixes: []backend.Key{prefix("")}})
require.NoError(t, err)
defer func() { require.NoError(t, watcher.Close()) }()
@@ -578,7 +578,7 @@ func testEvents(t *testing.T, newBackend Constructor) {
defer cancel()
// Create a new watcher for the test prefix.
- watcher, err := uut.NewWatcher(ctx, backend.Watch{Prefixes: [][]byte{prefix("")}})
+ watcher, err := uut.NewWatcher(ctx, backend.Watch{Prefixes: []backend.Key{prefix("")}})
require.NoError(t, err)
defer func() { require.NoError(t, watcher.Close()) }()
@@ -706,7 +706,7 @@ func testLimit(t *testing.T, newBackend Constructor) {
// requireEvent asserts that a given event type with the given key is emitted
// by a watcher within the supplied timeout, returning that event for further
// inspection if successful.
-func requireEvent(t *testing.T, watcher backend.Watcher, eventType types.OpType, key []byte, timeout time.Duration) backend.Event {
+func requireEvent(t *testing.T, watcher backend.Watcher, eventType types.OpType, key backend.Key, timeout time.Duration) backend.Event {
t.Helper()
select {
case e := <-watcher.Events():
@@ -755,7 +755,7 @@ func testWatchersClose(t *testing.T, newBackend Constructor) {
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
- watcher, err := uut.NewWatcher(ctx, backend.Watch{Prefixes: [][]byte{prefix("")}})
+ watcher, err := uut.NewWatcher(ctx, backend.Watch{Prefixes: []backend.Key{prefix("")}})
require.NoError(t, err)
// cancel context -> get watcher to close
@@ -768,7 +768,7 @@ func testWatchersClose(t *testing.T, newBackend Constructor) {
}
// closing backend should close associated watcher too
- watcher, err = uut.NewWatcher(context.Background(), backend.Watch{Prefixes: [][]byte{prefix("")}})
+ watcher, err = uut.NewWatcher(context.Background(), backend.Watch{Prefixes: []backend.Key{prefix("")}})
require.NoError(t, err)
require.NoError(t, uut.Close())
@@ -1026,7 +1026,7 @@ func testMirror(t *testing.T, newBackend Constructor) {
defer cancel()
// Create a new watcher for the test prefix.
- watcher, err := uut.NewWatcher(ctx, backend.Watch{Prefixes: [][]byte{prefix("")}})
+ watcher, err := uut.NewWatcher(ctx, backend.Watch{Prefixes: []backend.Key{prefix("")}})
require.NoError(t, err)
defer func() { require.NoError(t, watcher.Close()) }()
@@ -1092,7 +1092,7 @@ func testMirror(t *testing.T, newBackend Constructor) {
require.NoError(t, err)
}
-func AddItem(ctx context.Context, t *testing.T, uut backend.Backend, key []byte, value string, expires time.Time) (backend.Item, backend.Lease) {
+func AddItem(ctx context.Context, t *testing.T, uut backend.Backend, key backend.Key, value string, expires time.Time) (backend.Item, backend.Lease) {
t.Helper()
item := backend.Item{
Key: key,
@@ -1123,9 +1123,9 @@ func requireWaitGroupToFinish(ctx context.Context, t *testing.T, waitGroup *sync
// MakePrefix returns function that appends unique prefix
// to any key, used to make test suite concurrent-run proof
-func MakePrefix() func(k string) []byte {
+func MakePrefix() func(k string) backend.Key {
id := "/" + uuid.New().String()
- return func(k string) []byte {
- return []byte(id + k)
+ return func(k string) backend.Key {
+ return backend.Key(id + k)
}
}
diff --git a/lib/backend/wrap.go b/lib/backend/wrap.go
index 3994229b19f9b..a4d2581911b55 100644
--- a/lib/backend/wrap.go
+++ b/lib/backend/wrap.go
@@ -62,7 +62,7 @@ func (s *Wrapper) SetReadError(err error) {
}
// GetRange returns query range
-func (s *Wrapper) GetRange(ctx context.Context, startKey []byte, endKey []byte, limit int) (*GetResult, error) {
+func (s *Wrapper) GetRange(ctx context.Context, startKey, endKey Key, limit int) (*GetResult, error) {
if err := s.GetReadError(); err != nil {
return nil, trace.Wrap(err)
}
@@ -86,7 +86,7 @@ func (s *Wrapper) Update(ctx context.Context, i Item) (*Lease, error) {
}
// Get returns a single item or not found error
-func (s *Wrapper) Get(ctx context.Context, key []byte) (*Item, error) {
+func (s *Wrapper) Get(ctx context.Context, key Key) (*Item, error) {
if err := s.GetReadError(); err != nil {
return nil, trace.Wrap(err)
}
@@ -100,12 +100,12 @@ func (s *Wrapper) CompareAndSwap(ctx context.Context, expected Item, replaceWith
}
// Delete deletes item by key
-func (s *Wrapper) Delete(ctx context.Context, key []byte) error {
+func (s *Wrapper) Delete(ctx context.Context, key Key) error {
return s.backend.Delete(ctx, key)
}
// DeleteRange deletes range of items
-func (s *Wrapper) DeleteRange(ctx context.Context, startKey []byte, endKey []byte) error {
+func (s *Wrapper) DeleteRange(ctx context.Context, startKey, endKey Key) error {
return s.backend.DeleteRange(ctx, startKey, endKey)
}
diff --git a/lib/service/service.go b/lib/service/service.go
index 6b3b56f290803..2de84fb9d67af 100644
--- a/lib/service/service.go
+++ b/lib/service/service.go
@@ -6134,7 +6134,7 @@ type kubernetesBackend interface {
// exists, updates it otherwise)
Put(ctx context.Context, i backend.Item) (*backend.Lease, error)
// Get returns a single item or not found error
- Get(ctx context.Context, key []byte) (*backend.Item, error)
+ Get(ctx context.Context, key backend.Key) (*backend.Item, error)
}
// readHostIDFromStorages tries to read the `host_uuid` value from different storages,
diff --git a/lib/service/service_test.go b/lib/service/service_test.go
index a3ba37f2a23dc..2e366f90f3051 100644
--- a/lib/service/service_test.go
+++ b/lib/service/service_test.go
@@ -1195,7 +1195,7 @@ func (f *fakeKubeBackend) Put(ctx context.Context, i backend.Item) (*backend.Lea
}
// Get returns a single item or not found error
-func (f *fakeKubeBackend) Get(ctx context.Context, key []byte) (*backend.Item, error) {
+func (f *fakeKubeBackend) Get(ctx context.Context, key backend.Key) (*backend.Item, error) {
return f.getData, f.getErr
}
diff --git a/lib/services/local/dynamic_access.go b/lib/services/local/dynamic_access.go
index 494b6a30c68b8..4b12be98608a8 100644
--- a/lib/services/local/dynamic_access.go
+++ b/lib/services/local/dynamic_access.go
@@ -485,11 +485,11 @@ func itemToAccessRequest(item backend.Item, opts ...services.MarshalOption) (*ty
return req, nil
}
-func accessRequestKey(name string) []byte {
+func accessRequestKey(name string) backend.Key {
return backend.NewKey(accessRequestsPrefix, name, paramsPrefix)
}
-func AccessRequestAllowedPromotionKey(name string) []byte {
+func AccessRequestAllowedPromotionKey(name string) backend.Key {
return backend.NewKey(accessRequestPromotionPrefix, name, paramsPrefix)
}
diff --git a/lib/services/local/events.go b/lib/services/local/events.go
index 4e93345cc5feb..7d12267df3d0d 100644
--- a/lib/services/local/events.go
+++ b/lib/services/local/events.go
@@ -57,7 +57,7 @@ func (e *EventsService) NewWatcher(ctx context.Context, watch types.Watch) (type
validKinds := make([]types.WatchKind, 0, len(watch.Kinds))
var parsers []resourceParser
- var prefixes [][]byte
+ var prefixes []backend.Key
for _, kind := range watch.Kinds {
if kind.Name != "" && kind.Kind != types.KindNamespace {
if watch.AllowPartialSuccess {
@@ -318,26 +318,26 @@ type resourceParser interface {
// parse parses resource from the backend event
parse(event backend.Event) (types.Resource, error)
// match returns true if event key matches
- match(key []byte) bool
+ match(key backend.Key) bool
// prefixes returns prefixes to watch
- prefixes() [][]byte
+ prefixes() []backend.Key
}
// baseParser is a partial implementation of resourceParser for the most common
// resource types (stored under a static prefix).
