Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add v2 static host user resource #46038

Merged
merged 2 commits into from
Sep 4, 2024
Merged

Add v2 static host user resource #46038

merged 2 commits into from
Sep 4, 2024

Conversation

atburke
Copy link
Contributor

@atburke atburke commented Aug 29, 2024

This change adds the v2 static host user resource.

In the v1 resource, more than one SHU resource with the same login but with conflicting other fields (groups, uid/gid, etc) could apply to a node. The host user's expected configuration would be ambiguous and sensitive to the order in which the resources were created.

In the v2 resource, only one resource can exist per login (the login is now the resource name to enforce this). The SHU resource contains a list of matchers to apply different configurations to different nodes:

kind: static_host_user
metadata:
  name: alice
spec:
  matchers:
    - node_labels:
        - name: foo
          values: ["bar"]
      groups: ["foo", "bar"]
      # sudoers, uid/gid, etc.

If more than one matcher applies to the node, the node can reject the host user without needing to know about any other SHU resources.

Static host users aren't in any releases yet, so no need to worry about breaking changes.

Part of #42712.

@atburke atburke added the no-changelog Indicates that a PR does not require a changelog entry label Aug 29, 2024
@atburke atburke requested a review from rosstimothy August 29, 2024 18:55
@atburke atburke mentioned this pull request Aug 29, 2024
Closed
@zmb3
Copy link
Collaborator

zmb3 commented Aug 29, 2024

Did we ever release the V1 resource? If not, can we make these changes without introducing a V2?

@rosstimothy
Copy link
Contributor

rosstimothy commented Aug 29, 2024
edited
Loading

Did we ever release the V1 resource? If not, can we make these changes without introducing a V2?

The proto linter makes no exceptions for unreleased protos. The only way to achieve that would be to delete v1 and add it back.

rosstimothy
rosstimothy reviewed Sep 3, 2024
View reviewed changes
Copy link
Contributor

@rosstimothy rosstimothy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will we be deleting v1 since it's not intended to be used and was never released?

api/proto/teleport/userprovisioning/v2/statichostuser.proto Outdated Show resolved Hide resolved
lib/services/statichostuser.go Show resolved Hide resolved
@atburke atburke force-pushed the atburke/static-user-v2 branch from 2252866 to f1d68ca Compare September 3, 2024 21:05
@atburke atburke enabled auto-merge September 3, 2024 21:05
@atburke atburke force-pushed the atburke/static-user-v2 branch from f1d68ca to 6ac7b71 Compare September 4, 2024 18:40
@atburke atburke added this pull request to the merge queue Sep 4, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Sep 4, 2024
@atburke atburke added this pull request to the merge queue Sep 4, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to a conflict with the base branch Sep 4, 2024
@atburke
Add StaticHostUserV2
3376324 
This change adds the v2 static host user resource.
@atburke atburke force-pushed the atburke/static-user-v2 branch from 6ac7b71 to 3376324 Compare September 4, 2024 20:10
@atburke atburke enabled auto-merge September 4, 2024 20:10
@atburke atburke added this pull request to the merge queue Sep 4, 2024
Merged via the queue into master with commit 564c245 Sep 4, 2024
42 checks passed
@atburke atburke deleted the atburke/static-user-v2 branch September 4, 2024 21:33
atburke added a commit that referenced this pull request Sep 4, 2024
@atburke
Add StaticHostUserV2 (#46038)
c98d836 
This change adds the v2 static host user resource.
github-merge-queue bot pushed a commit that referenced this pull request Sep 4, 2024
@atburke
Add StaticHostUserV2 (#46038) (#46093)
d20ec18 
This change adds the v2 static host user resource.
atburke added a commit that referenced this pull request Sep 10, 2024
@atburke
Add StaticHostUserV2 (#46038)
f04b4a9 
This change adds the v2 static host user resource.
@atburke atburke mentioned this pull request Sep 11, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rosstimothy rosstimothy rosstimothy approved these changes

@EdwardDowling EdwardDowling EdwardDowling approved these changes

@espadolini espadolini espadolini approved these changes

Assignees
No one assigned
Labels
no-changelog Indicates that a PR does not require a changelog entry size/md
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@atburke @zmb3 @rosstimothy @espadolini @EdwardDowling