GitHub proxy part 6: proxing Git using SSH transport #49980
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
greedy52
force-pushed
the
STeve/48762_ssh
branch
from
73db1b8 to
1cd0ec1
Compare
greedy52
force-pushed
the
STeve/48762_ssh
branch
2 times, most recently
from
a5cb9a6 to
97bbddf
Compare
espadolini
reviewed
Dec 12, 2024
espadolini
reviewed
Dec 12, 2024
There was a problem hiding this comment.
Are you sure that hooking into lib/srv/forward.Server to essentially add a completely separate mode gated by a flag (or like three different and potentially conflicting flags) is easier than writing something new that's going to be structurally guaranteed to work as intended just for the purpose of forwarding the ssh git protocol?
will do 👍 |
|
i am splitting out some parts of this PR to separate ones like |
greedy52
force-pushed
the
STeve/48762_ssh
branch
from
97bbddf to
2345ca3
Compare
|
@greedy52 - this PR will require admin approval to merge due to its size. Consider breaking it up into a series smaller changes. |
greedy52
requested review from
Tener and
GavinFrazar
and removed request for
flyinghermit
|
@espadolini PTAL |
greedy52
force-pushed
the
STeve/48762_ssh
branch
from
b05b384 to
58ca650
Compare
|
@espadolini @Tener could you take another look? thanks! |
Tener
approved these changes
Jan 13, 2025
rosstimothy
reviewed
Jan 13, 2025
| @@ -626,6 +626,9 @@ func (s *ServerV2) githubCheckAndSetDefaults() error { | |||
| return trace.Wrap(err, "invalid GitHub organization name") | |||
| } | |||
|
|
|||
| // Set SSH host port for connection and "fake" hostname for routing. These | |||
| // values are hard-coded and cannot be customized. | |||
| s.Spec.Addr = "github.com:22" | |||
There was a problem hiding this comment.
Does this have to happen in CASD?
There was a problem hiding this comment.
I could move it to backend create but I would prefer it here as it should not have other values.
espadolini
approved these changes
Jan 14, 2025
|
@r0mant may i get an admin approval for the large size and an excludeflake? flaky test detector failed on There is no change to that package besides adding a new param to reverse tunnel server to three existing tests. |
|
/excludeflake * |
public-teleport-github-review-bot
bot
removed the request for review
from GavinFrazar
greedy52
added a commit
that referenced
this pull request
Jan 15, 2025
* GitHub proxy part 6: proxing Git using SSH transport * better command parsing and update suite * refactor * revert unnecearrty files * address review comments * ut fix * revert localsite_test.go * change special suffix to teleport-github-org for routing * fix routing ut * minor typo edit * fix ut after sshca change * add UT to sshutils * minor review comments * fix api ut because of special suffix change * GitServerReadOnlyClient * downgrade error to warning * run go mod tidy. not sure why it's needed * rename mock.go to mock_test.go
greedy52
added a commit
that referenced
this pull request
Jan 16, 2025
* GitHub proxy part 6: proxing Git using SSH transport * better command parsing and update suite * refactor * revert unnecearrty files * address review comments * ut fix * revert localsite_test.go * change special suffix to teleport-github-org for routing * fix routing ut * minor typo edit * fix ut after sshca change * add UT to sshutils * minor review comments * fix api ut because of special suffix change * GitServerReadOnlyClient * downgrade error to warning * run go mod tidy. not sure why it's needed * rename mock.go to mock_test.go
github-merge-queue bot
pushed a commit
that referenced
this pull request
Jan 16, 2025
* GitHub Proxy part 1: github integration resource (#48999) * github integration resource * fix lib/web * revert withSecrets * use static credentials * address review comments * fix ut * GitHub Proxy part 2: git_server resource, service, and RBAC (#49393) * git_server resource and role.allow.github_permissions * implicit RO on KindGitServer * review comments * fix ut * make -C integrations/operator crd * fix ut again * make crds-up-to-date and make -C integrations/terraform docs * GitHub proxy part 1.5: integration in web ui (#49561) * GitHub proxy part 1.5: integration in web ui * fix lint * GitHub Proxy part 3.5: caching PluginStaticCredentials (#49472) * GitHub Proxy part 3.5: caching PluginStaticCredentials * fix lint * GitHub proxy part 2.5: git_server cache (#49564) * GitHub proxy part 2.5: git_server cache * revert event * fix getAll * review comments * GitHub Proxy part 3: gen github user cert and export CA (#49396) * GitHub Proxy part 3: gen github user cert and export CA * address pr comment * minor refactor * use cache * fix build and cache * GitHub proxy part 4: `tsh git ls` with unified resource (#49596) * GitHub proxy part 4: tsh git ls * fix ut * update username note * fix * GitHub proxy part 5: OAuth flow to retrieve GitHub identity (#49849) * GitHub proxy part 5: OAuth flow to retrieve GitHub identity * review comments round1 * review comments round 2 and update tsh git list * make -C integrations/operator crd * make -C integrations/terraform docs * fix flaky test * GitHub proxy part 6.5: tsh git ssh/clone/config (#50044) * GitHub proxy part 6.5: tsh git ssh/clone/config * review comments * fix test * fix ut for lookpath * fix logger and update dependency version * go mod tidy for integrations * GitHub proxy part 7: audit events (#49923) * GitHub proxy part 7: audit events * make Git Command consistent * fix typo * GitHub proxy: git command recorder (#50505) * GitHub proxy: recording git command * address review * review comments * allow flags after repository for git-upload-pack * GitHub proxy part 6: proxing Git using SSH transport (#49980) * GitHub proxy part 6: proxing Git using SSH transport * better command parsing and update suite * refactor * revert unnecearrty files * address review comments * ut fix * revert localsite_test.go * change special suffix to teleport-github-org for routing * fix routing ut * minor typo edit * fix ut after sshca change * add UT to sshutils * minor review comments * fix api ut because of special suffix change * GitServerReadOnlyClient * downgrade error to warning * run go mod tidy. not sure why it's needed * rename mock.go to mock_test.go * GitHub Proxy: complete audit event flow and add an enterprise guard (#51049) * fix lint and remove accidently checked-in binary * Fix flaky git.TestForwardServer test (#51112)
mvbrock
pushed a commit
that referenced
this pull request
Jan 18, 2025
* GitHub proxy part 6: proxing Git using SSH transport * better command parsing and update suite * refactor * revert unnecearrty files * address review comments * ut fix * revert localsite_test.go * change special suffix to teleport-github-org for routing * fix routing ut * minor typo edit * fix ut after sshca change * add UT to sshutils * minor review comments * fix api ut because of special suffix change * GitServerReadOnlyClient * downgrade error to warning * run go mod tidy. not sure why it's needed * rename mock.go to mock_test.go
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related:
will stack another PR for
tsh git ssh/config/clonecommands on top of this