type baseParser struct {
- matchPrefixes [][]byte
+ matchPrefixes []backend.Key
}
-func newBaseParser(prefixes ...[]byte) baseParser {
+func newBaseParser(prefixes ...backend.Key) baseParser {
return baseParser{matchPrefixes: prefixes}
}
-func (p baseParser) prefixes() [][]byte {
+func (p baseParser) prefixes() []backend.Key {
return p.matchPrefixes
}
-func (p baseParser) match(key []byte) bool {
+func (p baseParser) match(key backend.Key) bool {
for _, prefix := range p.matchPrefixes {
if bytes.HasPrefix(key, prefix) {
return true
@@ -682,7 +682,7 @@ type namespaceParser struct {
baseParser
}
-func (p *namespaceParser) match(key []byte) bool {
+func (p *namespaceParser) match(key backend.Key) bool {
// namespaces are stored under key '/namespaces//params'
// and this code matches similar pattern
return p.baseParser.match(key) &&
@@ -752,15 +752,15 @@ func newAccessRequestParser(m map[string]string) (*accessRequestParser, error) {
type accessRequestParser struct {
filter types.AccessRequestFilter
- matchPrefix []byte
- matchSuffix []byte
+ matchPrefix backend.Key
+ matchSuffix backend.Key
}
-func (p *accessRequestParser) prefixes() [][]byte {
- return [][]byte{p.matchPrefix}
+func (p *accessRequestParser) prefixes() []backend.Key {
+ return []backend.Key{p.matchPrefix}
}
-func (p *accessRequestParser) match(key []byte) bool {
+func (p *accessRequestParser) match(key backend.Key) bool {
if !bytes.HasPrefix(key, p.matchPrefix) {
return false
}
@@ -798,7 +798,7 @@ type userParser struct {
baseParser
}
-func (p *userParser) match(key []byte) bool {
+func (p *userParser) match(key backend.Key) bool {
// users are stored under key '/web/users//params'
// and this code matches similar pattern
return p.baseParser.match(key) &&
@@ -1283,14 +1283,14 @@ func newRemoteClusterParser() *remoteClusterParser {
}
type remoteClusterParser struct {
- matchPrefix []byte
+ matchPrefix backend.Key
}
-func (p *remoteClusterParser) prefixes() [][]byte {
- return [][]byte{p.matchPrefix}
+func (p *remoteClusterParser) prefixes() []backend.Key {
+ return []backend.Key{p.matchPrefix}
}
-func (p *remoteClusterParser) match(key []byte) bool {
+func (p *remoteClusterParser) match(key backend.Key) bool {
return bytes.HasPrefix(key, p.matchPrefix)
}
@@ -1346,14 +1346,14 @@ func newNetworkRestrictionsParser() *networkRestrictionsParser {
}
type networkRestrictionsParser struct {
- matchPrefix []byte
+ matchPrefix backend.Key
}
-func (p *networkRestrictionsParser) prefixes() [][]byte {
- return [][]byte{p.matchPrefix}
+func (p *networkRestrictionsParser) prefixes() []backend.Key {
+ return []backend.Key{p.matchPrefix}
}
-func (p *networkRestrictionsParser) match(key []byte) bool {
+func (p *networkRestrictionsParser) match(key backend.Key) bool {
return bytes.HasPrefix(key, p.matchPrefix)
}
@@ -2055,7 +2055,7 @@ type EventMatcher interface {
// base returns last element delimited by separator, index is
// is an index of the key part to get counting from the end
-func base(key []byte, offset int) ([]byte, error) {
+func base(key backend.Key, offset int) ([]byte, error) {
parts := bytes.Split(key, []byte{backend.Separator})
if len(parts) < offset+1 {
return nil, trace.NotFound("failed parsing %v", string(key))
@@ -2064,7 +2064,7 @@ func base(key []byte, offset int) ([]byte, error) {
}
// baseTwoKeys returns two last keys
-func baseTwoKeys(key []byte) (string, string, error) {
+func baseTwoKeys(key backend.Key) (string, string, error) {
parts := bytes.Split(key, []byte{backend.Separator})
if len(parts) < 2 {
return "", "", trace.NotFound("failed parsing %v", string(key))
diff --git a/lib/services/local/externalauditstorage.go b/lib/services/local/externalauditstorage.go
index 954c730e43d74..f42e0ec33fca8 100644
--- a/lib/services/local/externalauditstorage.go
+++ b/lib/services/local/externalauditstorage.go
@@ -241,7 +241,7 @@ func (s *ExternalAuditStorageService) DisableClusterExternalAuditStorage(ctx con
// checkAWSIntegration checks that [integrationName] names an AWS OIDC integration that currently exists, and
// returns the backend key and revision if the AWS OIDC integration.
-func (s *ExternalAuditStorageService) checkAWSIntegration(ctx context.Context, integrationName string) (key []byte, revision string, err error) {
+func (s *ExternalAuditStorageService) checkAWSIntegration(ctx context.Context, integrationName string) (key backend.Key, revision string, err error) {
integrationsSvc, err := NewIntegrationsService(s.backend)
if err != nil {
return nil, "", trace.Wrap(err)
@@ -256,7 +256,7 @@ func (s *ExternalAuditStorageService) checkAWSIntegration(ctx context.Context, i
return integrationsSvc.svc.MakeKey(integrationName), integration.GetRevision(), nil
}
-func getExternalAuditStorage(ctx context.Context, bk backend.Backend, key []byte) (*externalauditstorage.ExternalAuditStorage, error) {
+func getExternalAuditStorage(ctx context.Context, bk backend.Backend, key backend.Key) (*externalauditstorage.ExternalAuditStorage, error) {
item, err := bk.Get(ctx, key)
if err != nil {
return nil, trace.Wrap(err)
diff --git a/lib/services/local/externalauditstorage_watcher.go b/lib/services/local/externalauditstorage_watcher.go
index af44537fe6ce9..2a610d89ee5f1 100644
--- a/lib/services/local/externalauditstorage_watcher.go
+++ b/lib/services/local/externalauditstorage_watcher.go
@@ -169,7 +169,7 @@ func (w *ClusterExternalAuditWatcher) watch(ctx context.Context) error {
func (w *ClusterExternalAuditWatcher) newWatcher(ctx context.Context) (backend.Watcher, error) {
watcher, err := w.backend.NewWatcher(ctx, backend.Watch{
Name: types.KindExternalAuditStorage,
- Prefixes: [][]byte{clusterExternalAuditStorageBackendKey},
+ Prefixes: []backend.Key{clusterExternalAuditStorageBackendKey},
})
if err != nil {
return nil, trace.Wrap(err)
diff --git a/lib/services/local/generic/generic.go b/lib/services/local/generic/generic.go
index e90f9b60467ae..2cc475d1f13fb 100644
--- a/lib/services/local/generic/generic.go
+++ b/lib/services/local/generic/generic.go
@@ -372,7 +372,7 @@ func (s *Service[T]) MakeBackendItem(resource T, name string) (backend.Item, err
}
// MakeKey will make a key for the service given a name.
-func (s *Service[T]) MakeKey(name string) []byte {
+func (s *Service[T]) MakeKey(name string) backend.Key {
return backend.NewKey(s.backendPrefix, name)
}
diff --git a/lib/services/local/generic/helpers.go b/lib/services/local/generic/helpers.go
index e681f21deb795..9d647baaa0d75 100644
--- a/lib/services/local/generic/helpers.go
+++ b/lib/services/local/generic/helpers.go
@@ -58,7 +58,7 @@ type MarshalableResource interface {
// signature used elsewhere and therefore may not be the best choice for all use cases, but it
// has the benefit of being simpler to use and not requiring the caller to undergo the revision/expiry
// ceremony at each call site.
