Fix auto-update re-exec arguments modified by aliases#50228
Merged
Conversation
vapopov
added
no-changelog
github-actions
Bot
added
size/sm
tsh
vapopov
force-pushed
the
vapopov/fix-autoupdate-re-exec-with-aliases
branch
from
4c7c3f3 to
ba62d79
Compare
Tener
approved these changes
Dec 19, 2024
Contributor
There was a problem hiding this comment.
LGTM. After reading the issue analysis my first suggestion would be to move away from the global os.Args, so I'm happy to see this is indeed the fix.
Also, very cool feature 👍
Nit: perhaps worth mentioning this bugfix in the changelog? A bit of marketing for both features involved ;-)
vapopov
removed
the
no-changelog
sclevine
approved these changes
Dec 19, 2024
…ate-re-exec-with-aliases
Contributor
Author
|
@hugoShaka could you please take a look when you have time |
hugoShaka
reviewed
Dec 20, 2024
hugoShaka
reviewed
Dec 20, 2024
Contributor
hugoShaka
left a comment
hugoShaka
left a comment
There was a problem hiding this comment.
Should we have a test covering the re-exec with alias mechanism? I'm worried someone might break it again in the future and won't detect it.
Added a full-cycle integration test to verify client tools auto-updates within a test cluster by modifying AutoUpdateConfig and AutoUpdateVersion resources. The test executes the login command using alias configurations to ensure no recursive re-execution occurs. The updater binary used in integration tests has been replaced with the `Run` logic of tctl and tsh.
vapopov
force-pushed
the
vapopov/fix-autoupdate-re-exec-with-aliases
branch
from
6ce9b27 to
894aab9
Compare
Member
|
@hugoShaka reminder to review when you have a chance 🙂 |
hugoShaka
approved these changes
Jan 16, 2025
public-teleport-github-review-bot
Bot
removed request for
eriktate and
fspmarshall
vapopov
force-pushed
the
vapopov/fix-autoupdate-re-exec-with-aliases
branch
2 times, most recently
from
22392b1 to
5156850
Compare
Contributor
Author
|
@hugoShaka I had to restore this part since your last review 894aab9#diff-6ddd22bd400fc52c2062de3b1fc775fdaf05594f85c5ffa5a02262af40f5d62dL163-L182 I mislead myself with this check, after verifying rfd again and draft implementation we should keep priority of env variable version set over that we receive from TELEPORT_TOOLS_VERSION=off tsh login --insecure --proxy localhost:8443 --user teleportWe able to completely disable updates, same as override the version which is defined in cluster. Let say cluster target version is set to $ TELEPORT_TOOLS_VERSION=17.1.2 tsh login --insecure --proxy localhost:8443 --user teleport
Update progress: [▒▒▒▒▒▒▒▒▒▒] (Ctrl-C to cancel update)
Enter password for Teleport user teleport:
WARNING: You are using insecure connection to Teleport proxy https://localhost:8443
Enter an OTP code from a device:
> Profile URL: https://localhost:8443
Logged in as: teleport
Cluster: logrotate.teleport
Roles: editor
Kubernetes: enabled
Valid until: 2025-01-17 09:47:45 -0800 PST [valid for 12h0m0s]
Extensions: login-ip, permit-agent-forwarding, permit-port-forwarding, permit-pty, private-key-policy
$ tsh --insecure version
Teleport v17.1.2 git:v17.1.2-0-g5274176 go1.23.4
Proxy version: 17.0.0-dev
Proxy: localhost:8443So, the version is picked from the environment variable in this case. After logging out and re-logging in, the client tools should update to the version defined in the cluster configuration, exmaple: Another part is related to double re-execution, as we have
For instance we have When we run a command Previously we set |
In case of double re-execution case we should stop second one to prevent loop re-execution Drop localDir set during compilation
vapopov
force-pushed
the
vapopov/fix-autoupdate-re-exec-with-aliases
branch
from
5156850 to
bb59630
Compare
vapopov
added a commit
that referenced
this pull request
Jan 17, 2025
* Fix auto-update re-exec arguments modified by aliases * Make arguments to be required to set * Restore progress bar show before request * Improve integration tests to execute with `tsh` and `tctl` Added a full-cycle integration test to verify client tools auto-updates within a test cluster by modifying AutoUpdateConfig and AutoUpdateVersion resources. The test executes the login command using alias configurations to ensure no recursive re-execution occurs. The updater binary used in integration tests has been replaced with the `Run` logic of tctl and tsh. * Set generated test password by env variable instead of constant value * Restore priority of env check over remote check In case of double re-execution case we should stop second one to prevent loop re-execution Drop localDir set during compilation
vapopov
added a commit
that referenced
this pull request
Jan 17, 2025
