Fixes crash when writing kubeconfig with tctl auth sign --tar#34612
Merged
Fixes crash when writing kubeconfig with tctl auth sign --tar#34612
tctl auth sign --tar#34612Conversation
Prior this patch, using the `--format=kubernetes` option with `tctl auth sign --tar` would crash due to the filesystem abstraction used to capture the `tctl` output files did not support removing or `stat`ing files. In addition, the kubeconfig file writer did not use the filesystem abstraction given to the identity file writer, but would only write files out to the host filesystem. This means that any kubeconfig file oututs would not be included in the output tarfile stream. This patch: * Updates the tarfile filesystem abstraction to buffer files created by `tctl` until the write is complete, and then stream the archive out at the end. This gives sensible semabtics to the remove and stat operations. * Updates the kubeconfig writer to take a filesystem abstraction compatible with the one used by the identity file writer, so that the kubeconfg file output is correctly caught by the tarfile writer. Fixes: #34371 Changelog: Fixes crash when writing kubeconfig with `tctl auth sign --tar`
github-actions
Bot
added
kubernetes-access
size/md
tctl
r0mant
approved these changes
Nov 20, 2023
| return os.WriteFile(name, data, perm) | ||
| } | ||
|
|
||
| // ReadFile reads the file at tpath `name`, returning |
r0mant
requested review from
hugoShaka
and removed request for
gabrielcorado and
probakowski
Collaborator
|
@tcsc Please backport this to v14 and v13. |
hugoShaka
approved these changes
Nov 20, 2023
public-teleport-github-review-bot
Bot
removed the request for review
from strideynet
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Nov 21, 2023
…#34822) * [v13] Fixes crash when writing kubeconfig with `tctl auth sign --tar` Backports #34612 Prior this patch, using the `--format=kubernetes` option with `tctl auth sign --tar` would crash due to the filesystem abstraction used to capture the `tctl` output files did not support removing or `stat`ing files. In addition, the kubeconfig file writer did not use the filesystem abstraction given to the identity file writer, but would only write files out to the host filesystem. This means that any kubeconfig file oututs would not be included in the output tarfile stream. This patch: * Updates the tarfile filesystem abstraction to buffer files created by `tctl` until the write is complete, and then stream the archive out at the end. This gives sensible semabtics to the remove and stat operations. * Updates the kubeconfig writer to take a filesystem abstraction compatible with the one used by the identity file writer, so that the kubeconfg file output is correctly caught by the tarfile writer. Fixes: #34371 Changelog: Fixes crash when writing kubeconfig with `tctl auth sign --tar` * Fix backport test detritus
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Dec 5, 2023
…#34874) Backports #34612 Prior this patch, using the `--format=kubernetes` option with `tctl auth sign --tar` would crash due to the filesystem abstraction used to capture the `tctl` output files did not support removing or `stat`ing files. In addition, the kubeconfig file writer did not use the filesystem abstraction given to the identity file writer, but would only write files out to the host filesystem. This means that any kubeconfig file oututs would not be included in the output tarfile stream. This patch: * Updates the tarfile filesystem abstraction to buffer files created by `tctl` until the write is complete, and then stream the archive out at the end. This gives sensible semabtics to the remove and stat operations. * Updates the kubeconfig writer to take a filesystem abstraction compatible with the one used by the identity file writer, so that the kubeconfg file output is correctly caught by the tarfile writer. Fixes: #34371 Changelog: Fixes crash when writing kubeconfig with `tctl auth sign --tar` * Fix backport test detritus
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Prior this patch, using the
--format=kubernetesoption withtctl auth sign --tarwould crash due to the filesystem abstractionused to capture the
tctloutput files did not support removing orstating files.In addition, the kubeconfig file writer did not use the filesystem
abstraction given to the identity file writer, but would only write
files out to the host filesystem. This means that any kubeconfig
file oututs would not be included in the output tarfile stream.
This patch:
by
tctluntil the write is complete, and then stream the archiveout at the end. This gives sensible semabtics to the remove and
stat operations.
compatible with the one used by the identity file writer, so that
the kubeconfg file output is correctly caught by the tarfile writer.
Fixes: #34371
Changelog: Fixes crash when writing kubeconfig with
tctl auth sign --tar