-func FastMarshal[T MarshalableResource](key []byte, r T) (backend.Item, error) {
+func FastMarshal[T MarshalableResource](key backend.Key, r T) (backend.Item, error) {
value, err := utils.FastMarshal(r)
if err != nil {
return backend.Item{}, err
diff --git a/lib/services/local/generic/nonce.go b/lib/services/local/generic/nonce.go
index 8d9a37b232775..c1e6c91e9013c 100644
--- a/lib/services/local/generic/nonce.go
+++ b/lib/services/local/generic/nonce.go
@@ -48,7 +48,7 @@ type nonceProtectedResource interface {
// FastUpdateNonceProtectedResource is a helper for updating a resource that is protected by a nonce. The target resource must store
// its nonce value in a top-level 'nonce' field in order for correct nonce semantics to be observed.
-func FastUpdateNonceProtectedResource[T nonceProtectedResource](ctx context.Context, bk backend.Backend, key []byte, resource T) error {
+func FastUpdateNonceProtectedResource[T nonceProtectedResource](ctx context.Context, bk backend.Backend, key backend.Key, resource T) error {
if resource.GetNonce() == math.MaxUint64 {
return fastUpsertNonceProtectedResource(ctx, bk, key, resource)
}
@@ -106,7 +106,7 @@ func FastUpdateNonceProtectedResource[T nonceProtectedResource](ctx context.Cont
// fastUpsertNonceProtectedResource performs an "upsert" while preserving correct nonce ordering. necessary in order to prevent upserts
// from breaking concurrent protected updates.
-func fastUpsertNonceProtectedResource[T nonceProtectedResource](ctx context.Context, bk backend.Backend, key []byte, resource T) error {
+func fastUpsertNonceProtectedResource[T nonceProtectedResource](ctx context.Context, bk backend.Backend, key backend.Key, resource T) error {
const maxRetries = 16
for i := 0; i < maxRetries; i++ {
prev, err := bk.Get(ctx, key)
diff --git a/lib/services/local/generic/nonce_test.go b/lib/services/local/generic/nonce_test.go
index 6989ca1547b15..0dc55fd830686 100644
--- a/lib/services/local/generic/nonce_test.go
+++ b/lib/services/local/generic/nonce_test.go
@@ -60,7 +60,7 @@ func newNoncedResource(name string, nonce uint64) *noncedResource {
}
}
-func fastGetResource[T types.Resource](ctx context.Context, bk backend.Backend, key []byte) (T, error) {
+func fastGetResource[T types.Resource](ctx context.Context, bk backend.Backend, key backend.Key) (T, error) {
var value T
item, err := bk.Get(ctx, key)
diff --git a/lib/services/local/headlessauthn.go b/lib/services/local/headlessauthn.go
index 4f0a2ce55e825..a7b4334dc9ac5 100644
--- a/lib/services/local/headlessauthn.go
+++ b/lib/services/local/headlessauthn.go
@@ -155,6 +155,6 @@ func unmarshalHeadlessAuthentication(data []byte) (*types.HeadlessAuthentication
const headlessAuthenticationPrefix = "headless_authentication"
-func headlessAuthenticationKey(username, name string) []byte {
+func headlessAuthenticationKey(username, name string) backend.Key {
return backend.NewKey(headlessAuthenticationPrefix, usersPrefix, username, name)
}
diff --git a/lib/services/local/headlessauthn_watcher.go b/lib/services/local/headlessauthn_watcher.go
index a4ce5c8f7adbd..80240cd8a7e94 100644
--- a/lib/services/local/headlessauthn_watcher.go
+++ b/lib/services/local/headlessauthn_watcher.go
@@ -204,7 +204,7 @@ func (h *HeadlessAuthenticationWatcher) newWatcher(ctx context.Context) (backend
watcher, err := h.identityService.NewWatcher(ctx, backend.Watch{
Name: types.KindHeadlessAuthentication,
MetricComponent: types.KindHeadlessAuthentication,
- Prefixes: [][]byte{backend.NewKey(headlessAuthenticationPrefix)},
+ Prefixes: []backend.Key{backend.NewKey(headlessAuthenticationPrefix)},
})
if err != nil {
return nil, trace.Wrap(err)
diff --git a/lib/services/local/integrations.go b/lib/services/local/integrations.go
index f1e22e8f084cd..5d8f340b9bde5 100644
--- a/lib/services/local/integrations.go
+++ b/lib/services/local/integrations.go
@@ -140,7 +140,7 @@ func (s *IntegrationsService) DeleteIntegration(ctx context.Context, name string
// notReferencedByEAS checks that integration [name] is not referenced by any EAS (External Audit Storage)
// integration. It should be called under the externalAuditStorageLock only.
