Add autoupdate manual rollout audit events#52934
Merged
Conversation
hugoShaka
added
the
no-changelog
github-actions
bot
added
audit-log
vapopov
approved these changes
Mar 11, 2025
Contributor
vapopov
left a comment
vapopov
left a comment
There was a problem hiding this comment.
Seems like proto should be fixed, the rest LGTM
sclevine
reviewed
Mar 11, 2025
hugoShaka
force-pushed
the
hugo/add-manual-rollout-commands
branch
from
0c0607e to
4c0e607
Compare
hugoShaka
force-pushed
the
hugo/add-manual-rollout-audit-events
branch
from
467bca7 to
e255c0a
Compare
sclevine
approved these changes
Mar 17, 2025
hugoShaka
force-pushed
the
hugo/add-manual-rollout-commands
branch
from
4c0e607 to
31e0fca
Compare
hugoShaka
force-pushed
the
hugo/add-manual-rollout-audit-events
branch
from
e255c0a to
f316ae5
Compare
hugoShaka
requested review from
camscale,
fheinecke,
klizhentas,
r0mant,
rosstimothy,
russjones,
tcsc and
zmb3
as code owners
hugoShaka
force-pushed
the
hugo/add-manual-rollout-commands
branch
2 times, most recently
from
9ea0fd4 to
1551f62
Compare
hugoShaka
force-pushed
the
hugo/add-manual-rollout-audit-events
branch
2 times, most recently
from
4a34343 to
b8e13c1
Compare
Contributor
Author
Yes, I specified it in the description:
I will not backport until the UI changes are in as well. |
Contributor
|
Any reason not to include the frontend changes here? |
Contributor
Author
|
I try to send back, front, and docs in separate PRs because each section pokes its own reviewers and I end up with an approved PR while one or many sections have not been reviewed by its owners. Smaller PRs also tend to spend less time stuck in review. |
Contributor
|
The audit event frontend changes are very formulaic and don't necessarily require frontend only reviewers. IMO I find it easier to test and validate audit event changes when both pieces of the puzzle are done at the same time. There's also less chance of missing a backport. |
hugoShaka
force-pushed
the
hugo/add-manual-rollout-audit-events
branch
from
b8e13c1 to
cc6df6e
Compare
rosstimothy
approved these changes
Apr 28, 2025
hugoShaka
force-pushed
the
hugo/add-manual-rollout-audit-events
branch
from
cc6df6e to
eab0be1
Compare
public-teleport-github-review-bot
bot
removed the request for review
from mvbrock
hugoShaka
added a commit
that referenced
this pull request
Jul 18, 2025
* Add autoupdate trigger/merk-done/rollback audit events * Remove useless resource metadata and add groups to audit event * Add events to web UI
hugoShaka
added a commit
that referenced
this pull request
Jul 24, 2025
* Add autoupdate trigger/merk-done/rollback audit events * Remove useless resource metadata and add groups to audit event * Add events to web UI
hugoShaka
added a commit
that referenced
this pull request
Jul 25, 2025
* Add autoupdate trigger/merk-done/rollback audit events * Remove useless resource metadata and add groups to audit event * Add events to web UI
github-merge-queue bot
pushed a commit
that referenced
this pull request
Jul 28, 2025
* Add rollout mutation functions (#52930) * Add Trigger, Rollback, ForceDone autoupdate RPCs (#52931) * Add Trigger, Rollback, ForceDone autoupdate RPCs * Add all_started_groups bool + switch to group set * fix error type * Align semver libs (#52795) * Convert autoupdate version handling to coreos/go-semver * get the right version in installer endpoint + get rid of x/mod/semver * depguard x/mod/semver * Add nolint rules for existing x/mod/semver usages * Add depguard explanation * Add autoupdate trigger/mark-done/rollback commands (#52933) * Add updater info in Hello (#53911) * Introduce autoupdate_agent_report proto types (#54175) * Introduce autoupdate_agent_report proto types * Fix tests + remove delete all RPC * Move updater info proto from authclient to types (#54236) * Report updater info in Hello (#53938) * Report updater info in Hello * Add UUID to Hello * lint * Fix after rebase --------- Co-authored-by: Stephen Levine <stephen.levine@goteleport.com> * Send goodbye even when doing soft-reload (#54176) * Send goodbye even when doing soft-reload * Save and replay Goodbye on connect * Add SoftReload flag to Goodbye * SendGoodbye -> SetAndSendGoodbye * Display update group in `tctl inventory` (#54324) * Add autoupdate manual rollout audit events (#52934) * Add autoupdate trigger/merk-done/rollback audit events * Remove useless resource metadata and add groups to audit event * Add events to web UI * Add autoupdate_agent_report backend service (#54333) * Add autoupdate_agent_report backend service * Saner resource validation * Add agent rollout cache + service + client (#54772) * Add agent rollout cache + service + client * fix after rebase * add event in tests * fix autoupdateagenmtreport event streaming * lint * Fix backport: slog -> logrus * Generate autoupdate agent report periodically (#54865) * Generate autoupdate agent report periodically * address edoardo's feedback * Apply suggestions from code review Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com> * fix proto field lookup + address feedback * fix tests + add license --------- Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com> * Add omission info in autoupdate report (#55001) * Add agent counters to autoupdate_agent_rollout proto (#55096) * Add agent counters to autoupdate_agent_rollout proto * int64 -> uint64 * Add reports to client and rewrite mockClient using testify (#55097) * Add reports to client and rewrite mockClient using testify When adding the ListAutoUpdateAgentReports() function to the Client interface I realized that the mock client was not supporting List endpoints. Instead of expanding the custom mock system, I rewrote the mock client to use the standard testify/mock library. * checkIfEmpty -> checkIfCallsWereDone * Make halt-on-error autoupdate strategy use agent reports (#55116) * Make half-on-error autoupdate strategy use agent reports * Make report helpers reusable for time-based strategy * address edoardo's feedback * Set the agent count when reconciling time-based rollouts (#55152) * Set the agent count when reconciling time-based rollouts * Apply suggestions from code review Co-authored-by: Stephen Levine <stephen.levine@goteleport.com> --------- Co-authored-by: Stephen Levine <stephen.levine@goteleport.com> * Fix flaky `TestServer_generateAgentVersionReport` (#56015) * [v18] Add autoupdate agent report commands (#56495) * Add autoupdate agent report commands * Address feedback * autoupdate canary support: proto messages (#56259) * autoupdate canary support: inventory and auth primitives (#56261) * autoupdate canary support: tctl (#56473) * autoupdate canary support: tctl support This commits makes `tctl autoupdate agents status` display groups in the canary state properly. * add `--force` flag to `tctl autoupdate agents start-update` * autoupdate canary support: modulate proxy response (#56468) This commit makes the TEleport Proxcy service find and pind endpoints fetch the updater ID from the request parameters and lookup if the requestor is a canary. If it is, the requestor will be told to update. * autoupdate canary support: rollout controller (#56467) * autoupdate canary support: rollout controller This commit adds canary support to the autoupdate_agent_rollout controller when the strategy is "halt-on-error". * Apply suggestions from code review * Fix backport: add inventory clock + deal with edoardo breaking everything * Fix tests after backport * fixup! Fix tests after backport * fixup! fixup! Fix tests after backport * lint authproto -> clientproto * Fix autoupdate canary sampling for the catch-all group * Tune the canary logic (#56926) - Users can now specify how many canaries they want - Instead of looking at the current group size, we rely on user input - max canary 10 -> 5 (I have not done the max message size yet) - fix a bug causing the start date to be reset when doing canary -> active * Reliably detect update.yaml after soft reloads * always send group in agent hello (#55071) * Fix detection on initial install * fix log * Always persist new configuration * cleanup * fix tests * fix tests relying on go 1.24 * fix crd snapshot tests + fix linter issue --------- Co-authored-by: Stephen Levine <stephen.levine@goteleport.com> Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>
21KennethTran
pushed a commit
that referenced
this pull request
Jan 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR 4/4 adding manual rollout control as specified in RFD 184.
This PR adds the audit events. UI support for audit events will come in a followup PR.