* Fix auto-update re-exec arguments modified by aliases * Make arguments to be required to set * Restore progress bar show before request * Improve integration tests to execute with `tsh` and `tctl` Added a full-cycle integration test to verify client tools auto-updates within a test cluster by modifying AutoUpdateConfig and AutoUpdateVersion resources. The test executes the login command using alias configurations to ensure no recursive re-execution occurs. The updater binary used in integration tests has been replaced with the `Run` logic of tctl and tsh. * Set generated test password by env variable instead of constant value * Restore priority of env check over remote check In case of double re-execution case we should stop second one to prevent loop re-execution Drop localDir set during compilation
vapopov
added a commit
that referenced
this pull request
Jan 17, 2025
* Fix auto-update re-exec arguments modified by aliases * Make arguments to be required to set * Restore progress bar show before request * Improve integration tests to execute with `tsh` and `tctl` Added a full-cycle integration test to verify client tools auto-updates within a test cluster by modifying AutoUpdateConfig and AutoUpdateVersion resources. The test executes the login command using alias configurations to ensure no recursive re-execution occurs. The updater binary used in integration tests has been replaced with the `Run` logic of tctl and tsh. * Set generated test password by env variable instead of constant value * Restore priority of env check over remote check In case of double re-execution case we should stop second one to prevent loop re-execution Drop localDir set during compilation
vapopov
added a commit
that referenced
this pull request
Jan 17, 2025
* Fix auto-update re-exec arguments modified by aliases * Make arguments to be required to set * Restore progress bar show before request * Improve integration tests to execute with `tsh` and `tctl` Added a full-cycle integration test to verify client tools auto-updates within a test cluster by modifying AutoUpdateConfig and AutoUpdateVersion resources. The test executes the login command using alias configurations to ensure no recursive re-execution occurs. The updater binary used in integration tests has been replaced with the `Run` logic of tctl and tsh. * Set generated test password by env variable instead of constant value * Restore priority of env check over remote check In case of double re-execution case we should stop second one to prevent loop re-execution Drop localDir set during compilation
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Jan 18, 2025
* Fix auto-update re-exec arguments modified by aliases * Make arguments to be required to set * Restore progress bar show before request * Improve integration tests to execute with `tsh` and `tctl` Added a full-cycle integration test to verify client tools auto-updates within a test cluster by modifying AutoUpdateConfig and AutoUpdateVersion resources. The test executes the login command using alias configurations to ensure no recursive re-execution occurs. The updater binary used in integration tests has been replaced with the `Run` logic of tctl and tsh. * Set generated test password by env variable instead of constant value * Restore priority of env check over remote check In case of double re-execution case we should stop second one to prevent loop re-execution Drop localDir set during compilation
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Jan 18, 2025
* Fix auto-update re-exec arguments modified by aliases * Make arguments to be required to set * Restore progress bar show before request * Improve integration tests to execute with `tsh` and `tctl` Added a full-cycle integration test to verify client tools auto-updates within a test cluster by modifying AutoUpdateConfig and AutoUpdateVersion resources. The test executes the login command using alias configurations to ensure no recursive re-execution occurs. The updater binary used in integration tests has been replaced with the `Run` logic of tctl and tsh. * Set generated test password by env variable instead of constant value * Restore priority of env check over remote check In case of double re-execution case we should stop second one to prevent loop re-execution Drop localDir set during compilation
mvbrock
pushed a commit
that referenced
this pull request
Jan 18, 2025
* Fix auto-update re-exec arguments modified by aliases * Make arguments to be required to set * Restore progress bar show before request * Improve integration tests to execute with `tsh` and `tctl` Added a full-cycle integration test to verify client tools auto-updates within a test cluster by modifying AutoUpdateConfig and AutoUpdateVersion resources. The test executes the login command using alias configurations to ensure no recursive re-execution occurs. The updater binary used in integration tests has been replaced with the `Run` logic of tctl and tsh. * Set generated test password by env variable instead of constant value * Restore priority of env check over remote check In case of double re-execution case we should stop second one to prevent loop re-execution Drop localDir set during compilation
vapopov
added a commit
that referenced
this pull request
Feb 11, 2025
* Fix auto-update re-exec arguments modified by aliases * Make arguments to be required to set * Restore progress bar show before request * Improve integration tests to execute with `tsh` and `tctl` Added a full-cycle integration test to verify client tools auto-updates within a test cluster by modifying AutoUpdateConfig and AutoUpdateVersion resources. The test executes the login command using alias configurations to ensure no recursive re-execution occurs. The updater binary used in integration tests has been replaced with the `Run` logic of tctl and tsh. * Set generated test password by env variable instead of constant value * Restore priority of env check over remote check In case of double re-execution case we should stop second one to prevent loop re-execution Drop localDir set during compilation
carloscastrojumo
pushed a commit
to carloscastrojumo/teleport
that referenced
this pull request
Feb 19, 2025
…50228) * Fix auto-update re-exec arguments modified by aliases * Make arguments to be required to set * Restore progress bar show before request * Improve integration tests to execute with `tsh` and `tctl` Added a full-cycle integration test to verify client tools auto-updates within a test cluster by modifying AutoUpdateConfig and AutoUpdateVersion resources. The test executes the login command using alias configurations to ensure no recursive re-execution occurs. The updater binary used in integration tests has been replaced with the `Run` logic of tctl and tsh. * Set generated test password by env variable instead of constant value * Restore priority of env check over remote check In case of double re-execution case we should stop second one to prevent loop re-execution Drop localDir set during compilation
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Feb 26, 2025
* [v15] Client tools autoupdates (#48648) * Expose client tools auto update for find endpoint (#46785) * Expose client tools auto update for find endpoint * Group auto update settings in find response Log error instead returning error Add tests auto update settings in find endpoint Add check for not implemented error * Add more test cases * Client AutoUpdate proto structure changes (#47532) * Update client autoupdate proto structure * Replace with reserved * Fix unit tests * Add more info in proto * Rename proto to be aligned RFD namings * Replace enum type for ToolsMode to string * Add packaging utility for client tools auto updates (#47060) * Add packaging utility for client tools auto updates * Add error handling for close functions * Move archive to existing utils package * Move archive helpers to integration/helper CR changes * CR changes * CR changes * CR changes Replace creating directory with extract path as argument * CR changes * Validate full size before un-archive Extract files to extractDir with ignore dir structure * Change compressing with relative paths Add test for cleanup and fix skip logic * CR changes * CR changes * Fix linter * Client tools auto update (#47466) * Add client tools auto update * Replace fork for posix platform for re-exec Move integration tests to client tools specific dir Use context cancellation with SIGTERM, SIGINT Remove cancelable tee reader with context replacement Renaming * Fix syscall path execution Fix archive cleanup if hash is not valid Limit the archive write bytes * Cover the case with single package for darwin platform after v17 * Move updater logic to tools package * Move context out from the library Base URL renaming * Add more context in comments * Changes in find endpoint * Replace test http server with `httptest` Replace hash for bytes matching Proper temp file close for archive download * Add more context to comments * Move feature flag to main package to be reused * Constant rename * Replace build tag with lib/modules to identify enterprise build * Replace fips tag with modules flag * Client auto updates integration for {tctl,tsh} (#47815) * Client auto updates integration for tctl/tsh * Add version validation Fix recursive version check for darwin platform Fix cleanup for multi-package support * Fix identifying tools removal from home directory * Replace ToolsMode with ToolsAutoUpdate * Reuse insecure flag for tests * Fix CheckRemote with login * Fix windows administrative access requirement Update must be able to be canceled, re-execute with latest version or last updated Show progress bar before request is made * Fix update cancellation for login action Address review comments * Add signal handler with stack context cancellation * Use copy instead of hard link for windows Fix progress bar if we can't receive size of package * Replace with list in order to support manual cancel * Download archive package to temp directory * Decrease timeout for client tools proxy call * Add audit logs for auto update resources (#48218) * Connect: Make sure tsh auto-updates are turned off * Add dir for code shared between Node.js processes * Connect: Make sure tsh auto-updates are turned off * Pass TELEPORT_TOOLS_VERSION=off to tsh vnet-daemon * Disable client tools auto update disabled if there are no home dir (#49159) Move updater to general tools package * Move client auto update helper to lib package (#49247) * Restrict AutoUpdateVersion to be created/updated for cloud (#49008) (#50244) * Restrict AutoUpdateVersion to be created/updated for cloud * Check builtin Admin role and Cloud feature * More informative error message * Remove KindAutoUpdateAgentRollout from editor role preset * Add remove tctl command for AutoUpdateConfig and AutoUpdateVersion (#49532) (#49676) * Fix auto-update re-exec arguments modified by aliases (#50228) (#51183) * Fix auto-update re-exec arguments modified by aliases * Make arguments to be required to set * Restore progress bar show before request * Improve integration tests to execute with `tsh` and `tctl` Added a full-cycle integration test to verify client tools auto-updates within a test cluster by modifying AutoUpdateConfig and AutoUpdateVersion resources. The test executes the login command using alias configurations to ensure no recursive re-execution occurs. The updater binary used in integration tests has been replaced with the `Run` logic of tctl and tsh. * Set generated test password by env variable instead of constant value * Restore priority of env check over remote check In case of double re-execution case we should stop second one to prevent loop re-execution Drop localDir set during compilation * Add client tools auto update tctl commands (#47692) * Add client tools auto update tctl commands * Always print version for watch command Restrict update empty target version Rename command to upsert * Add alias on/off for tools mode Rename update command to configure * Add semantic version validation * Drop watch command for autoupdate * Replace Upsert with Update/Create Add format option for output json/yaml * Change update message * Use get/set naming for client-tools * Add mode to response * Change sub-command help messages Leave only aliases for enabled/disabled * Reorganize tctl commands to have commands not required auth client * Propagate insecure flag with global config to commands by context * Fix autoupdate command without auth client * Change commands to enable/disable/target * Add retry in case of the parallel request * Add more than one retry Code review changes * Add template for client tools auto-update download url (#51210) * Add templates for client tools auto-update download url * Change to base url setting by env MakeURL moved to common function to be general for both, agent and client tools * Add godoc for common function and constant for default package * Use flags and version arguments instead of revision * Move base url env to shared constant * Fix tests after backporting * Pass TELEPORT_TOOLS_VERSION=off when starting tshd * Prevent keystore cleanup to remove bin directory (#52331) * Don't show the progress bar until the request to the CDN is made * Fix Windows permission error with self remove (#52316) * Fix windows permission error with self replace * Aggregate errors * Update comments --------- Co-authored-by: Rafał Cieślak <rafal.cieslak@goteleport.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In this PR fixed issue related
tsh {alias}if we define in alias same executable path oftsh, for instance:~/.tsh/config/config.yamlwe don't spawn new process, instead just re-run the tsh main function with modified execution arguments
teleport/tool/tsh/common/aliases.go
Lines 205 to 221 in e50dae9
but in updater we use
os.Argsarguments, not modified ones by alias runnerteleport/lib/autoupdate/tools/updater.go
Lines 351 to 352 in e50dae9
this produce issue with updater, when it executed by alias
discussion
Related: https://github.com/gravitational/cloud/issues/10053
changelog: Fixed client tools autoupdates executed by aliases (causes recursive alias error)