func notReferencedByEAS(ctx context.Context, bk backend.Backend, name string) error {
- for _, key := range [][]byte{draftExternalAuditStorageBackendKey, clusterExternalAuditStorageBackendKey} {
+ for _, key := range []backend.Key{draftExternalAuditStorageBackendKey, clusterExternalAuditStorageBackendKey} {
eas, err := getExternalAuditStorage(ctx, bk, key)
if err != nil {
if !trace.IsNotFound(err) {
diff --git a/lib/services/local/plugin_data.go b/lib/services/local/plugin_data.go
index 44dac74849932..795bd610c7d28 100644
--- a/lib/services/local/plugin_data.go
+++ b/lib/services/local/plugin_data.go
@@ -248,7 +248,7 @@ func itemToPluginData(item backend.Item) (types.PluginData, error) {
return data, nil
}
-func pluginDataKey(kind string, name string) []byte {
+func pluginDataKey(kind string, name string) backend.Key {
return backend.NewKey(pluginDataPrefix, kind, name, paramsPrefix)
}
diff --git a/lib/services/local/presence.go b/lib/services/local/presence.go
index 3f21eb83e362d..cdbdf29afe370 100644
--- a/lib/services/local/presence.go
+++ b/lib/services/local/presence.go
@@ -77,7 +77,7 @@ func (s *PresenceService) GetNamespaces() ([]types.Namespace, error) {
}
out := make([]types.Namespace, 0, len(result.Items))
for _, item := range result.Items {
- if !bytes.HasSuffix(item.Key, []byte(paramsPrefix)) {
+ if !bytes.HasSuffix(item.Key, backend.Key(paramsPrefix)) {
continue
}
ns, err := services.UnmarshalNamespace(
@@ -227,7 +227,7 @@ func (s *PresenceService) DeleteServerInfo(ctx context.Context, name string) err
return nil
}
-func serverInfoKey(subkind, name string) []byte {
+func serverInfoKey(subkind, name string) backend.Key {
switch subkind {
case types.SubKindCloudInfo:
return backend.NewKey(serverInfoPrefix, cloudLabelsPrefix, name)
@@ -868,7 +868,7 @@ Acquire:
// initSemaphore attempts to initialize/acquire a semaphore which does not yet exist.
// Returns AlreadyExistsError if the semaphore is concurrently created.
-func (s *PresenceService) initSemaphore(ctx context.Context, key []byte, leaseID string, req types.AcquireSemaphoreRequest) (*types.SemaphoreLease, error) {
+func (s *PresenceService) initSemaphore(ctx context.Context, key backend.Key, leaseID string, req types.AcquireSemaphoreRequest) (*types.SemaphoreLease, error) {
// create a new empty semaphore resource configured to specifically match
// this acquire request.
sem, err := req.ConfigureSemaphore()
@@ -899,7 +899,7 @@ func (s *PresenceService) initSemaphore(ctx context.Context, key []byte, leaseID
// acquireSemaphore attempts to acquire an existing semaphore. Returns NotFoundError if no semaphore exists,
// and CompareFailed if the semaphore was concurrently updated.
-func (s *PresenceService) acquireSemaphore(ctx context.Context, key []byte, leaseID string, req types.AcquireSemaphoreRequest) (*types.SemaphoreLease, error) {
+func (s *PresenceService) acquireSemaphore(ctx context.Context, key backend.Key, leaseID string, req types.AcquireSemaphoreRequest) (*types.SemaphoreLease, error) {
item, err := s.Get(ctx, key)
if err != nil {
return nil, trace.Wrap(err)
@@ -1070,7 +1070,7 @@ func (s *PresenceService) GetSemaphores(ctx context.Context, filter types.Semaph
}
items = append(items, *item)
} else {
- var startKey []byte
+ var startKey backend.Key
if filter.SemaphoreKind != "" {
startKey = backend.ExactKey(semaphoresPrefix, filter.SemaphoreKind)
} else {
@@ -1374,7 +1374,7 @@ func (s *PresenceService) KeepAliveServer(ctx context.Context, h types.KeepAlive
}
// Update the prefix off the type information in the keep alive.
