Add client tools auto update tctl commands#47692
Merged
Conversation
vapopov
added
the
no-changelog
vapopov
force-pushed
the
vapopov/tctl-autoupdate-command
branch
from
6277da8 to
5627b11
Compare
vapopov
force-pushed
the
vapopov/tctl-autoupdate-command
branch
from
5627b11 to
21c7b1d
Compare
tigrato
reviewed
Oct 21, 2024
| clientToolsCmd := autoUpdateCmd.Command("client-tools", "Client tools auto update commands.") | ||
|
|
||
| c.updateCmd = clientToolsCmd.Command("update", "Edit client tools auto update configuration.") | ||
| c.updateCmd.Flag("set-mode", `Sets the mode to enable or disable tools auto update in cluster.`).EnumVar(&c.mode, "enabled", "disabled") |
Contributor
There was a problem hiding this comment.
Suggested change
| c.updateCmd.Flag("set-mode", `Sets the mode to enable or disable tools auto update in cluster.`).EnumVar(&c.mode, "enabled", "disabled") | |
| c.updateCmd.Flag("set-mode", `Sets the mode to enable or disable tools auto update in cluster.`).EnumVar(&c.mode, "enabled", "disabled","on", "off") |
It's simpler with on/off?
Contributor
Author
There was a problem hiding this comment.
mode was proposed by agent auto update RFD to be compliant, since this is constant state (and replaced in both rfds) not sure if we should use on/off in addition
cc @hugoShaka @sclevine
Member
There was a problem hiding this comment.
Should be enabled/disabled to match enabled/disabled/suspended modes for agent upgrades.
Contributor
There was a problem hiding this comment.
rosstimothy
reviewed
Oct 21, 2024
Restrict update empty target version Rename command to upsert
rosstimothy
reviewed
Oct 22, 2024
|
|
||
| clientToolsCmd := autoUpdateCmd.Command("client-tools", "Client tools auto update commands.") | ||
|
|
||
| c.upsertCmd = clientToolsCmd.Command("update", "Edit client tools auto update configuration.") |
Contributor
There was a problem hiding this comment.
Should we update the name of the command as well? Or should we actually be performing a conditional update instead of an upsert?
Contributor
Author
There was a problem hiding this comment.
For the user experience it looks like the update, when resource wasn't created from api we return empty value. Originally in RFD it was defined as update, if you think that upsert looks better for understanding I can change it here and in RFD
Contributor
There was a problem hiding this comment.
I think update here will very likely understood as "update the clients" rather than "update the AU configuration resource". The help message is "Edit client tools auto update configuration.", so maybe configure would be a better fit for a subcommand that sets the AU client tools configuration.
Rename update command to configure
Contributor
Author
|
@tigrato @rosstimothy @sclevine @hugoShaka Could you please review recent changes |
Member
|
@russjones It looks like there is some uncertainty above about use cases for |
vapopov
force-pushed
the
vapopov/tctl-autoupdate-command
branch
from
43300ae to
2b4309f
Compare
rosstimothy
reviewed
Nov 4, 2024
sclevine
approved these changes
Nov 4, 2024
vapopov
force-pushed
the
vapopov/tctl-autoupdate-command
branch
from
1605224 to
2e5654e
Compare
Add format option for output json/yaml
vapopov
force-pushed
the
vapopov/tctl-autoupdate-command
branch
from
2e5654e to
55feb65
Compare
rosstimothy
reviewed
Jan 7, 2025
| @@ -0,0 +1,295 @@ | |||
| /* | |||
| * Teleport | |||
| * Copyright (C) 2024 Gravitational, Inc. | |||
Contributor
There was a problem hiding this comment.
Suggested change
| * Copyright (C) 2024 Gravitational, Inc. | |
| * Copyright (C) 2025 Gravitational, Inc. |
Comment on lines
+42
to
+46
| // getResponse is structure for formatting the client tools auto update response. | ||
| type getResponse struct { | ||
| Mode string `json:"mode"` | ||
| TargetVersion string `json:"target_version"` | ||
| } |
Contributor
There was a problem hiding this comment.
Suggestion: move this closer to where it is being used
| if _, err := client.UpdateAutoUpdateVersion(ctx, version); err != nil { | ||
| return trace.Wrap(err) | ||
| } | ||
| fmt.Fprint(c.stdout, "client tools auto update target version has been cleared\n") |
Contributor
There was a problem hiding this comment.
Suggested change
| fmt.Fprint(c.stdout, "client tools auto update target version has been cleared\n") | |
| fmt.Fprintln(c.stdout, "client tools auto update target version has been cleared") |
Comment on lines
+132
to
+135
| err = c.setTargetVersion(ctx, client) | ||
| if trace.IsNotFound(err) || trace.IsAlreadyExists(err) { | ||
| err = c.setTargetVersion(ctx, client) | ||
| } |
Contributor
There was a problem hiding this comment.
Suggestion: I believe most of our existing code that retries in similar scenarios does so at least 3 times
Suggested change
| err = c.setTargetVersion(ctx, client) | |
| if trace.IsNotFound(err) || trace.IsAlreadyExists(err) { | |
| err = c.setTargetVersion(ctx, client) | |
| } | |
| const maxRetries = 3 | |
| ... | |
| func (c *AutoUpdateCommand) TargetVersion(ctx context.Context, client *authclient.Client) error { | |
| ... | |
| for i := 0; i < maxRetries; i++ { | |
| err = c.setTargetVersion(ctx, client) | |
| if trace.IsNotFound(err) || trace.IsAlreadyExists(err) { | |
| continue | |
| } | |
| } |
Comment on lines
+146
to
+163
| err := c.setMode(ctx, client, true) | ||
| if trace.IsNotFound(err) || trace.IsAlreadyExists(err) { | ||
| err = c.setMode(ctx, client, true) | ||
| } | ||
|
|
||
| return err | ||
| } | ||
|
|
||
| // Disable disables client tools auto updates in cluster. | ||
| func (c *AutoUpdateCommand) Disable(ctx context.Context, client *authclient.Client) error { | ||
| // For parallel requests where we attempt to create a resource simultaneously, retries should be implemented. | ||
| // The same approach applies to updates if the resource has been deleted during the process. | ||
| // Second create request must return `AlreadyExists` error, update for deleted resource `NotFound` error. | ||
| err := c.setMode(ctx, client, false) | ||
| if trace.IsNotFound(err) || trace.IsAlreadyExists(err) { | ||
| err = c.setMode(ctx, client, false) | ||
| } | ||
| return err |
Contributor
There was a problem hiding this comment.
Suggestion: apply the same retry loop as above, but move it within setMode so that it only needs to be implemented once
| if _, err := setMode(ctx, config); err != nil { | ||
| return trace.Wrap(err) | ||
| } | ||
| fmt.Fprint(c.stdout, "client tools auto update mode has been changed\n") |
Contributor
There was a problem hiding this comment.
Suggested change
| fmt.Fprint(c.stdout, "client tools auto update mode has been changed\n") | |
| fmt.Fprintln(c.stdout, "client tools auto update mode has been changed") |
| if _, err := setTargetVersion(ctx, version); err != nil { | ||
| return trace.Wrap(err) | ||
| } | ||
| fmt.Fprint(c.stdout, "client tools auto update target version has been set\n") |
Contributor
There was a problem hiding this comment.
Suggested change
| fmt.Fprint(c.stdout, "client tools auto update target version has been set\n") | |
| fmt.Fprintln(c.stdout, "client tools auto update target version has been set") |
| @@ -0,0 +1,118 @@ | |||
| /* | |||
| * Teleport | |||
| * Copyright (C) 2024 Gravitational, Inc. | |||
Contributor
There was a problem hiding this comment.
