Cleanup the vestigial "namespace" parameter #49509
Labels
Comments
|
An early example of an attempted cleanup: ae99259. |
|
The main difficulty here is that namespaces are baked into some of the older Teleport resources (namely Servers, Apps and Databases) in a way that makes it difficult to reason about whether a non-"default" may actually be used (although anecdotal evidence seems to support they aren't). A phased approach where we gradually introduce errors for non-"default" namespaces (so we gain confidence that they aren't used) could be a good way to do it. After a few versions without errors we can more aggressively assume "default" and remove difficult references. In the short term I would expect some cleanups/simplification but no permanent solution. Edit: it's also worth mentioning lib/services.MatchNamespace, in RBAC land, for completeness. |
rosstimothy
added a commit
that referenced
this issue
Jan 13, 2025
Eliminates the namespace CRUD API as part of #49509. The most notable change introduce here is with flushCache in the auth helpers. It was ironically using namespaces because they were deprecated, however, it has since been updated to use a role instead. The helpers.go file was also updated not to rely on testify in attempt to prevent it from being included in production builds.
rosstimothy
added a commit
that referenced
this issue
Jan 13, 2025
Eliminates the namespace CRUD API as part of #49509. The most notable change introduce here is with flushCache in the auth helpers. It was ironically using namespaces because they were deprecated, however, it has since been updated to use a role instead. The helpers.go file was also updated not to rely on testify in attempt to prevent it from being included in production builds.
rosstimothy
added a commit
that referenced
this issue
Jan 13, 2025
Eliminates the namespace CRUD API as part of #49509. The most notable change introduce here is with flushCache in the auth helpers. It was ironically using namespaces because they were deprecated, however, it has since been updated to use a role instead. The helpers.go file was also updated not to rely on testify in attempt to prevent it from being included in production builds.
rosstimothy
added a commit
that referenced
this issue
Jan 13, 2025
Eliminates the namespace CRUD API as part of #49509. The most notable change introduce here is with flushCache in the auth helpers. It was ironically using namespaces because they were deprecated, however, it has since been updated to use a role instead. The helpers.go file was also updated not to rely on testify in attempt to prevent it from being included in production builds. Updates #6394.
rosstimothy
added a commit
that referenced
this issue
Jan 13, 2025
Eliminates the namespace CRUD API as part of #49509. The most notable change introduce here is with flushCache in the auth helpers. It was ironically using namespaces because they were deprecated, however, it has since been updated to use a role instead. The helpers.go file was also updated not to rely on testify in attempt to prevent it from being included in production builds. Updates #6394.
rosstimothy
added a commit
that referenced
this issue
Jan 15, 2025
Eliminates the namespace CRUD API as part of #49509. The most notable change introduce here is with flushCache in the auth helpers. It was ironically using namespaces because they were deprecated, however, it has since been updated to use a role instead. The helpers.go file was also updated not to rely on testify in attempt to prevent it from being included in production builds. Updates #6394.
github-merge-queue bot
pushed a commit
that referenced
this issue
Jan 15, 2025
Eliminates the namespace CRUD API as part of #49509. The most notable change introduce here is with flushCache in the auth helpers. It was ironically using namespaces because they were deprecated, however, it has since been updated to use a role instead. The helpers.go file was also updated not to rely on testify in attempt to prevent it from being included in production builds. Updates #6394.
rosstimothy
added a commit
that referenced
this issue
Jan 15, 2025
Updates #49509. Most of the places namespaces were already configurable were had been forcing the default namespace. This extends that by removing the ability to pass in a custom namesapce and hardcodes the default namespace at the inner most call site to reduce the surface area of namespaces.
rosstimothy
added a commit
that referenced
this issue
Jan 15, 2025
Updates #49509. Most of the places namespaces were already configurable were had been forcing the default namespace. This extends that by removing the ability to pass in a custom namesapce and hardcodes the default namespace at the inner most call site to reduce the surface area of namespaces. With the removal of the --namespace flag from the base tsh command, kubernetes subcommands have also been updated to use --namespaces in addition to --kube-namespace. The former should be preferred, while the later exists solely for backward compatibility.
github-merge-queue bot
pushed a commit
that referenced
this issue
Jan 15, 2025
Updates #49509. Most of the places namespaces were already configurable were had been forcing the default namespace. This extends that by removing the ability to pass in a custom namesapce and hardcodes the default namespace at the inner most call site to reduce the surface area of namespaces. With the removal of the --namespace flag from the base tsh command, kubernetes subcommands have also been updated to use --namespaces in addition to --kube-namespace. The former should be preferred, while the later exists solely for backward compatibility.
mvbrock
pushed a commit
that referenced
this issue
Jan 18, 2025
Eliminates the namespace CRUD API as part of #49509. The most notable change introduce here is with flushCache in the auth helpers. It was ironically using namespaces because they were deprecated, however, it has since been updated to use a role instead. The helpers.go file was also updated not to rely on testify in attempt to prevent it from being included in production builds. Updates #6394.
mvbrock
pushed a commit
that referenced
this issue
Jan 18, 2025
Updates #49509. Most of the places namespaces were already configurable were had been forcing the default namespace. This extends that by removing the ability to pass in a custom namesapce and hardcodes the default namespace at the inner most call site to reduce the surface area of namespaces. With the removal of the --namespace flag from the base tsh command, kubernetes subcommands have also been updated to use --namespaces in addition to --kube-namespace. The former should be preferred, while the later exists solely for backward compatibility.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is not about k8s namespaces.
Various Teleport resources have a "namespace" parameter (example1, example2, example3) dating from the Gravity days. That parameter is largely unsupported and fixed to apidefaults.Namespace in the vast majority of the code.
Removing "namespace" clears cruft, confusion and simplify various parts of Teleport.
The text was updated successfully, but these errors were encountered: