Skip to content

Add WatchPendingHeadlessAuthentications rpc for headless polling#28234

Merged
Joerger merged 1 commit intomasterfrom
joerger/enable-headless-authentication-event-watching
Jun 28, 2023
Merged

Add WatchPendingHeadlessAuthentications rpc for headless polling#28234
Joerger merged 1 commit intomasterfrom
joerger/enable-headless-authentication-event-watching

Conversation

@Joerger
Copy link
Copy Markdown
Contributor

@Joerger Joerger commented Jun 23, 2023
edited
Loading

This PR:

  • Adds the headless authentication resource type to the watch cache.
  • Adds the rpc WatchPendingHeadlessAuthentications which will be used by Teleport Connect to poll/watch for pending headless authentications for a user.
    • I created a new rpc as opposed to just reusing rpc WatchEvents in order to maintain a headless authentications stub on the server side, which is necessary for a headless authentication request to get inserted into the backend.

Updates #27137

@github-actions github-actions Bot requested review from espadolini and gzdunek June 23, 2023 21:22
@Joerger Joerger force-pushed the joerger/headless-user-backend-key branch from 5e7f06a to 435a16d Compare June 23, 2023 21:34
@Joerger Joerger force-pushed the joerger/enable-headless-authentication-event-watching branch 4 times, most recently from 67274f6 to 11ba59b Compare June 23, 2023 21:59
espadolini
espadolini reviewed Jun 26, 2023
View reviewed changes
Comment thread api/proto/teleport/legacy/client/proto/authservice.proto Outdated
Comment thread lib/cache/collections.go Outdated
Comment thread lib/auth/grpcserver.go Outdated
Comment thread lib/auth/grpcserver.go Outdated
@Joerger Joerger force-pushed the joerger/headless-user-backend-key branch 4 times, most recently from b976c6b to 31501ae Compare June 27, 2023 00:02
@Joerger Joerger force-pushed the joerger/enable-headless-authentication-event-watching branch from 11ba59b to f877aa2 Compare June 27, 2023 00:36
@Joerger Joerger force-pushed the joerger/headless-user-backend-key branch from 31501ae to 9c59791 Compare June 27, 2023 01:12
@Joerger Joerger force-pushed the joerger/enable-headless-authentication-event-watching branch from 07aa2ce to 0a0d728 Compare June 27, 2023 01:13
@Joerger Joerger force-pushed the joerger/headless-user-backend-key branch from 9c59791 to 95fd305 Compare June 27, 2023 01:14
@Joerger Joerger force-pushed the joerger/enable-headless-authentication-event-watching branch from 0a0d728 to dfa3ceb Compare June 27, 2023 01:15
Base automatically changed from joerger/headless-user-backend-key to master June 27, 2023 16:58
@Joerger Joerger requested a review from espadolini June 27, 2023 18:51
@Joerger Joerger force-pushed the joerger/enable-headless-authentication-event-watching branch from c0900b1 to 1965af5 Compare June 27, 2023 18:55
gzdunek
gzdunek approved these changes Jun 28, 2023
View reviewed changes
Comment thread lib/services/local/events.go Outdated
espadolini
espadolini approved these changes Jun 28, 2023
View reviewed changes
Comment thread api/types/headlessauthn.go Outdated
Comment thread lib/auth/auth_with_roles.go Outdated
Comment thread lib/auth/auth_with_roles.go Outdated
Comment thread lib/services/local/headlessauthn.go Outdated
@Joerger
* Enable headless authentication event watch.
b238115 
* Add WatchPendingHeadlessAuthentications rpc.
@Joerger Joerger force-pushed the joerger/enable-headless-authentication-event-watching branch from 77187e9 to b238115 Compare June 28, 2023 17:46
@Joerger Joerger enabled auto-merge June 28, 2023 17:49
@Joerger Joerger added this pull request to the merge queue Jun 28, 2023
Merged via the queue into master with commit f7bd643 Jun 28, 2023
@Joerger Joerger deleted the joerger/enable-headless-authentication-event-watching branch June 28, 2023 18:22
@public-teleport-github-review-bot
Copy link
Copy Markdown

public-teleport-github-review-bot Bot commented Jun 28, 2023

@Joerger See the table below for backport results.

Branch Result
branch/v12 Failed
branch/v13 Failed

Joerger added a commit that referenced this pull request Jul 11, 2023
@Joerger
* Enable headless authentication event watch. (#28234)
2b40043 
* Add WatchPendingHeadlessAuthentications rpc.
@Joerger Joerger mentioned this pull request Jul 11, 2023
Merged
Joerger added a commit that referenced this pull request Aug 1, 2023
@Joerger
* Enable headless authentication event watch. (#28234)
22bbbe1 
* Add WatchPendingHeadlessAuthentications rpc.
github-merge-queue Bot pushed a commit that referenced this pull request Aug 2, 2023
@Joerger
[v13] Add Headless Polling to Teleport Connect (#28975)
dda59bd 
* * Enable headless authentication event watch. (#28234)

* Add WatchPendingHeadlessAuthentications rpc.

* Fix headless authentication matching logic for watcher (#28843)

* Fix headless authentication matching logic for watcher and add test.

* Move hasWatchPermissionForKind to a separate function.

* Clean up hasWatchPermissionForKind.

* Cleanup test code with suggestions from review.

* Refactor Gateway Cert Reissuer and tshd events client (#28782)

* - Move tshd events client into the daemon service.

- Replace gatway cert reissuer with a more reusable retryWithRelogin
method.

* Resolve comments.

* Teleport Connect headless watcher (#28844)

* Implement headless watcher backend for Teleport Connect.

* Add headless watcher to tshd daemon service.

* Add SendPendingHeadlessAuthentication rpc to tshd events service.

* Add UpdateHeadlessAuthenticationState rpc to the daemon service.

* Address comments.

* Tune Headless Watcher retry logic in Teleport Connect (#29410)

* Reduce headless watcher max backoff period to 90s; Propogate watcher error properly; Don't retry on not implemented error.

* Stop watcher if it wasn't stopped already.

* Implement headless watcher approval logic in the Electron App. (#29097)

* Fix uncaught merge conflict.

* Fix call count race condition; Fix grpc server stop race condition; Make timeout less aggressive. (#29880)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@espadolini espadolini espadolini approved these changes

@gzdunek gzdunek gzdunek approved these changes

Assignees

No one assigned

Labels

size/md

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Joerger @espadolini @gzdunek