GitHub Proxy part 2: git_server resource, service, and RBAC #49393
Conversation
greedy52
changed the title
…/48762_git_server
greedy52
force-pushed
the
STeve/48762_git_server
branch
from
227c801 to
177eeec
Compare
greedy52
added
the
no-changelog
| case types.KindGitServer: | ||
| var servers []types.Server | ||
|
|
||
| // TODO(greedy52) use unified resource request once available. |
| if serverV2, err := toServerV2(server); err != nil { | ||
| return nil, trace.Wrap(err) |
There was a problem hiding this comment.
it shouldn't. just safety check
| // CreateGitServerRequest is a request to create a Git server. | ||
| message CreateGitServerRequest { | ||
| // Server is the Git server to create. | ||
| types.ServerV2 server = 1; |
There was a problem hiding this comment.
Theoretical question :-)
If there any possible way to not mix gogole proto with legacy deprecated gogo proto ?
There was a problem hiding this comment.
it's probably doable, i haven't tried. But i will have to do conversions back AND force in a LOT of places as git_server will rely on existing SSH transport. I prefer use the old type and keep backend consistent as the other server resources.
There was a problem hiding this comment.
Is types.ServerV2 leveraged for literally anything here? Is it planned to work for arbitrary git servers reached directly from the server?
There was a problem hiding this comment.
Is it planned to work for arbitrary git servers reached directly from the server?
What do you mean?
Do you mean directly from the proxy server? there will be git agents eventually for private/self-hosted git services.
There was a problem hiding this comment.
Well, the entire point of ServerV2 is that it has a bunch of fields that make sense for servers - so far, a git_server with subkind github is literally only using metadata and one field that was added to ServerSpecV2 that only makes sense in that exact scenario, so I was wondering if in the future we're planning to make use of ServerV2.
There was a problem hiding this comment.
i was thinking yes. For example, a git_server for self-hosted gitlab is basically a non-agentless SSH server that uses its own CA to sign.
I am open to switching git_server to its own type. What worries me more is whether I have to convert this type to satisfy the types.Server interface and/or refactor the SSH transport along the way.
What do you think?
public-teleport-github-review-bot
bot
removed the request for review
from rudream
|
🤖 Vercel preview here: https://docs-2kv7muz8t-goteleport.vercel.app/docs |
|
🤖 Vercel preview here: https://docs-dk4vp5vo8-goteleport.vercel.app/docs |
|
@greedy52 - this PR will require admin approval to merge due to its size. Consider breaking it up into a series smaller changes. |
|
🤖 Vercel preview here: https://docs-65k658emc-goteleport.vercel.app/docs |
greedy52
force-pushed
the
STeve/48762_git_server
branch
from
2989a83 to
84c1e6e
Compare
|
🤖 Vercel preview here: https://docs-ng3o76b5d-goteleport.vercel.app/docs |
part of:
Sorry for the bit list of files. Mostly just boiler plate code for a new resource.
Resource yaml
Then: