reduce login latency#27029
Conversation
|
|
rosstimothy
force-pushed
the
tross/tsh_login_improvements
branch
2 times, most recently
from
5dfc1a5 to
3861780
Compare
| errViaJumphost := err | ||
| // If JumpHosts was pointing at the leaf cluster (e.g. during 'tsh ssh | ||
| // -J leaf.example.com'), this could've caused the above error. Try to | ||
| // fetch CAs without JumpHosts to force it to use the root cluster. | ||
| if err := tc.WithoutJumpHosts(func(tc *TeleportClient) error { | ||
| return tc.UpdateTrustedCA(ctx, rootClusterName) | ||
| }); err != nil { | ||
| return trace.NewAggregate(errViaJumphost, err) | ||
| } |
There was a problem hiding this comment.
This fallback flow always creates a new TeleportClient and in this PR this logic was removed.
Not sure if this flow is 100% covered by UT or integration test but I'm afraid that by removing this fallback we will break the flow.
There was a problem hiding this comment.
It's now the responsibility of the caller to ensure that the provided services.AuthorityGetter is connected to the root Auth service so in theory we shouldn't need to attempt the fallback any more. I'll add a test to cover this flow if one doesn't already exist.
| if err := tc.ActivateKeyWithoutTrustedCerts(cf.Context, key); err != nil { | ||
| return trace.Wrap(err) | ||
| } | ||
|
|
||
| clusterClient, err := tc.ConnectToCluster(cf.Context) | ||
| if err != nil { | ||
| return trace.Wrap(err) | ||
| } | ||
| defer clusterClient.Close() | ||
|
|
||
| rootAuth, err := clusterClient.RootClient(cf.Context) | ||
| if err != nil { | ||
| return trace.Wrap(err) | ||
| } | ||
| defer rootAuth.Close() | ||
|
|
||
| if err := tc.UpdateTrustedCA(cf.Context, rootAuth); err != nil { |
There was a problem hiding this comment.
nit: Can we move this to a separate function that will return clusterClient and rootAuth ?
There was a problem hiding this comment.
I'm not sure if moving it all into one function would really make things clearer. This is also no different than the same api we have for the legacy ProxyClient.
Lines 3390 to 3400 in 8da636b
rosstimothy
force-pushed
the
tross/tsh_login_improvements
branch
2 times, most recently
from
c36569f to
d62335c
Compare
rosstimothy
force-pushed
the
tross/tsh_login_improvements
branch
from
d62335c to
063e7e2
Compare
2 participants
Builds on #26903 and #26968 to reduce login latency by reusing auth clients.