-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix Azure join method throttling #50251
Conversation
This pull request is automatically being deployed by Amplify Hosting (learn more). |
5ee9911
to
32df16f
Compare
1ba9824
to
d5c1064
Compare
Is the TODO from the PR description still valid?
|
This todo is out of scope for this PR. But it is something we should consider implementing in the case that verification via claims is unavailable in some Azure environments. |
@bernardjkim See the table below for backport results.
|
* Validate Azure join using JWT claims * Add note about User-Agent
Supports https://github.com/gravitational/teleport.e/issues/2164
The current implementation of the Azure join method requires Teleport to list all VMs in an Azure subscription in order to verify the joining VM. This is problematic when there are a large number of VMs in an Azure subscription, and in some cases causes throttling due to Azure API rate limits.
This PR modifies the validation step of the Azure join method. Validation no longer requests the VM instance from the Azure API. Instead, Teleport validates the joining VM using the optional claims provided in the JWT. This removes the need to query the Azure VM API and the risk of throttling. If the validation with claims method fails, Teleport will fallback to previous validation method using the VM.
Todo: Attempt VM validation using Resource Graph API before attempting VM validation with ListAllVMs API.Changelog: Fixes an issue causing Azure join method to fail due to throttling.