- var key []byte
+ var key backend.Key
switch h.GetType() {
case constants.KeepAliveNode:
key = backend.NewKey(nodesPrefix, h.Namespace, h.Name)
diff --git a/lib/services/local/session.go b/lib/services/local/session.go
index 594557370d3ad..4e76a72a94c7d 100644
--- a/lib/services/local/session.go
+++ b/lib/services/local/session.go
@@ -502,10 +502,10 @@ type webTokens struct {
log logrus.FieldLogger
}
-func webSessionKey(sessionID string) (key []byte) {
+func webSessionKey(sessionID string) backend.Key {
return backend.NewKey(webPrefix, sessionsPrefix, sessionID)
}
-func webTokenKey(token string) (key []byte) {
+func webTokenKey(token string) backend.Key {
return backend.NewKey(webPrefix, tokensPrefix, token)
}
diff --git a/lib/services/local/unstable.go b/lib/services/local/unstable.go
index 931bba92b878e..396cccc3ea0cb 100644
--- a/lib/services/local/unstable.go
+++ b/lib/services/local/unstable.go
@@ -108,7 +108,7 @@ func (s UnstableService) GetSystemRoleAssertions(ctx context.Context, serverID s
return set, nil
}
-func systemRoleAssertionsKey(serverID string, assertionID string) []byte {
+func systemRoleAssertionsKey(serverID string, assertionID string) backend.Key {
return backend.NewKey(systemRoleAssertionsPrefix, serverID, assertionID)
}
diff --git a/lib/services/local/userpreferences.go b/lib/services/local/userpreferences.go
index 249588df54c50..326134fbf63a0 100644
--- a/lib/services/local/userpreferences.go
+++ b/lib/services/local/userpreferences.go
@@ -120,7 +120,7 @@ func (u *UserPreferencesService) getUserPreferences(ctx context.Context, usernam
}
// backendKey returns the backend key for the user preferences for the given username.
-func backendKey(username string) []byte {
+func backendKey(username string) backend.Key {
return backend.NewKey(userPreferencesPrefix, username)
}
diff --git a/lib/services/local/users.go b/lib/services/local/users.go
index 0799a2cd7d527..0be4fafa11841 100644
--- a/lib/services/local/users.go
+++ b/lib/services/local/users.go
@@ -99,7 +99,7 @@ func (s *IdentityService) GetUsers(withSecrets bool) ([]types.User, error) {
}
var out []types.User
for _, item := range result.Items {
- if !bytes.HasSuffix(item.Key, []byte(paramsPrefix)) {
+ if !bytes.HasSuffix(item.Key, backend.Key(paramsPrefix)) {
continue
}
u, err := services.UnmarshalUser(
@@ -701,11 +701,11 @@ func (s *IdentityService) GetTeleportUserByWebauthnID(ctx context.Context, webID
return user.TeleportUser, nil
}
-func webauthnLocalAuthKey(user string) []byte {
+func webauthnLocalAuthKey(user string) backend.Key {
return backend.NewKey(webPrefix, usersPrefix, user, webauthnLocalAuthPrefix)
}
-func webauthnUserKey(id []byte) []byte {
+func webauthnUserKey(id []byte) backend.Key {
key := base64.RawURLEncoding.EncodeToString(id)
return backend.NewKey(webauthnPrefix, usersPrefix, key)
}
@@ -759,7 +759,7 @@ func (s *IdentityService) DeleteWebauthnSessionData(ctx context.Context, user, s
return trace.Wrap(s.Delete(ctx, sessionDataKey(user, sessionID)))
}
-func sessionDataKey(user, sessionID string) []byte {
+func sessionDataKey(user, sessionID string) backend.Key {
return backend.NewKey(webPrefix, usersPrefix, user, webauthnSessionData, sessionID)
}
@@ -870,7 +870,7 @@ func (s *IdentityService) DeleteGlobalWebauthnSessionData(ctx context.Context, s
return nil
}
-func globalSessionDataKey(scope, id string) []byte {
+func globalSessionDataKey(scope, id string) backend.Key {
return backend.NewKey(webauthnPrefix, webauthnGlobalSessionData, scope, id)
}
diff --git a/lib/services/unified_resource.go b/lib/services/unified_resource.go
index a6eddcc95aa48..fd2b0271045ac 100644
--- a/lib/services/unified_resource.go
+++ b/lib/services/unified_resource.go
@@ -202,7 +202,7 @@ func (c *UnifiedResourceCache) getSortTree(sortField string) (*btree.BTreeG[*ite
}
-func (c *UnifiedResourceCache) getRange(ctx context.Context, startKey []byte, matchFn func(types.ResourceWithLabels) (bool, error), req *proto.ListUnifiedResourcesRequest) ([]resource, string, error) {
+func (c *UnifiedResourceCache) getRange(ctx context.Context, startKey backend.Key, matchFn func(types.ResourceWithLabels) (bool, error), req *proto.ListUnifiedResourcesRequest) ([]resource, string, error) {
if len(startKey) == 0 {
return nil, "", trace.BadParameter("missing parameter startKey")
}
@@ -218,7 +218,7 @@ func (c *UnifiedResourceCache) getRange(ctx context.Context, startKey []byte, ma
return trace.Wrap(err, "getting sort tree")
}
var iterateRange func(lessOrEqual, greaterThan *item, iterator btree.ItemIteratorG[*item])
- var endKey []byte
+ var endKey backend.Key
if req.SortBy.IsDesc {
iterateRange = tree.DescendRange
endKey = backend.NewKey(prefix)
@@ -269,10 +269,10 @@ func (c *UnifiedResourceCache) getRange(ctx context.Context, startKey []byte, ma
return res, nextKey, nil
}
-func getStartKey(req *proto.ListUnifiedResourcesRequest) []byte {
+func getStartKey(req *proto.ListUnifiedResourcesRequest) backend.Key {
// if startkey exists, return it
if req.StartKey != "" {
- return []byte(req.StartKey)
+ return backend.Key(req.StartKey)
}
// if startkey doesnt exist, we check the the sort direction.
// If sort is descending, startkey is end of the list
@@ -372,8 +372,8 @@ func resourceKey(resource types.Resource) string {
}
type resourceSortKey struct {
- byName []byte
- byType []byte
+ byName backend.Key
+ byType backend.Key
}
// resourceSortKey will generate a key to be used in the sort trees
@@ -704,7 +704,7 @@ func (i *item) Less(iother btree.Item) bool {
// prefixItem is used for prefix matches on a B-Tree
type prefixItem struct {
// prefix is a prefix to match
- prefix []byte
+ prefix backend.Key
}
// Less is used for Btree operations
@@ -721,7 +721,7 @@ type resource interface {
type item struct {
// Key is a key of the key value item. This will be different based on which sorting tree
// the item is in
- Key []byte
+ Key backend.Key
// Value will be the resourceKey used in the resources map to get the resource
Value string
}
diff --git a/lib/usagereporter/teleport/aggregating/service.go b/lib/usagereporter/teleport/aggregating/service.go
index 1d744d1f01b9d..93b51716295a4 100644
--- a/lib/usagereporter/teleport/aggregating/service.go
+++ b/lib/usagereporter/teleport/aggregating/service.go
@@ -43,7 +43,7 @@ const (
// userActivityReportKey returns the backend key for a user activity report with
// a given UUID and start time, such that reports with an earlier start time
// will appear earlier in lexicographic ordering.
-func userActivityReportKey(reportUUID uuid.UUID, startTime time.Time) []byte {
+func userActivityReportKey(reportUUID uuid.UUID, startTime time.Time) backend.Key {
return backend.NewKey(userActivityReportsPrefix, startTime.Format(time.RFC3339), reportUUID.String())
}
@@ -79,7 +79,7 @@ func prepareUserActivityReports(
// resourcePresenceReportKey returns the backend key for a resource presence report with
// a given UUID and start time, such that reports with an earlier start time
// will appear earlier in lexicographic ordering.
-func resourcePresenceReportKey(reportUUID uuid.UUID, startTime time.Time) []byte {
+func resourcePresenceReportKey(reportUUID uuid.UUID, startTime time.Time) backend.Key {
return backend.NewKey(ResourcePresenceReportsPrefix, startTime.Format(time.RFC3339), reportUUID.String())
}