Skip to content

[v17] GitHub proxy#51086

Merged
greedy52 merged 15 commits intobranch/v17from
STeve/v17_github_proxy
Jan 16, 2025
Merged

[v17] GitHub proxy#51086
greedy52 merged 15 commits intobranch/v17from
STeve/v17_github_proxy

Conversation

@greedy52
Copy link
Copy Markdown
Contributor

@greedy52 greedy52 commented Jan 15, 2025
edited
Loading

backport of GitHub proxy to branch/v17

changelog: Support proxying Git commands for github.com

related:

This PR backports all changes listed in the 17.2 bucket from above PR (minus cloud/doc changes).

Cherry-pick master commits in the following order:

Checklist:

  • manual testing
  • Fix CI
  • review again to make sure there are no bad merges
  • doc backport (separate PR)

@greedy52 greedy52 added backport git Git proxy related labels Jan 15, 2025
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jan 15, 2025
edited
Loading

Amplify deployment status

Branch Commit Job ID Status Preview Updated (UTC)
STeve/v17_github_proxy 6d47f25 4 ✅SUCCEED steve-v17-github-proxy 2025-01-16 16:24:32

@greedy52 greedy52 added the github-integration GitHub integration related label Jan 15, 2025
greedy52 added 13 commits January 16, 2025 09:53
@greedy52
GitHub Proxy part 1: github integration resource (#48999)
3467219 
* github integration resource

* fix lib/web

* revert withSecrets

* use static credentials

* address review comments

* fix ut
@greedy52
GitHub Proxy part 2: git_server resource, service, and RBAC (#49393)
c3ad3fc 
* git_server resource and role.allow.github_permissions

* implicit RO on KindGitServer

* review comments

* fix ut

* make -C integrations/operator crd

* fix ut again

* make crds-up-to-date and make -C integrations/terraform docs
@greedy52
GitHub proxy part 1.5: integration in web ui (#49561)
e5c55bc 
* GitHub proxy part 1.5: integration in web ui

* fix lint
@greedy52
GitHub Proxy part 3.5: caching PluginStaticCredentials (#49472)
8e853a1 
* GitHub Proxy part 3.5: caching PluginStaticCredentials

* fix lint
@greedy52
GitHub proxy part 2.5: git_server cache (#49564)
dc159a5 
* GitHub proxy part 2.5: git_server cache

* revert event

* fix getAll

* review comments
@greedy52
GitHub Proxy part 3: gen github user cert and export CA (#49396)
b9fd4dc 
* GitHub Proxy part 3: gen github user cert and export CA

* address pr comment

* minor refactor

* use cache

* fix build and cache
@greedy52
GitHub proxy part 4: tsh git ls with unified resource (#49596)
66d4a8c 
* GitHub proxy part 4: tsh git ls

* fix ut

* update username note

* fix
@greedy52
GitHub proxy part 5: OAuth flow to retrieve GitHub identity (#49849)
1ec1dd7 
* GitHub proxy part 5: OAuth flow to retrieve GitHub identity

* review comments round1

* review comments round 2 and update tsh git list

* make -C integrations/operator crd

* make -C integrations/terraform docs

* fix flaky test
@greedy52
GitHub proxy part 6.5: tsh git ssh/clone/config (#50044)
dea9591 
* GitHub proxy part 6.5: tsh git ssh/clone/config

* review comments

* fix test

* fix ut for lookpath

* fix logger and update dependency version

* go mod tidy for integrations
@greedy52
GitHub proxy part 7: audit events (#49923)
b8a771a 
* GitHub proxy part 7: audit events

* make Git Command consistent

* fix typo
@greedy52
GitHub proxy: git command recorder (#50505)
ae8e0c1 
* GitHub proxy: recording git command

* address review

* review comments

* allow flags after repository for git-upload-pack
@greedy52
GitHub proxy part 6: proxing Git using SSH transport (#49980)
3fe92af 
* GitHub proxy part 6: proxing Git using SSH transport

* better command parsing and update suite

* refactor

* revert unnecearrty files

* address review comments

* ut fix

* revert localsite_test.go

* change special suffix to teleport-github-org for routing

* fix routing ut

* minor typo edit

* fix ut after sshca change

* add UT to sshutils

* minor review comments

* fix api ut because of special suffix change

* GitServerReadOnlyClient

* downgrade error to warning

* run go mod tidy. not sure why it's needed

* rename mock.go to mock_test.go
@greedy52
GitHub Proxy: complete audit event flow and add an enterprise guard (#…
2a5b0e4 
…51049)
@greedy52 greedy52 force-pushed the STeve/v17_github_proxy branch from 7aacc2c to 2a5b0e4 Compare January 16, 2025 15:08
@greedy52 greedy52 marked this pull request as ready for review January 16, 2025 15:44
@github-actions github-actions Bot added audit-log Issues related to Teleports Audit Log documentation helm size/xl labels Jan 16, 2025
@greedy52
Copy link
Copy Markdown
Contributor Author

greedy52 commented Jan 16, 2025

git cherry-pick db45275:

@greedy52
Copy link
Copy Markdown
Contributor Author

greedy52 commented Jan 16, 2025
edited
Loading

@r0mant could you excludeflake for the lib/srv/regular tests?

Same as the SSH transport PR, existing tests from lib/srv/regular/sshserver_test.go timed out. Other packages are fine:

✓  lib/sshutils (19.917s) (coverage: 5.9% of statements)
✓  lib/auth/integration/credentials (1.916s) (coverage: 46.7% of statements)
✓  lib/sshca (2.074s) (coverage: 84.1% of statements)
✓  lib/auth/gitserver/gitserverv1 (4.35s) (coverage: 79.4% of statements)
✓  lib/web/ui (8.352s) (coverage: 2.9% of statements)
✓  lib/auth/userloginstate (14.026s) (coverage: 81.4% of statements)
✓  lib/srv/git (23.842s) (coverage: 70.6% of statements)
✓  lib/srv (25.871s) (coverage: 2.3% of statements)
✓  lib/auth/integration/integrationv1 (26.609s) (coverage: 49.9% of statements)
✓  lib/proxy (33.938s) (coverage: 28.5% of statements)
✓  lib/client (37.606s) (coverage: 3.2% of statements)
✓  lib/services/local (51.232s) (coverage: 0.7% of statements)
✓  lib/services (1m9.139s) (coverage: 9.9% of statements)
✓  lib/auth (1m29.23s) (coverage: 0.1% of statements)
✓  lib/cache (5m56.013s) (coverage: 38.9% of statements)
✖  lib/srv/regular (10m0.475s) (-test.shuffle 1737044839563137910)

@rosstimothy
Copy link
Copy Markdown
Contributor

rosstimothy commented Jan 16, 2025

FTD isn't required on release branches

@greedy52 greedy52 added this pull request to the merge queue Jan 16, 2025
Merged via the queue into branch/v17 with commit 7ca4e53 Jan 16, 2025
@greedy52 greedy52 deleted the STeve/v17_github_proxy branch January 16, 2025 17:44
@camscale camscale mentioned this pull request Jan 17, 2025
Merged
@BrewTestBot BrewTestBot mentioned this pull request Jan 22, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@r0mant r0mant r0mant approved these changes

@hugoShaka hugoShaka hugoShaka approved these changes

Assignees

No one assigned

Labels

audit-log Issues related to Teleports Audit Log backport documentation git Git proxy related github-integration GitHub integration related helm size/xl tctl tctl - Teleport admin tool tsh tsh - Teleport's command line tool for logging into nodes running Teleport. ui

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@greedy52 @rosstimothy @r0mant @hugoShaka