Suggested change
| * Copyright (C) 2024 Gravitational, Inc. | |
| * Copyright (C) 2025 Gravitational, Inc. |
Code review changes
rosstimothy
approved these changes
Jan 8, 2025
public-teleport-github-review-bot
Bot
removed the request for review
from fheinecke
Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
vapopov
added a commit
that referenced
this pull request
Jan 11, 2025
* Add client tools auto update tctl commands * Always print version for watch command Restrict update empty target version Rename command to upsert * Add alias on/off for tools mode Rename update command to configure * Add semantic version validation * Drop watch command for autoupdate * Replace Upsert with Update/Create Add format option for output json/yaml * Change update message * Use get/set naming for client-tools * Add mode to response * Change sub-command help messages Leave only aliases for enabled/disabled * Reorganize tctl commands to have commands not required auth client * Propagate insecure flag with global config to commands by context * Fix autoupdate command without auth client * Change commands to enable/disable/target * Add retry in case of the parallel request * Add more than one retry Code review changes * Update tool/tctl/common/autoupdate_command.go Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com> --------- Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
vapopov
added a commit
that referenced
this pull request
Jan 11, 2025
* Add client tools auto update tctl commands * Always print version for watch command Restrict update empty target version Rename command to upsert * Add alias on/off for tools mode Rename update command to configure * Add semantic version validation * Drop watch command for autoupdate * Replace Upsert with Update/Create Add format option for output json/yaml * Change update message * Use get/set naming for client-tools * Add mode to response * Change sub-command help messages Leave only aliases for enabled/disabled * Reorganize tctl commands to have commands not required auth client * Propagate insecure flag with global config to commands by context * Fix autoupdate command without auth client * Change commands to enable/disable/target * Add retry in case of the parallel request * Add more than one retry Code review changes * Update tool/tctl/common/autoupdate_command.go Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com> --------- Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
vapopov
added a commit
that referenced
this pull request
Jan 15, 2025
* Add client tools auto update tctl commands * Always print version for watch command Restrict update empty target version Rename command to upsert * Add alias on/off for tools mode Rename update command to configure * Add semantic version validation * Drop watch command for autoupdate * Replace Upsert with Update/Create Add format option for output json/yaml * Change update message * Use get/set naming for client-tools * Add mode to response * Change sub-command help messages Leave only aliases for enabled/disabled * Reorganize tctl commands to have commands not required auth client * Propagate insecure flag with global config to commands by context * Fix autoupdate command without auth client * Change commands to enable/disable/target * Add retry in case of the parallel request * Add more than one retry Code review changes * Update tool/tctl/common/autoupdate_command.go Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com> --------- Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Jan 16, 2025
* Add client tools auto update tctl commands * Always print version for watch command Restrict update empty target version Rename command to upsert * Add alias on/off for tools mode Rename update command to configure * Add semantic version validation * Drop watch command for autoupdate * Replace Upsert with Update/Create Add format option for output json/yaml * Change update message * Use get/set naming for client-tools * Add mode to response * Change sub-command help messages Leave only aliases for enabled/disabled * Reorganize tctl commands to have commands not required auth client * Propagate insecure flag with global config to commands by context * Fix autoupdate command without auth client * Change commands to enable/disable/target * Add retry in case of the parallel request * Add more than one retry Code review changes * Update tool/tctl/common/autoupdate_command.go --------- Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
vapopov
added a commit
that referenced
this pull request
Jan 23, 2025
* Add client tools auto update tctl commands * Always print version for watch command Restrict update empty target version Rename command to upsert * Add alias on/off for tools mode Rename update command to configure * Add semantic version validation * Drop watch command for autoupdate * Replace Upsert with Update/Create Add format option for output json/yaml * Change update message * Use get/set naming for client-tools * Add mode to response * Change sub-command help messages Leave only aliases for enabled/disabled * Reorganize tctl commands to have commands not required auth client * Propagate insecure flag with global config to commands by context * Fix autoupdate command without auth client * Change commands to enable/disable/target * Add retry in case of the parallel request * Add more than one retry Code review changes * Update tool/tctl/common/autoupdate_command.go Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com> --------- Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Jan 23, 2025
* Add client tools auto update tctl commands * Always print version for watch command Restrict update empty target version Rename command to upsert * Add alias on/off for tools mode Rename update command to configure * Add semantic version validation * Drop watch command for autoupdate * Replace Upsert with Update/Create Add format option for output json/yaml * Change update message * Use get/set naming for client-tools * Add mode to response * Change sub-command help messages Leave only aliases for enabled/disabled * Reorganize tctl commands to have commands not required auth client * Propagate insecure flag with global config to commands by context * Fix autoupdate command without auth client * Change commands to enable/disable/target * Add retry in case of the parallel request * Add more than one retry Code review changes * Update tool/tctl/common/autoupdate_command.go --------- Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
vapopov
added a commit
that referenced
this pull request
Feb 11, 2025
* Add client tools auto update tctl commands * Always print version for watch command Restrict update empty target version Rename command to upsert * Add alias on/off for tools mode Rename update command to configure * Add semantic version validation * Drop watch command for autoupdate * Replace Upsert with Update/Create Add format option for output json/yaml * Change update message * Use get/set naming for client-tools * Add mode to response * Change sub-command help messages Leave only aliases for enabled/disabled * Reorganize tctl commands to have commands not required auth client * Propagate insecure flag with global config to commands by context * Fix autoupdate command without auth client * Change commands to enable/disable/target * Add retry in case of the parallel request * Add more than one retry Code review changes * Update tool/tctl/common/autoupdate_command.go
vapopov
added a commit
that referenced
this pull request
Feb 11, 2025
* Add client tools auto update tctl commands * Always print version for watch command Restrict update empty target version Rename command to upsert * Add alias on/off for tools mode Rename update command to configure * Add semantic version validation * Drop watch command for autoupdate * Replace Upsert with Update/Create Add format option for output json/yaml * Change update message * Use get/set naming for client-tools * Add mode to response * Change sub-command help messages Leave only aliases for enabled/disabled * Reorganize tctl commands to have commands not required auth client * Propagate insecure flag with global config to commands by context * Fix autoupdate command without auth client * Change commands to enable/disable/target * Add retry in case of the parallel request * Add more than one retry Code review changes
vapopov
added a commit
that referenced
this pull request
Feb 11, 2025
* Add client tools auto update tctl commands * Always print version for watch command Restrict update empty target version Rename command to upsert * Add alias on/off for tools mode Rename update command to configure * Add semantic version validation * Drop watch command for autoupdate * Replace Upsert with Update/Create Add format option for output json/yaml * Change update message * Use get/set naming for client-tools * Add mode to response * Change sub-command help messages Leave only aliases for enabled/disabled * Reorganize tctl commands to have commands not required auth client * Propagate insecure flag with global config to commands by context * Fix autoupdate command without auth client * Change commands to enable/disable/target * Add retry in case of the parallel request * Add more than one retry Code review changes * Update tool/tctl/common/autoupdate_command.go
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Feb 12, 2025
* Add client tools auto update tctl commands * Always print version for watch command Restrict update empty target version Rename command to upsert * Add alias on/off for tools mode Rename update command to configure * Add semantic version validation * Drop watch command for autoupdate * Replace Upsert with Update/Create Add format option for output json/yaml * Change update message * Use get/set naming for client-tools * Add mode to response * Change sub-command help messages Leave only aliases for enabled/disabled * Reorganize tctl commands to have commands not required auth client * Propagate insecure flag with global config to commands by context * Fix autoupdate command without auth client * Change commands to enable/disable/target * Add retry in case of the parallel request * Add more than one retry Code review changes * Update tool/tctl/common/autoupdate_command.go
carloscastrojumo
pushed a commit
to carloscastrojumo/teleport
that referenced
this pull request
Feb 19, 2025
* Add client tools auto update tctl commands * Always print version for watch command Restrict update empty target version Rename command to upsert * Add alias on/off for tools mode Rename update command to configure * Add semantic version validation * Drop watch command for autoupdate * Replace Upsert with Update/Create Add format option for output json/yaml * Change update message * Use get/set naming for client-tools * Add mode to response * Change sub-command help messages Leave only aliases for enabled/disabled * Reorganize tctl commands to have commands not required auth client * Propagate insecure flag with global config to commands by context * Fix autoupdate command without auth client * Change commands to enable/disable/target * Add retry in case of the parallel request * Add more than one retry Code review changes * Update tool/tctl/common/autoupdate_command.go Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com> --------- Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Feb 26, 2025
