Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix auto-update re-exec arguments modified by aliases #50228

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Fix auto-update re-exec arguments modified by aliases #50228

wants to merge 5 commits into from

Conversation

vapopov
Copy link
Contributor

@vapopov vapopov commented Dec 13, 2024
edited
Loading

In this PR fixed issue related tsh {alias} if we define in alias same executable path of tsh, for instance:

~/.tsh/config/config.yaml

aliases:
  "loginvadym": ".build/tsh login --proxy=localhost:8443 --auth=local --user=vadym --insecure"

we don't spawn new process, instead just re-run the tsh main function with modified execution arguments

teleport/tool/tsh/common/aliases.go

Lines 205 to 221 in e50dae9

// if execPath is our path, skip re-execution and run main directly instead.
// this makes for better error messages in case of failures.
if execPath == currentExecPath {
log.Debugf("Self re-exec command: tsh %v.", arguments)
return trace.Wrap(ar.runTshMain(ctx, arguments))
}
cmd := exec.Command(execPath, arguments...)
cmd.Stdin = os.Stdin
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
log.Debugf("Running external command: %v", cmd)
err = ar.runExternalCommand(cmd)
if err == nil {
return nil
}

but in updater we use os.Args arguments, not modified ones by alias runner

teleport/lib/autoupdate/tools/updater.go

Lines 351 to 352 in e50dae9

if err := syscall.Exec(path, append([]string{path}, os.Args[1:]...), env); err != nil {
return 0, trace.Wrap(err)

this produce issue with updater, when it executed by alias

vpopov@Vadyms-MBP-2 teleport-docker % ./build/tsh loginvadym
Update progress: [▒▒▒▒▒▒▒▒▒▒] (Ctrl-C to cancel update)
ERROR: recursive alias "loginvadym"; correct alias definition and try again

discussion
Related: https://github.com/gravitational/cloud/issues/10053

changelog: Fixed client tools autoupdates executed by aliases (causes recursive alias error)

@vapopov vapopov added no-changelog Indicates that a PR does not require a changelog entry backport/branch/v15 backport/branch/v16 backport/branch/v17 labels Dec 13, 2024
@github-actions github-actions bot added size/sm tsh tsh - Teleport's command line tool for logging into nodes running Teleport. labels Dec 13, 2024
@vapopov vapopov force-pushed the vapopov/fix-autoupdate-re-exec-with-aliases branch from 4c7c3f3 to ba62d79 Compare December 13, 2024 20:18
@vapopov vapopov requested a review from Tener December 18, 2024 19:20
Tener
Tener approved these changes Dec 19, 2024
View reviewed changes
Copy link
Contributor

@Tener Tener left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. After reading the issue analysis my first suggestion would be to move away from the global os.Args, so I'm happy to see this is indeed the fix.

Also, very cool feature 👍

Nit: perhaps worth mentioning this bugfix in the changelog? A bit of marketing for both features involved ;-)

@vapopov vapopov removed the no-changelog Indicates that a PR does not require a changelog entry label Dec 19, 2024
@vapopov
Copy link
Contributor Author

vapopov commented Dec 19, 2024

@hugoShaka could you please take a look when you have time

hugoShaka
hugoShaka reviewed Dec 20, 2024
View reviewed changes
Copy link
Contributor

@hugoShaka hugoShaka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we have a test covering the re-exec with alias mechanism? I'm worried someone might break it again in the future and won't detect it.

@vapopov
Improve integration tests to execute with tsh and tctl
894aab9 
Added a full-cycle integration test to verify client tools
auto-updates within a test cluster by modifying AutoUpdateConfig
and AutoUpdateVersion resources. The test executes the login
command using alias configurations to ensure no recursive
re-execution occurs.

The updater binary used in integration tests has been replaced
with the `Run` logic of tctl and tsh.
@vapopov vapopov force-pushed the vapopov/fix-autoupdate-re-exec-with-aliases branch from 6ce9b27 to 894aab9 Compare December 25, 2024 18:51
@vapopov vapopov requested a review from hugoShaka December 30, 2024 20:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sclevine sclevine sclevine approved these changes

@Tener Tener Tener approved these changes

@eriktate eriktate Awaiting requested review from eriktate

@fspmarshall fspmarshall Awaiting requested review from fspmarshall

@hugoShaka hugoShaka Awaiting requested review from hugoShaka

Assignees
No one assigned
Labels
backport/branch/v15 backport/branch/v16 backport/branch/v17 size/sm tsh tsh - Teleport's command line tool for logging into nodes running Teleport.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@vapopov @Tener @sclevine @hugoShaka