Skip to content

[v13] Fix tsh kube login when creds are expired or doesn't exist#32095

Merged
GavinFrazar merged 1 commit intogavinfrazar/v13-correct-selected-clusterfrom
gavinfrazar/v13-fix-kube-login-no-creds
Sep 19, 2023
Merged

[v13] Fix tsh kube login when creds are expired or doesn't exist#32095
GavinFrazar merged 1 commit intogavinfrazar/v13-correct-selected-clusterfrom
gavinfrazar/v13-fix-kube-login-no-creds

Conversation

@GavinFrazar
Copy link
Copy Markdown
Contributor

@GavinFrazar GavinFrazar commented Sep 18, 2023

Backports #31418 to branch/v13.

Stacked on #32092

Merge conflict while backporting was due to the fact that we do not want to backport the retryWithAccessRequest to v13.

@github-actions github-actions Bot requested review from lxea and zmb3 September 18, 2023 20:54
@github-actions github-actions Bot added size/sm tsh tsh - Teleport's command line tool for logging into nodes running Teleport. labels Sep 18, 2023
@GavinFrazar GavinFrazar mentioned this pull request Sep 18, 2023
Merged
@GavinFrazar GavinFrazar force-pushed the gavinfrazar/v13-tsh-match-against-discovered-name branch from 02e488d to 4872575 Compare September 19, 2023 00:13
@GavinFrazar GavinFrazar force-pushed the gavinfrazar/v13-fix-kube-login-no-creds branch from 37c58e7 to b538371 Compare September 19, 2023 00:15
@GavinFrazar GavinFrazar force-pushed the gavinfrazar/v13-tsh-match-against-discovered-name branch from 4872575 to 0e5619a Compare September 19, 2023 00:57
Base automatically changed from gavinfrazar/v13-tsh-match-against-discovered-name to gavinfrazar/v13-correct-selected-cluster September 19, 2023 00:58
@tigrato @GavinFrazar
[v13] Fix tsh kube login when creds are expired or doesn't exist
eb51705 
Backports #31418 to branch/v13.

This PR uses `client.RetryWithRelogin` helper to deal with cases where user's
credentials don't exist or are already expired.
@GavinFrazar GavinFrazar force-pushed the gavinfrazar/v13-fix-kube-login-no-creds branch from b538371 to eb51705 Compare September 19, 2023 00:59
@GavinFrazar GavinFrazar merged commit 86ae3af into gavinfrazar/v13-correct-selected-cluster Sep 19, 2023
@GavinFrazar GavinFrazar deleted the gavinfrazar/v13-fix-kube-login-no-creds branch September 19, 2023 00:59
github-merge-queue Bot pushed a commit that referenced this pull request Sep 19, 2023
@GavinFrazar @tigrato
[v13] Fix Kubernetes selected cluster (#32087)
04d8985 
* [v13] Fix Kubernetes selected cluster

backports #30167 to branch/v13.

* Fix Kubernetes selected cluster

Kubeconfig context name can be customized using `--set-context-name`
flag. When using it, the selected Kubernetes cluster fails to correctly
identify the cluster name.

* [v13] tsh kube login by prefix, query, labels (#32088)

backports #30252 to branch/v13.

* fetch kube clusters once for login

* [v13] update `tsh proxy kube` cluster selection ux (#32089)

backports #30478 to branch/v13.

* select by labels, query predicate, name, and/or prefix of name.
* fix --cluster flag not being propagated

* [v13] simplify tsh db prefix predicate logic (#32090)

backports #30531 to branch/v13.

* [v13] check for discovered kube cluster name exact match (#32091)

backports #31744 to branch/v13.

* [v13] rework tsh database selection logic (#32092)

backports #31689 to branch/v13.

* disallow prefix matching
* select by exact name match first,
* otherwise look for unambiguous discovered name label match.
* look for an active db to resolve discovered name match ambiguity.
* add more predicate builder helpers
* check for db name in not found error for stale cert hint
* no error status on tsh db logout with no logged in dbs
* remove dead code
* refactor helper funcs to simplify code and make it easier to test
* test complex database selection
* test findActiveDatabase
* test choosing one db by discovered name
* add more resource selectors tests
* test formatDatabaseLoginCommand
* add debug logging for db selection

* [v13] Fix `tsh kube login` when creds are expired or doesn't exist (#32095)

Backports #31418 to branch/v13.

This PR uses `client.RetryWithRelogin` helper to deal with cases where user's
credentials don't exist or are already expired.

Co-authored-by: Tiago Silva <tiago.silva@goteleport.com>

* remove tsh kube prefix matching (#31852) (#32097)

* fix retry with relogin for ambiguous clusters
* consolidate test setup for login/proxy kube selection tests
* add more test cases for kube selection
* remove prefix testing
* add origin cloud label in tests
* refactor the check for multiple cluster login into a func

* [v13] remove prefix matching in tctl (#32104)

Backports #31916 to branch/v13.

* remove prefix matching in tctl
* replace prefix matching with exact discovered name match as a fallback
  when no resource full name matches the name given by a user
* refactor test helpers
* avoid decoding yaml/json into already initialized var

---------

Co-authored-by: Tiago Silva <tiago.silva@goteleport.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@AntonAM AntonAM AntonAM approved these changes

@jakule jakule jakule approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

size/sm tsh tsh - Teleport's command line tool for logging into nodes running Teleport.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@GavinFrazar @AntonAM @jakule @tigrato