document resolution request functionality

gravitational · Dec 16, 2024 · fb2bd26 · fb2bd26
1 parent 84d6013
commit fb2bd26
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 2 deletions.
diff --git a/api/client/proto/authservice.pb.go b/api/client/proto/authservice.pb.go
diff --git a/api/proto/teleport/legacy/client/proto/authservice.proto b/api/proto/teleport/legacy/client/proto/authservice.proto
@@ -2146,7 +2146,15 @@ message ListResourcesRequest {
 }
 
 // ResolveSSHTargetRequest provides details about a server to be resolved in
-//  an equivalent manner to a ssh dial request.
+// an equivalent manner to a ssh dial request.
+//
+// Resolution can happen in two modes:
+//  1) searching for hosts based on labels, a predicate expression, or keywords
+//  2) searching based on hostname
+//
+// If a Host is provided, resolution will only operate in the second mode and
+// will not perform any resolution based on labels. In order to resolve via
+// labels the Host must not be populated.
 message ResolveSSHTargetRequest {
   // Host is the target host as would be sent to the proxy during a dial request.
   string Host = 1;

diff --git a/lib/auth/auth_with_roles.go b/lib/auth/auth_with_roles.go
@@ -1693,6 +1693,10 @@ func (a *ServerWithRoles) ResolveSSHTarget(ctx context.Context, req *proto.Resol
 	var servers []*types.ServerV2
 	switch {
 	case req.Host != "":
+		if len(req.Labels) > 0 || req.PredicateExpression != "" || len(req.SearchKeywords) > 0 {
+			a.authServer.logger.WarnContext(ctx, "ssh target resolution request contained both host and label information - ignoring labels")
+		}
+
 		resp, err := a.GetSSHTargets(ctx, &proto.GetSSHTargetsRequest{
 			Host: req.Host,
 			Port: req.Port,