Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v17] GitHub proxy #51086

Merged
merged 15 commits into from
Jan 16, 2025
Merged

[v17] GitHub proxy #51086

merged 15 commits into from
Jan 16, 2025

Conversation

greedy52
Copy link
Contributor

@greedy52 greedy52 commented Jan 15, 2025
edited
Loading

backport of GitHub proxy to branch/v17

changelog: Support proxying Git commands for github.com

related:

This PR backports all changes listed in the 17.2 bucket from above PR (minus cloud/doc changes).

Cherry-pick master commits in the following order:

Checklist:

  • manual testing
  • Fix CI
  • review again to make sure there are no bad merges
  • doc backport (separate PR)

@greedy52 greedy52 added backport git Git proxy related labels Jan 15, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 15, 2025
edited
Loading

Amplify deployment status

Branch Commit Job ID Status Preview Updated (UTC)
STeve/v17_github_proxy 6d47f25 4 ✅SUCCEED steve-v17-github-proxy 2025-01-16 16:24:32

@greedy52 greedy52 added the github GitHub integration related label Jan 15, 2025
greedy52 added 13 commits January 16, 2025 09:53
@greedy52
GitHub Proxy part 1: github integration resource (#48999)
3467219 
* github integration resource

* fix lib/web

* revert withSecrets

* use static credentials

* address review comments

* fix ut
@greedy52
GitHub Proxy part 2: git_server resource, service, and RBAC (#49393)
c3ad3fc 
* git_server resource and role.allow.github_permissions

* implicit RO on KindGitServer

* review comments

* fix ut

* make -C integrations/operator crd

* fix ut again

* make crds-up-to-date and make -C integrations/terraform docs
@greedy52
GitHub proxy part 1.5: integration in web ui (#49561)
e5c55bc 
* GitHub proxy part 1.5: integration in web ui

* fix lint
@greedy52
GitHub Proxy part 3.5: caching PluginStaticCredentials (#49472)
8e853a1 
* GitHub Proxy part 3.5: caching PluginStaticCredentials

* fix lint
@greedy52
GitHub proxy part 2.5: git_server cache (#49564)
dc159a5 
* GitHub proxy part 2.5: git_server cache

* revert event

* fix getAll

* review comments
@greedy52
GitHub Proxy part 3: gen github user cert and export CA (#49396)
b9fd4dc 
* GitHub Proxy part 3: gen github user cert and export CA

* address pr comment

* minor refactor

* use cache

* fix build and cache
@greedy52
GitHub proxy part 4: tsh git ls with unified resource (#49596)
66d4a8c 
* GitHub proxy part 4: tsh git ls

* fix ut

* update username note

* fix
@greedy52
GitHub proxy part 5: OAuth flow to retrieve GitHub identity (#49849)
1ec1dd7 
* GitHub proxy part 5: OAuth flow to retrieve GitHub identity

* review comments round1

* review comments round 2 and update tsh git list

* make -C integrations/operator crd

* make -C integrations/terraform docs

* fix flaky test
@greedy52
GitHub proxy part 6.5: tsh git ssh/clone/config (#50044)
dea9591 
* GitHub proxy part 6.5: tsh git ssh/clone/config

* review comments

* fix test

* fix ut for lookpath

* fix logger and update dependency version

* go mod tidy for integrations
@greedy52
GitHub proxy part 7: audit events (#49923)
b8a771a 
* GitHub proxy part 7: audit events

* make Git Command consistent

* fix typo
@greedy52
GitHub proxy: git command recorder (#50505)
ae8e0c1 
* GitHub proxy: recording git command

* address review

* review comments

* allow flags after repository for git-upload-pack
@greedy52
GitHub proxy part 6: proxing Git using SSH transport (#49980)
3fe92af 
* GitHub proxy part 6: proxing Git using SSH transport

* better command parsing and update suite

* refactor

* revert unnecearrty files

* address review comments

* ut fix

* revert localsite_test.go

* change special suffix to teleport-github-org for routing

* fix routing ut

* minor typo edit

* fix ut after sshca change

* add UT to sshutils

* minor review comments

* fix api ut because of special suffix change

* GitServerReadOnlyClient

* downgrade error to warning

* run go mod tidy. not sure why it's needed

* rename mock.go to mock_test.go
@greedy52
GitHub Proxy: complete audit event flow and add an enterprise guard (#…
2a5b0e4 
…51049)
@greedy52 greedy52 force-pushed the STeve/v17_github_proxy branch from 7aacc2c to 2a5b0e4 Compare January 16, 2025 15:08
@greedy52 greedy52 marked this pull request as ready for review January 16, 2025 15:44
@github-actions github-actions bot added audit-log Issues related to Teleports Audit Log documentation helm size/xl labels Jan 16, 2025
@greedy52
Copy link
Contributor Author

git cherry-pick db45275:

@greedy52
Copy link
Contributor Author

greedy52 commented Jan 16, 2025
edited
Loading

@r0mant could you excludeflake for the lib/srv/regular tests?

Same as the SSH transport PR, existing tests from lib/srv/regular/sshserver_test.go timed out. Other packages are fine:

✓  lib/sshutils (19.917s) (coverage: 5.9% of statements)
✓  lib/auth/integration/credentials (1.916s) (coverage: 46.7% of statements)
✓  lib/sshca (2.074s) (coverage: 84.1% of statements)
✓  lib/auth/gitserver/gitserverv1 (4.35s) (coverage: 79.4% of statements)
✓  lib/web/ui (8.352s) (coverage: 2.9% of statements)
✓  lib/auth/userloginstate (14.026s) (coverage: 81.4% of statements)
✓  lib/srv/git (23.842s) (coverage: 70.6% of statements)
✓  lib/srv (25.871s) (coverage: 2.3% of statements)
✓  lib/auth/integration/integrationv1 (26.609s) (coverage: 49.9% of statements)
✓  lib/proxy (33.938s) (coverage: 28.5% of statements)
✓  lib/client (37.606s) (coverage: 3.2% of statements)
✓  lib/services/local (51.232s) (coverage: 0.7% of statements)
✓  lib/services (1m9.139s) (coverage: 9.9% of statements)
✓  lib/auth (1m29.23s) (coverage: 0.1% of statements)
✓  lib/cache (5m56.013s) (coverage: 38.9% of statements)
✖  lib/srv/regular (10m0.475s) (-test.shuffle 1737044839563137910)

@rosstimothy
Copy link
Contributor

FTD isn't required on release branches

@greedy52 greedy52 added this pull request to the merge queue Jan 16, 2025
Merged via the queue into branch/v17 with commit 7ca4e53 Jan 16, 2025
44 of 45 checks passed
@greedy52 greedy52 deleted the STeve/v17_github_proxy branch January 16, 2025 17:44
@camscale camscale mentioned this pull request Jan 17, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hugoShaka hugoShaka hugoShaka approved these changes

@r0mant r0mant r0mant approved these changes

Assignees
No one assigned
Labels
audit-log Issues related to Teleports Audit Log backport documentation git Git proxy related github GitHub integration related helm size/xl tctl tctl - Teleport admin tool tsh tsh - Teleport's command line tool for logging into nodes running Teleport. ui
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@greedy52 @rosstimothy @r0mant @hugoShaka