Skip to content

Do not require user interaction in tsh status when using hardware keys#48705

Merged
gzdunek merged 1 commit intomasterfrom
gzdunek/tsh-status-hardware-keys
Nov 12, 2024
Merged

Do not require user interaction in tsh status when using hardware keys#48705
gzdunek merged 1 commit intomasterfrom
gzdunek/tsh-status-hardware-keys

Conversation

@gzdunek
Copy link
Copy Markdown
Contributor

@gzdunek gzdunek commented Nov 8, 2024

As discussed in #20849, tsh status shouldn't require user interaction. Unfortunately, since that PR was merged, another remote call has been added that may prompt the user for touch/PIN.

I looked at other usages of onStatus and I believe all of them should be fine with this change. We probably don't need showing access lists to review after creating or dropping an access request.

However, the main reason I opened this PR is that the user is not even able to respond to the prompt:

grzegorz@mbp build % ./tsh status
Enter your YubiKey PIV PIN:
> Profile URL:        https://moon.cloud.gravitational.io:443
  Logged in as:       grzegorz.zdunek@goteleport.com
  Cluster:            moon.cloud.gravitational.io
...

This happens since #47091. We added there a "warm up" call (it prompts for touch/PIN) that ensures the key is ready before we initiate a gRPC dialing. That call receives a context, but unfortunately for tsh status it has a really short deadline - 750 ms, so the user is not even able to provide a PIN or touch.

@gzdunek gzdunek added backport/branch/v14 no-changelog Indicates that a PR does not require a changelog entry backport/branch/v17 labels Nov 8, 2024
@gzdunek gzdunek requested review from Joerger and nklaassen November 8, 2024 18:30
@github-actions github-actions Bot added size/sm tsh tsh - Teleport's command line tool for logging into nodes running Teleport. labels Nov 8, 2024
@marcoandredinis marcoandredinis removed their request for review November 11, 2024 09:39
@public-teleport-github-review-bot public-teleport-github-review-bot Bot removed the request for review from nklaassen November 12, 2024 18:04
@gzdunek gzdunek added this pull request to the merge queue Nov 12, 2024
Merged via the queue into master with commit 11472ee Nov 12, 2024
@gzdunek gzdunek deleted the gzdunek/tsh-status-hardware-keys branch November 12, 2024 18:44
@public-teleport-github-review-bot
Copy link
Copy Markdown

public-teleport-github-review-bot Bot commented Nov 12, 2024

@gzdunek See the table below for backport results.

Branch Result
branch/v14 Create PR
branch/v15 Create PR
branch/v16 Create PR
branch/v17 Create PR

gzdunek added a commit that referenced this pull request Nov 12, 2024
@gzdunek
Do not require user interaction in tsh status when using hardware k…
cd9e9a5 
…eys (#48705)

(cherry picked from commit 11472ee)
This was referenced Nov 12, 2024
Merged
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@avatus avatus avatus approved these changes

@Joerger Joerger Joerger approved these changes

Assignees

No one assigned

Labels

backport/branch/v17 no-changelog Indicates that a PR does not require a changelog entry size/sm tsh tsh - Teleport's command line tool for logging into nodes running Teleport.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gzdunek @avatus @Joerger