* [v15] Client tools autoupdates (#48648) * Expose client tools auto update for find endpoint (#46785) * Expose client tools auto update for find endpoint * Group auto update settings in find response Log error instead returning error Add tests auto update settings in find endpoint Add check for not implemented error * Add more test cases * Client AutoUpdate proto structure changes (#47532) * Update client autoupdate proto structure * Replace with reserved * Fix unit tests * Add more info in proto * Rename proto to be aligned RFD namings * Replace enum type for ToolsMode to string * Add packaging utility for client tools auto updates (#47060) * Add packaging utility for client tools auto updates * Add error handling for close functions * Move archive to existing utils package * Move archive helpers to integration/helper CR changes * CR changes * CR changes * CR changes Replace creating directory with extract path as argument * CR changes * Validate full size before un-archive Extract files to extractDir with ignore dir structure * Change compressing with relative paths Add test for cleanup and fix skip logic * CR changes * CR changes * Fix linter * Client tools auto update (#47466) * Add client tools auto update * Replace fork for posix platform for re-exec Move integration tests to client tools specific dir Use context cancellation with SIGTERM, SIGINT Remove cancelable tee reader with context replacement Renaming * Fix syscall path execution Fix archive cleanup if hash is not valid Limit the archive write bytes * Cover the case with single package for darwin platform after v17 * Move updater logic to tools package * Move context out from the library Base URL renaming * Add more context in comments * Changes in find endpoint * Replace test http server with `httptest` Replace hash for bytes matching Proper temp file close for archive download * Add more context to comments * Move feature flag to main package to be reused * Constant rename * Replace build tag with lib/modules to identify enterprise build * Replace fips tag with modules flag * Client auto updates integration for {tctl,tsh} (#47815) * Client auto updates integration for tctl/tsh * Add version validation Fix recursive version check for darwin platform Fix cleanup for multi-package support * Fix identifying tools removal from home directory * Replace ToolsMode with ToolsAutoUpdate * Reuse insecure flag for tests * Fix CheckRemote with login * Fix windows administrative access requirement Update must be able to be canceled, re-execute with latest version or last updated Show progress bar before request is made * Fix update cancellation for login action Address review comments * Add signal handler with stack context cancellation * Use copy instead of hard link for windows Fix progress bar if we can't receive size of package * Replace with list in order to support manual cancel * Download archive package to temp directory * Decrease timeout for client tools proxy call * Add audit logs for auto update resources (#48218) * Connect: Make sure tsh auto-updates are turned off * Add dir for code shared between Node.js processes * Connect: Make sure tsh auto-updates are turned off * Pass TELEPORT_TOOLS_VERSION=off to tsh vnet-daemon * Disable client tools auto update disabled if there are no home dir (#49159) Move updater to general tools package * Move client auto update helper to lib package (#49247) * Restrict AutoUpdateVersion to be created/updated for cloud (#49008) (#50244) * Restrict AutoUpdateVersion to be created/updated for cloud * Check builtin Admin role and Cloud feature * More informative error message * Remove KindAutoUpdateAgentRollout from editor role preset * Add remove tctl command for AutoUpdateConfig and AutoUpdateVersion (#49532) (#49676) * Fix auto-update re-exec arguments modified by aliases (#50228) (#51183) * Fix auto-update re-exec arguments modified by aliases * Make arguments to be required to set * Restore progress bar show before request * Improve integration tests to execute with `tsh` and `tctl` Added a full-cycle integration test to verify client tools auto-updates within a test cluster by modifying AutoUpdateConfig and AutoUpdateVersion resources. The test executes the login command using alias configurations to ensure no recursive re-execution occurs. The updater binary used in integration tests has been replaced with the `Run` logic of tctl and tsh. * Set generated test password by env variable instead of constant value * Restore priority of env check over remote check In case of double re-execution case we should stop second one to prevent loop re-execution Drop localDir set during compilation * Add client tools auto update tctl commands (#47692) * Add client tools auto update tctl commands * Always print version for watch command Restrict update empty target version Rename command to upsert * Add alias on/off for tools mode Rename update command to configure * Add semantic version validation * Drop watch command for autoupdate * Replace Upsert with Update/Create Add format option for output json/yaml * Change update message * Use get/set naming for client-tools * Add mode to response * Change sub-command help messages Leave only aliases for enabled/disabled * Reorganize tctl commands to have commands not required auth client * Propagate insecure flag with global config to commands by context * Fix autoupdate command without auth client * Change commands to enable/disable/target * Add retry in case of the parallel request * Add more than one retry Code review changes * Add template for client tools auto-update download url (#51210) * Add templates for client tools auto-update download url * Change to base url setting by env MakeURL moved to common function to be general for both, agent and client tools * Add godoc for common function and constant for default package * Use flags and version arguments instead of revision * Move base url env to shared constant * Fix tests after backporting * Pass TELEPORT_TOOLS_VERSION=off when starting tshd * Prevent keystore cleanup to remove bin directory (#52331) * Don't show the progress bar until the request to the CDN is made * Fix Windows permission error with self remove (#52316) * Fix windows permission error with self replace * Aggregate errors * Update comments --------- Co-authored-by: Rafał Cieślak <rafal.cieslak@goteleport.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In this PR implemented tctl client auto update commands described in RDF https://github.com/gravitational/teleport/blob/5b84564a3db3e17aa84926e3edc70a6158af6b3f/rfd/0144-client-tools-updates.md