Skip to content

Add Component Feature Advertisement#61647

Merged
kiosion merged 3 commits intomasterfrom
maxim/agent-feature-advertisement
Dec 19, 2025
Merged

Add Component Feature Advertisement#61647
kiosion merged 3 commits intomasterfrom
maxim/agent-feature-advertisement

Conversation

@kiosion
Copy link
Copy Markdown
Contributor

@kiosion kiosion commented Nov 21, 2025
edited
Loading

Context

Implements the initial phase of RFD 230 by adding a versioned ComponentFeatures payload to service presence, allowing consumers to reason about capabilities without relying on semver. For now, App Service, Auth, and Proxy advertise support for Resource Constraints in certificates (RFD 228), and are used by Proxy to set SupportedFeatureIDs on App records from clusterUnifiedResourcesGet.

Related

@kiosion kiosion force-pushed the maxim/agent-feature-advertisement branch 4 times, most recently from dc74843 to 73b73a4 Compare November 21, 2025 02:56
@github-actions

This comment was marked as outdated.

Sign in to view
@kiosion kiosion force-pushed the maxim/agent-feature-advertisement branch 3 times, most recently from eb0a266 to 7f7923c Compare November 22, 2025 00:43
@kiosion kiosion added the no-changelog Indicates that a PR does not require a changelog entry label Nov 22, 2025
@kiosion kiosion force-pushed the maxim/agent-feature-advertisement branch from 7f7923c to 99036df Compare November 25, 2025 18:46
@kiosion kiosion changed the base branch from master to maxim/add-authservers-proxies-list-fns November 25, 2025 18:46
@kiosion kiosion force-pushed the maxim/agent-feature-advertisement branch from 99036df to 242be5a Compare November 25, 2025 18:53
@kiosion kiosion force-pushed the maxim/add-authservers-proxies-list-fns branch 2 times, most recently from 1ec8c1d to 9f97bc2 Compare November 25, 2025 20:12
@kiosion kiosion force-pushed the maxim/agent-feature-advertisement branch from 242be5a to c10799c Compare November 25, 2025 20:14
smallinsky
smallinsky reviewed Nov 26, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@smallinsky smallinsky left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did first quick pass. Left few questions suggestion.

Also the Test coverage like integrant test covering feature advertising from App Agent to the Unified Rescues view result seems to be missing.

Comment thread api/proto/teleport/componentfeatures/v1/component_features.proto
Comment thread api/proto/teleport/legacy/types/types.proto Outdated
Comment thread lib/web/apiserver.go Outdated
Comment thread lib/web/apiserver.go Outdated
Comment thread lib/web/apiserver.go Outdated

allComponentFeatures := []*componentfeaturesv1.ComponentFeatures{r.GetComponentFeatures()}

allProxies, err := h.getAllClusterProxies(request.Context())
Copy link
Copy Markdown
Contributor

@smallinsky smallinsky Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why we need to have Proxies Capabilities where we are handling the case types.AppServer: case ?

Comment thread lib/componentfeatures/utils.go Outdated
Comment thread lib/componentfeatures/utils.go Outdated
@kiosion kiosion force-pushed the maxim/agent-feature-advertisement branch from d633d79 to 243dd04 Compare November 26, 2025 14:52
@kiosion kiosion force-pushed the maxim/add-authservers-proxies-list-fns branch from 9f97bc2 to b6f6040 Compare November 26, 2025 19:40
@kiosion kiosion force-pushed the maxim/agent-feature-advertisement branch from 243dd04 to 0e91561 Compare November 26, 2025 19:40
@kiosion kiosion force-pushed the maxim/add-authservers-proxies-list-fns branch from b6f6040 to 177f84e Compare November 26, 2025 19:42
@kiosion kiosion force-pushed the maxim/agent-feature-advertisement branch 2 times, most recently from ad8195b to d969fa9 Compare November 26, 2025 19:51
@kiosion kiosion force-pushed the maxim/add-authservers-proxies-list-fns branch from 177f84e to b8a3e14 Compare November 26, 2025 21:44
@kiosion kiosion force-pushed the maxim/agent-feature-advertisement branch from 0515dbf to f9d56b7 Compare November 26, 2025 21:44
@kiosion kiosion force-pushed the maxim/add-authservers-proxies-list-fns branch from b8a3e14 to e3bad8f Compare November 26, 2025 22:11
@kiosion kiosion force-pushed the maxim/agent-feature-advertisement branch from f9d56b7 to 4572cde Compare November 26, 2025 22:11
@kiosion kiosion force-pushed the maxim/add-authservers-proxies-list-fns branch from e3bad8f to b00e1fc Compare November 26, 2025 22:32
@kiosion kiosion force-pushed the maxim/agent-feature-advertisement branch from 4572cde to b7b1154 Compare November 26, 2025 22:33
@kiosion kiosion force-pushed the maxim/add-authservers-proxies-list-fns branch from b00e1fc to a3ecc1a Compare December 1, 2025 18:43
Base automatically changed from maxim/add-authservers-proxies-list-fns to master December 12, 2025 22:03
@kiosion kiosion force-pushed the maxim/agent-feature-advertisement branch from 997956e to 5898ded Compare December 15, 2025 20:10
smallinsky
smallinsky reviewed Dec 16, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@smallinsky smallinsky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The aggregatedAppServer logic could be simplified and made consistent with the aggregatedKube approach

Test coverage is also missing for the “many app servers -> same app” scenario, and I think the flow should distinguish the proxy app feature from the app server feature more explicitly.

That said, aside from this and a few nit comments looks solid. LGTM once the remaining comments are addressed.

Comment thread lib/srv/app/server.go Outdated
Comment thread lib/srv/regular/sshserver.go Outdated
Comment thread lib/web/ui/app.go Outdated
Comment thread lib/web/apiserver.go Outdated
Comment thread lib/web/apiserver.go Outdated
Comment thread lib/services/unified_resource.go
Comment on lines +1061 to +1071
func (a *aggregatedAppServer) Copy() types.AppServer {
out := a.AppServer.Copy()
if a.features != nil {
out.SetComponentFeatures(componentfeatures.Join(a.features))
}
return out
}

func (a *aggregatedAppServer) CloneResource() types.ResourceWithLabels {
return a.Copy()
}
Copy link
Copy Markdown
Contributor

@smallinsky smallinsky Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why this method are needed ?

I fee like the aggregatedAppServer should overwrite the GetFeatures instead of trying to update on copy.

For instance you can take a look at aggregatedKube or agggragateDB where GetTargetHealthStatus method is overriten by wrapper

We don't want to introduce seconds solution solving the same problem but in different way.

Copy link
Copy Markdown
Contributor Author

@kiosion kiosion Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy()/CloneResource() are needed as unified cache returns clones so the intersection needs to be set on the cloned Resource otherwise the aggregation is lost when we copy/unwrap.

But I agree it'd be better to match the aggregatedKube/aggregateDatabase pattern. I’ll also override GetComponentFeatures() on the wrapper like GetTargetHealthStatus so Copy() can set ComponentFeatures from that method so both pre-copy and post-copy behaviour is consistent.

Copy link
Copy Markdown
Contributor

@smallinsky smallinsky Dec 17, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy()/CloneResource() are needed as unified cache returns clones so the intersection needs to be set on the cloned Resource otherwise the aggregation is lost when we copy/unwrap.

Why the aggregatedKube/aggregateDatabase don't need the Clone ? I think that we follow existing pattern this can be simplified.

Copy link
Copy Markdown
Contributor Author

@kiosion kiosion Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They do have copy/clone funcs?

teleport/lib/services/unified_resource.go

Lines 1112 to 1122 in 1fec131

func (d *aggregatedDatabase) Copy() types.DatabaseServer {
out := d.DatabaseServer.Copy()
out.SetTargetHealthStatus(d.status)
return out
}
// CloneResource returns a copy of the underlying database server with
// aggregated health status.
func (d *aggregatedDatabase) CloneResource() types.ResourceWithLabels {
return d.Copy()
}

Comment thread lib/services/unified_resource_test.go Outdated
Comment thread lib/componentfeatures/utils.go Outdated
Comment thread lib/componentfeatures/utils.go Outdated
Comment thread lib/componentfeatures/features.go Outdated
@kiosion kiosion force-pushed the maxim/agent-feature-advertisement branch from 5898ded to 7d9118f Compare December 16, 2025 21:28
@kiosion kiosion force-pushed the maxim/agent-feature-advertisement branch from 7d9118f to 1fec131 Compare December 16, 2025 21:52
@kiosion kiosion requested a review from smallinsky December 17, 2025 20:56
smallinsky
smallinsky reviewed Dec 18, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@smallinsky smallinsky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM when remaining comment will be addressed

Comment thread lib/srv/app/server.go Outdated
Comment thread lib/services/unified_resource.go
Comment thread lib/srv/regular/sshserver.go
Comment thread lib/web/apiserver.go Outdated
Comment thread lib/web/apiserver.go Outdated
@kiosion kiosion force-pushed the maxim/agent-feature-advertisement branch from 1fec131 to 90d2aa2 Compare December 18, 2025 18:22
hugoShaka
hugoShaka approved these changes Dec 18, 2025
View reviewed changes
Comment thread integrations/terraform/protoc-gen-terraform-teleport.yaml
@kiosion
types: Add ComponentFeatures proto types
b723f6b
@kiosion
feat: Add handling for ComponentFeatures to Auth, Proxy, AppServer
c753042 
- Impl `ComponentFeatures` for Auth, Proxy, AppServer
- Add helper funcs
- Add/update tests
- Update WebUI types
@kiosion
docs: Update operator crd manifests, tf docs
172d4b1
@kiosion kiosion force-pushed the maxim/agent-feature-advertisement branch from 90d2aa2 to 172d4b1 Compare December 18, 2025 22:46
@kiosion kiosion added this pull request to the merge queue Dec 19, 2025
Merged via the queue into master with commit e76216c Dec 19, 2025
46 checks passed
@kiosion kiosion deleted the maxim/agent-feature-advertisement branch December 19, 2025 19:27
@backport-bot-workflows
Copy link
Copy Markdown
Contributor

backport-bot-workflows Bot commented Dec 19, 2025

@kiosion See the table below for backport results.

Branch Result
branch/v18 Failed

@kiosion kiosion mentioned this pull request Dec 20, 2025
Merged
21KennethTran pushed a commit that referenced this pull request Jan 6, 2026
@kiosion @21KennethTran
Add Component Feature Advertisement (#61647)
ccf7f9a 
* types: Add `ComponentFeatures` proto types

* feat: Add handling for `ComponentFeatures` to Auth, Proxy, AppServer

- Impl `ComponentFeatures` for Auth, Proxy, AppServer
- Add helper funcs
- Add/update tests
- Update WebUI types

* docs: Update operator crd manifests, tf docs
@kiosion kiosion mentioned this pull request Feb 4, 2026
Merged
@kiosion kiosion mentioned this pull request Mar 5, 2026
Open
44 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tigrato tigrato tigrato approved these changes

@hugoShaka hugoShaka hugoShaka approved these changes

@smallinsky smallinsky smallinsky approved these changes

Assignees

No one assigned

Labels

application-access backport/branch/v18 no-changelog Indicates that a PR does not require a changelog entry size/lg

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@kiosion @tigrato @hugoShaka @smallinsky