Add labels to Windows Desktop Service, add endpoint for searching them #16436
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
requested review from
alexfornuto,
probakowski,
ptgott,
r0mant,
sagesyr,
xacrimon,
xinding33 and
zmb3
zmb3
reviewed
Sep 15, 2022
| @@ -2767,6 +2767,8 @@ func (c *Client) ListResources(ctx context.Context, req proto.ListResourcesReque | |||
| resources[i] = respResource.GetKubeService() | |||
| case types.KindWindowsDesktop: | |||
| resources[i] = respResource.GetWindowsDesktop() | |||
| case types.KindWindowsDesktopService: | |||
There was a problem hiding this comment.
I would check with Lisa on this. I don't remember the details but there is some reason why ListResources isn't supported for desktops.
| @@ -1958,6 +1958,8 @@ func (set RoleSet) checkAccess(r AccessCheckable, mfa AccessMFAParams, matchers | |||
| case types.KindWindowsDesktop: | |||
| getRoleLabels = types.Role.GetWindowsDesktopLabels | |||
| additionalDeniedMessage = "Confirm Windows user." | |||
| case types.KindWindowsDesktopService: | |||
| getRoleLabels = types.Role.GetWindowsDesktopLabels | |||
There was a problem hiding this comment.
Hmm is this right? This looks like it only applies to the actual resources, not the Teleport agents that report them.
ryanclark
force-pushed
the
ryan/add-list-desktop-services
branch
from
ac10933 to
423f0e1
Compare
ptgott
reviewed
Sep 19, 2022
|
|
||
| # Labels to attach to the Windows Desktop Service. This is used internally, | ||
| # any custom labels added won't affect the Windows hosts. |
There was a problem hiding this comment.
I'm not sure what the "This is used internally" sentence means. Since this field is only used internally, when would someone want to set a custom value for it?
There was a problem hiding this comment.
They shouldn't, but I didn't know if we allowed for config properties that are only used internally to go undocumented on the config reference page.
ryanclark
force-pushed
the
ryan/add-list-desktop-services
branch
from
30b2c1f to
d03de75
Compare
zmb3
approved these changes
Sep 22, 2022
ryanclark
force-pushed
the
ryan/add-list-desktop-services
branch
2 times, most recently
from
377f7dc to
8beb245
Compare
rudream
reviewed
Sep 23, 2022
ryanclark
force-pushed
the
ryan/add-list-desktop-services
branch
from
8beb245 to
090973d
Compare
rudream
approved these changes
Sep 23, 2022
github-actions
bot
removed request for
r0mant,
alexfornuto,
probakowski,
xacrimon,
xinding33 and
sagesyr
This allows us to add labels to the `windows_desktop_service` section of the config and store them inside `WindowsDesktopServiceV3`.
During the Desktop Discover flow, we need to be able to search for any `WindowsDesktopServices` that have joined with the label generated in the config. This adds an endpoint that works the same as fetching `WindowsDesktop` resources, and shares the permissions of the `desktop` resource.
Co-authored-by: Paul Gottschling <[email protected]>
Co-authored-by: Yassine Bounekhla <[email protected]>
ryanclark
force-pushed
the
ryan/add-list-desktop-services
branch
from
331a6fb to
493e03c
Compare
|
@ryanclark See the table below for backport results.
|
ryanclark
added a commit
that referenced
this pull request
Sep 23, 2022
Merged
r0mant
added a commit
that referenced
this pull request
Sep 24, 2022
* Init an uploader service for Windows Desktop Service This will result in multiple uploader services running if there are other Teleport services running in the same process, but that will be fixed by #14521. Updates #12549 * buddy: Fix incorrect use of loop variables (#16306) * Fix incorrect use of loop variables This commit fixes a few occurrences of loop variables being incorrectly used in the context of Go-routines or (most frequently) parallel tests. To fix the issues, we create a local copy of the range variables before the parallel tests (or Go-routine), as suggested in the documentation of the `testing` package: https://pkg.go.dev/testing#hdr-Subtests_and_Sub_benchmarks Issues were found using the `loopvarcapture` linter. Signed-off-by: Roman Tkachenko <[email protected]> * fix TestTraceProvider/spans_exported_with_gRPC+TLS * run TestSSH serially * operator: Conserve 'created_by' data in user spec Signed-off-by: Roman Tkachenko <[email protected]> Co-authored-by: Renato Costa <[email protected]> Co-authored-by: Tim Ross <[email protected]> Co-authored-by: Hugo Hervieux <[email protected]> * Correctly set the end time when completing an upload The upload completer would set the session end time based on the last known event in the session, but it left the timestamp in the event's metadata blank, which caused it to default to the time the upload was completed. Fixes #16555 * Speed up TestTerminalPing (#16481) This test takes between 10-20 seconds to run, because it waits for a websocket ping message and pings run on a 10s timer by default. It turns out, we allow specifying the keepalive interval in the terminal request, but due to a bug we would always overwrite that value with what's in the cluster networking config. Fix the bug and speed up the test by overriding the keepalive interval to something shorter for this test. Before: ➜ go test -run TestTerminalPing -race ./lib/web -count=1 ok github.com/gravitational/teleport/lib/web 13.122s After: ➜ go test -run TestTerminalPing -race ./lib/web -count=1 ok github.com/gravitational/teleport/lib/web 3.394s * Add labels to Windows Desktop Service, add endpoint for searching them (#16436) * export GetResourcesByResourceIDs * add WithCluserClientProvider * Improve unit tests in CI (#16698) - Increase timeout - Detect whether operator, CI, Rust, or Helm tests are necessary * Update `webassets` ref to latest `teleport-v10` Signed-off-by: Roman Tkachenko <[email protected]> Co-authored-by: Roman Tkachenko <[email protected]> Co-authored-by: Renato Costa <[email protected]> Co-authored-by: Tim Ross <[email protected]> Co-authored-by: Hugo Hervieux <[email protected]> Co-authored-by: Ryan Clark <[email protected]> Co-authored-by: Nic Klaassen <[email protected]> Co-authored-by: Ryan Clark <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As part of the server access flow in Discover, we generate a
JoinTokenwhich has anid(the token used to authenticate with the auth server) and aninternalResourceId.The
node-install.shscript creates a Teleport config, addingssh_service.labels['teleport.internal/resource-id']that is equal to theinternalResourceIdof the token.Currently, there isn't the same functionality for
windows_desktop_service.This means that we can't poll for the
WindowsDesktopServicethat joins once the user has started Teleport (after configuring it with the output of the configure AD script).In order to be able to ping
WindowsDesktopServicesby theteleport.internal/resource-idlabel, I've addedwindows_desktop_service.labels. The configure AD script should add this property in the config it outputs to the console.This also adds an endpoint for the frontend to be able to query them -
v1/webapi/sites/:site/desktopservices.