Add client-side functions to export multiple authorities#51189
Add client-side functions to export multiple authorities#51189codingllama merged 6 commits intomasterfrom
Conversation
codingllama
added
the
no-changelog
|
May be reviewed as a whole or commit-by-commit, as preferred. Commit 41ff204 refactors existing tests without changing functionality, so I suggest taking a look at it regardless. There are no changes in the test table itself (apart from ident), it only removes the outer loop in favor of a couple of explicit t.Run calls (which we built into in the next commits). |
|
FYI @GavinFrazar, this tackles the same issues as #35754 (only I'll do the "frontend" parts in a follow up). |
|
Optimistically adding backport labels. Once I mail the tctl/Web API parts we'll see how far back this will actually go. |
|
Friendly ping @eriktate @hugoShaka |
codingllama
force-pushed
the
codingllama/export-all-funcs
branch
from
3a27791 to
ac7524a
Compare
|
Rebased onto master, no changes. |
hugoShaka
left a comment
hugoShaka
left a comment
There was a problem hiding this comment.
Sounds good, it took me some time to understand that ExportAllAuthorities did not export authorities of all kinds, but all authorities of a kind. It might be useful to drop a few words in the godocs to remove the ambiguity and help Teleporters who have no prior CA export context.
Also, I'm curious about which property an integration CA has, compared to a regular one. Linking to a RFD, PR, or godoc explaining the concept would help understand why they need special treatment.
|
Thanks, Hugo!
Done! (fa41436)
Replied on #51189 (comment). |
public-teleport-github-review-bot
Bot
removed the request for review
from eriktate
|
Thanks, everyone! |
github-merge-queue
Bot
removed this pull request from the merge queue due to no response for status checks
github-merge-queue
Bot
removed this pull request from the merge queue due to failed status checks
|
@codingllama See the table below for backport results.
|
…al#51189) * Introduce ExportAll functions * Refactor tests * Test ExportAll in existing test suite * Test ExportAll with multiple active CAs * Update godocs * Update godocs
3 participants
Add "ExportAll" variants of ExportAuthorities and ExportAuthoritiesSecrets that can gracefully handle multiple active CAs.
ExportAll functions return an []*ExportedAuthority, so future iterations could easily include (and differentiate) CertAuthoritySpecV2.AdditionalTrustedKeys, plus whatever other data is necessary.
Subsequent PRs will take advantage of the new functions on both tctl and Web API. After the follow-ups the "unary" Export functions are to be removed.
Similar to #35754 (minus the frontend parts).
#35444