Skip to content

Fix tsh kube login when creds are expired or doesn't exist#31418

Merged
tigrato merged 1 commit intomasterfrom
tigrato/fix-kube-login-no-creds
Sep 5, 2023
Merged

Fix tsh kube login when creds are expired or doesn't exist#31418
tigrato merged 1 commit intomasterfrom
tigrato/fix-kube-login-no-creds

Conversation

@tigrato
Copy link
Copy Markdown
Contributor

@tigrato tigrato commented Sep 4, 2023

This PR chains client.RetryWithRelogin and retryWithAccessRequest helpers to deal with cases where user's credentials don't exist or are already expired.

@tigrato
Fix tsh kube login when creds are expired or doesn't exist
453741f 
This PR chains `client.RetryWithRelogin` and `retryWithAccessRequest`
helpers to deal with cases where user's credentials don't exist or are
already expired.

Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>
@tigrato tigrato requested a review from espadolini September 4, 2023 17:48
@github-actions github-actions Bot added size/sm tsh tsh - Teleport's command line tool for logging into nodes running Teleport. labels Sep 4, 2023
@tigrato tigrato added this pull request to the merge queue Sep 5, 2023
Merged via the queue into master with commit 8e5ac12 Sep 5, 2023
@tigrato tigrato deleted the tigrato/fix-kube-login-no-creds branch September 5, 2023 16:46
@public-teleport-github-review-bot
Copy link
Copy Markdown

public-teleport-github-review-bot Bot commented Sep 5, 2023

@tigrato See the table below for backport results.

Branch Result
branch/v14 Create PR

@tigrato tigrato mentioned this pull request Sep 5, 2023
Merged
@GavinFrazar GavinFrazar mentioned this pull request Sep 14, 2023
Merged
@GavinFrazar GavinFrazar mentioned this pull request Sep 18, 2023
Merged
GavinFrazar pushed a commit that referenced this pull request Sep 19, 2023
@tigrato @GavinFrazar
[v13] Fix tsh kube login when creds are expired or doesn't exist
eb51705 
Backports #31418 to branch/v13.

This PR uses `client.RetryWithRelogin` helper to deal with cases where user's
credentials don't exist or are already expired.
GavinFrazar added a commit that referenced this pull request Sep 19, 2023
@GavinFrazar @tigrato
[v13] Fix tsh kube login when creds are expired or doesn't exist (#…
86ae3af 
…32095)

Backports #31418 to branch/v13.

This PR uses `client.RetryWithRelogin` helper to deal with cases where user's
credentials don't exist or are already expired.

Co-authored-by: Tiago Silva <tiago.silva@goteleport.com>
github-merge-queue Bot pushed a commit that referenced this pull request Sep 19, 2023
@GavinFrazar @tigrato
[v13] Fix Kubernetes selected cluster (#32087)
04d8985 
* [v13] Fix Kubernetes selected cluster

backports #30167 to branch/v13.

* Fix Kubernetes selected cluster

Kubeconfig context name can be customized using `--set-context-name`
flag. When using it, the selected Kubernetes cluster fails to correctly
identify the cluster name.

* [v13] tsh kube login by prefix, query, labels (#32088)

backports #30252 to branch/v13.

* fetch kube clusters once for login

* [v13] update `tsh proxy kube` cluster selection ux (#32089)

backports #30478 to branch/v13.

* select by labels, query predicate, name, and/or prefix of name.
* fix --cluster flag not being propagated

* [v13] simplify tsh db prefix predicate logic (#32090)

backports #30531 to branch/v13.

* [v13] check for discovered kube cluster name exact match (#32091)

backports #31744 to branch/v13.

* [v13] rework tsh database selection logic (#32092)

backports #31689 to branch/v13.

* disallow prefix matching
* select by exact name match first,
* otherwise look for unambiguous discovered name label match.
* look for an active db to resolve discovered name match ambiguity.
* add more predicate builder helpers
* check for db name in not found error for stale cert hint
* no error status on tsh db logout with no logged in dbs
* remove dead code
* refactor helper funcs to simplify code and make it easier to test
* test complex database selection
* test findActiveDatabase
* test choosing one db by discovered name
* add more resource selectors tests
* test formatDatabaseLoginCommand
* add debug logging for db selection

* [v13] Fix `tsh kube login` when creds are expired or doesn't exist (#32095)

Backports #31418 to branch/v13.

This PR uses `client.RetryWithRelogin` helper to deal with cases where user's
credentials don't exist or are already expired.

Co-authored-by: Tiago Silva <tiago.silva@goteleport.com>

* remove tsh kube prefix matching (#31852) (#32097)

* fix retry with relogin for ambiguous clusters
* consolidate test setup for login/proxy kube selection tests
* add more test cases for kube selection
* remove prefix testing
* add origin cloud label in tests
* refactor the check for multiple cluster login into a func

* [v13] remove prefix matching in tctl (#32104)

Backports #31916 to branch/v13.

* remove prefix matching in tctl
* replace prefix matching with exact discovered name match as a fallback
  when no resource full name matches the name given by a user
* refactor test helpers
* avoid decoding yaml/json into already initialized var

---------

Co-authored-by: Tiago Silva <tiago.silva@goteleport.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@espadolini espadolini espadolini approved these changes

@atburke atburke atburke approved these changes

Assignees

No one assigned

Labels

size/sm tsh tsh - Teleport's command line tool for logging into nodes running Teleport.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tigrato @espadolini @atburke @GavinFrazar