-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tctl resources #1137
Comments
@kontsevoy there is a missing
This makes ansible scripts hard, with tctl apply -f resources.yaml |
@klizhentas no, you just use |
@kontsevoy question on rm command How would one distinguish that
|
@klizhentas re: We have two choices. The command can be dumb and "pedantic", thus requiring an additional "tell me how to interpret my own args" flag (something like I always vote for CLI commands that aren't dumb. In this case, we can use the following information to avoid adding another flag. For the first argument to be a type instead of a file, all of the following must be true:
Additionally, for an argument to be interpreted as a file, the following must be true:
The requirement to have an extension IMO is a sensible one because it leaves us an easy way to add additional resource formats in the future (JSON, text) To summarize, the flag processing would go like:
|
Also, our current resources are specified by |
For |
Also optional |
Re: format. the ticket explicitly states that we're not officially supporting anything other than YAML to save time. Not following what |
This commit refs #1137 - tctl get user/joe now works (as reported in #1247) - tctl create/rm roles changes - added synonyms for various resources - made YAML the default output for tctl get - added better help + examples for tctl get - edited error messages - minor refactoring - added the system of "command plugins" which allows enterprise version of tctl to introduce different behavior to OSS commands
Problem
Teleport 2.2 has allowed for configuration and resources to merge. 2.3 needs to have a clear separation between them.
A configuration is a singleton: it always exists and there's always one copy. Not zero, not 1+.
A resource should have a true CRUD semantics: i.e. get, list, create, delete, update. We also have strange resources like SAMLResponse. What is that? Why do they exist? This is just a temporary data structure inside Teleport. Things like "reverse tunnels" or "certificate authorities" are the same: they are not user-visible resources, they are internal data structures.
Proposal
Since we're moving configuration to a separate issue, the following objects need to have first-class CLI resource support:
Teleport also supports low-level undocumented resources which we use for debugging or from Telekube, like "cert authorities" or "reverse tunnels". They should remain in code but we are not documenting them and keeping the right of changing their format as we wish.
YAML format
We already have YAML format defined for the 3 resources above.
Should we change anything there?
CLI syntax
Create & Update
Note: the YAML file may contain a list of resources of different types (
---
syntax).Delete
Note: the YAML file may contain a list of resources of different types (
---
syntax).List & Get
Notes:
tctl get all > file.yaml
should produce YAML file which then can be fed intotctl create -f file.yaml
.tctl get roles users
(multiple resource types as arguments).Deprecate old commands
tctl
also supports commands likeusers
andtokens
. They are also resources, of course. Lets add a deprecation warning to them, saying that they will be removed in future versions.We don't have to implement users and tokens resources right now to shrink the scope of this release.
Undocumented resources
tctl
currently supports all kinds of resources (low level) which we use for Telekube and other internal purposes. It's also a good test bed to add new resources and trying them out before making them official. The following needs to happen here:tctl create
should refuse to accept resources not supported by Teleport distribution (i.e. OSS version should not accept Enterprise resources)tctl create
should print a clearDANGER
message when undocumented resource is being created.Other notes
--format
flag for now and always default to YAMLThe text was updated successfully, but these errors were encountered: