Skip to content

Add static host user proto defs#44610

Merged
atburke merged 1 commit intomasterfrom
atburke/static-user-proto
Jul 30, 2024
Merged

Add static host user proto defs#44610
atburke merged 1 commit intomasterfrom
atburke/static-user-proto

Conversation

@atburke
Copy link
Copy Markdown
Contributor

@atburke atburke commented Jul 25, 2024

This change adds the proto definition for the static host user resource (RFD 175) and its gRPC service.

Part of #42712.

@atburke atburke added no-changelog Indicates that a PR does not require a changelog entry backport/branch/v16 labels Jul 25, 2024
@atburke atburke requested a review from rosstimothy July 25, 2024 00:05
@github-actions github-actions Bot requested review from avatus and rudream July 25, 2024 00:06
rosstimothy
rosstimothy reviewed Jul 25, 2024
View reviewed changes
Comment thread api/proto/teleport/statichostuser/v1/statichostuser.proto Outdated
@@ -0,0 +1,44 @@
syntax = "proto3";

package teleport.statichostuser.v1;
Copy link
Copy Markdown
Contributor

@rosstimothy rosstimothy Jul 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you think about generalizing the package a bit to encompass all of auto user provisioning?

Suggested change
package teleport.statichostuser.v1;
package teleport.userprovisioning.v1;

Comment thread api/proto/teleport/statichostuser/v1/statichostuser_service.proto Outdated
Comment on lines +17 to +21
rpc CreateStaticHostUser(CreateStaticHostUserRequest) returns (CreateStaticHostUserResponse);
// UpdateStaticHostUser updates an existing static host user.
rpc UpdateStaticHostUser(UpdateStaticHostUserRequest) returns (UpdateStaticHostUserResponse);
// UpsertStaticHostUser creates a new static host user or forcefully updates an existing static host user.
rpc UpsertStaticHostUser(UpsertStaticHostUserRequest) returns (UpsertStaticHostUserResponse);
Copy link
Copy Markdown
Contributor

@rosstimothy rosstimothy Jul 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/gravitational/teleport/blob/master/rfd/0153-resource-guidelines.md#create
https://github.com/gravitational/teleport/blob/master/rfd/0153-resource-guidelines.md#update
https://github.com/gravitational/teleport/blob/master/rfd/0153-resource-guidelines.md#upsert

Suggested change
rpc CreateStaticHostUser(CreateStaticHostUserRequest) returns (CreateStaticHostUserResponse);
// UpdateStaticHostUser updates an existing static host user.
rpc UpdateStaticHostUser(UpdateStaticHostUserRequest) returns (UpdateStaticHostUserResponse);
// UpsertStaticHostUser creates a new static host user or forcefully updates an existing static host user.
rpc UpsertStaticHostUser(UpsertStaticHostUserRequest) returns (UpsertStaticHostUserResponse);
rpc CreateStaticHostUser(CreateStaticHostUserRequest) returns (StaticHostUser);
// UpdateStaticHostUser updates an existing static host user.
rpc UpdateStaticHostUser(UpdateStaticHostUserRequest) returns (StaticHostUser);
// UpsertStaticHostUser creates a new static host user or forcefully updates an existing static host user.
rpc UpsertStaticHostUser(UpsertStaticHostUserRequest) returns (StaticHostUser);

Comment thread api/types/statichostuser/statichostuser.go Outdated
Comment on lines +72 to +78
if u.Spec.NodeLabels != nil {
for key, value := range u.Spec.NodeLabels.Values {
if key == types.Wildcard && !(len(value.Values) == 1 && value.Values[0] == types.Wildcard) {
return trace.BadParameter("selector *:<val> is not supported")
}
}
}
Copy link
Copy Markdown
Contributor

@rosstimothy rosstimothy Jul 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This validation appears to be much more lax than the validation of equivalent fields of a role.

https://github.com/gravitational/teleport/blob/master/lib/services/role.go#L251
https://github.com/gravitational/teleport/blob/master/lib/services/role.go#L334-L348

Copy link
Copy Markdown
Contributor Author

@atburke atburke Jul 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Trait templating doesn't apply here because when we create a host user, there won't be a user to pull traits from. I tried adding the expression validation, but it would require moving a LOT of stuff from lib/utils to api/utils and I think it would be much simpler to just do that in lib/services like we do for roles.

Copy link
Copy Markdown
Contributor

@rosstimothy rosstimothy Jul 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it might make more sense for validation logic to be moved out of api and into a place that can make use of lib/utils in that case. If you want to omit it here and move it to lib/services or similar in a future PR that's fine with me.

zmb3
zmb3 reviewed Jul 25, 2024
View reviewed changes
Comment thread api/proto/teleport/statichostuser/v1/statichostuser.proto Outdated
Comment on lines +38 to +39
// node_labels is a map of node labels (used to dynamically grant access to
// nodes).
Copy link
Copy Markdown
Collaborator

@zmb3 zmb3 Jul 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here and below, update the comment since the labels here are used to select nodes, not to grant access to nodes.

Suggested change
// node_labels is a map of node labels (used to dynamically grant access to
// nodes).
// node_labels is a map of node labels that will create a user
// for this resource

@public-teleport-github-review-bot public-teleport-github-review-bot Bot removed the request for review from rudream July 30, 2024 02:58
@atburke
Add static host user proto defs
a134b2d 
This change adds the proto definition for the static host user resource
and its gRPC service.
@atburke atburke force-pushed the atburke/static-user-proto branch from fa529da to a134b2d Compare July 30, 2024 16:15
@atburke atburke enabled auto-merge July 30, 2024 16:15
@atburke atburke added this pull request to the merge queue Jul 30, 2024
Merged via the queue into master with commit ff68deb Jul 30, 2024
@atburke atburke deleted the atburke/static-user-proto branch July 30, 2024 16:49
@public-teleport-github-review-bot
Copy link
Copy Markdown

public-teleport-github-review-bot Bot commented Jul 30, 2024

@atburke See the table below for backport results.

Branch Result
branch/v16 Failed

@atburke atburke mentioned this pull request Aug 16, 2024
Closed
atburke added a commit that referenced this pull request Sep 10, 2024
@atburke
Add static host user proto defs (#44610)
043000d 
This change adds the proto definition for the static host user resource
and its gRPC service.
@atburke atburke mentioned this pull request Sep 11, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zmb3 zmb3 zmb3 left review comments

@avatus avatus avatus approved these changes

@rosstimothy rosstimothy rosstimothy approved these changes

Assignees

No one assigned

Labels

no-changelog Indicates that a PR does not require a changelog entry size/md

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@atburke @avatus @zmb3 @rosstimothy