Skip to content

Add v2 static host user resource#46038

Merged
atburke merged 2 commits intomasterfrom
atburke/static-user-v2
Sep 4, 2024
Merged

Add v2 static host user resource#46038
atburke merged 2 commits intomasterfrom
atburke/static-user-v2

Conversation

@atburke
Copy link
Copy Markdown
Contributor

@atburke atburke commented Aug 29, 2024

This change adds the v2 static host user resource.

In the v1 resource, more than one SHU resource with the same login but with conflicting other fields (groups, uid/gid, etc) could apply to a node. The host user's expected configuration would be ambiguous and sensitive to the order in which the resources were created.

In the v2 resource, only one resource can exist per login (the login is now the resource name to enforce this). The SHU resource contains a list of matchers to apply different configurations to different nodes:

kind: static_host_user
metadata:
  name: alice
spec:
  matchers:
    - node_labels:
        - name: foo
          values: ["bar"]
      groups: ["foo", "bar"]
      # sudoers, uid/gid, etc.

If more than one matcher applies to the node, the node can reject the host user without needing to know about any other SHU resources.

Static host users aren't in any releases yet, so no need to worry about breaking changes.

Part of #42712.

@atburke atburke added the no-changelog Indicates that a PR does not require a changelog entry label Aug 29, 2024
@atburke atburke requested a review from rosstimothy August 29, 2024 18:55
@atburke atburke mentioned this pull request Aug 29, 2024
Closed
@zmb3
Copy link
Copy Markdown
Collaborator

zmb3 commented Aug 29, 2024

Did we ever release the V1 resource? If not, can we make these changes without introducing a V2?

@rosstimothy
Copy link
Copy Markdown
Contributor

rosstimothy commented Aug 29, 2024
edited
Loading

Did we ever release the V1 resource? If not, can we make these changes without introducing a V2?

The proto linter makes no exceptions for unreleased protos. The only way to achieve that would be to delete v1 and add it back.

espadolini
espadolini reviewed Sep 2, 2024
View reviewed changes
Comment thread api/proto/teleport/userprovisioning/v2/statichostuser.proto Outdated
rosstimothy
rosstimothy reviewed Sep 3, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@rosstimothy rosstimothy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will we be deleting v1 since it's not intended to be used and was never released?

Comment thread api/proto/teleport/userprovisioning/v2/statichostuser.proto Outdated
Comment thread lib/services/statichostuser.go
@atburke atburke force-pushed the atburke/static-user-v2 branch from 2252866 to f1d68ca Compare September 3, 2024 21:05
@atburke atburke enabled auto-merge September 3, 2024 21:05
espadolini
espadolini approved these changes Sep 4, 2024
View reviewed changes
Comment thread api/proto/teleport/userprovisioning/v2/statichostuser.proto Outdated
rosstimothy
rosstimothy reviewed Sep 4, 2024
View reviewed changes
Comment thread lib/auth/statichostuser/service.go
@atburke atburke force-pushed the atburke/static-user-v2 branch from f1d68ca to 6ac7b71 Compare September 4, 2024 18:40
@atburke atburke added this pull request to the merge queue Sep 4, 2024
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Sep 4, 2024
@atburke atburke added this pull request to the merge queue Sep 4, 2024
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to a conflict with the base branch Sep 4, 2024
@atburke
Add StaticHostUserV2
3376324 
This change adds the v2 static host user resource.
@atburke atburke force-pushed the atburke/static-user-v2 branch from 6ac7b71 to 3376324 Compare September 4, 2024 20:10
@atburke atburke enabled auto-merge September 4, 2024 20:10
@atburke atburke added this pull request to the merge queue Sep 4, 2024
Merged via the queue into master with commit 564c245 Sep 4, 2024
@atburke atburke deleted the atburke/static-user-v2 branch September 4, 2024 21:33
atburke added a commit that referenced this pull request Sep 4, 2024
@atburke
Add StaticHostUserV2 (#46038)
c98d836 
This change adds the v2 static host user resource.
github-merge-queue Bot pushed a commit that referenced this pull request Sep 4, 2024
@atburke
Add StaticHostUserV2 (#46038) (#46093)
d20ec18 
This change adds the v2 static host user resource.
atburke added a commit that referenced this pull request Sep 10, 2024
@atburke
Add StaticHostUserV2 (#46038)
f04b4a9 
This change adds the v2 static host user resource.
@atburke atburke mentioned this pull request Sep 11, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rosstimothy rosstimothy rosstimothy approved these changes

@espadolini espadolini espadolini approved these changes

+1 more reviewer

@EdwardDowling EdwardDowling EdwardDowling approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

no-changelog Indicates that a PR does not require a changelog entry size/md

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@atburke @zmb3 @rosstimothy @espadolini @EdwardDowling