Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: interactive tctl auth rotate #49171

Merged
merged 2 commits into from
Dec 5, 2024
Merged

feat: interactive tctl auth rotate #49171

merged 2 commits into from
Dec 5, 2024

Conversation

nklaassen
Copy link
Contributor

@nklaassen nklaassen commented Nov 19, 2024

The PR adds an interactive mode for tctl auth rotate. The best way to describe it is probably to try it yourself, or check the demo video https://goteleport.zoom.us/clips/share/A2F3MRZsZGYyU09NRVIxMlFCS1YxOHAwaVZRAQ

I am using https://github.com/charmbracelet/bubbletea to handle the tricky parts of writing an interactive TUI. I recommend checking out the README there. The control loop is based on implementing bubbletea.Model which has methods Init(), Update(), and View(). We already have bubbletea as a dependency for tsh latency ssh.

changelog: Added an interactive mode for tctl auth rotate

@github-actions github-actions bot requested review from rudream and zmb3 November 19, 2024 02:15
@github-actions github-actions bot added size/lg tctl tctl - Teleport admin tool labels Nov 19, 2024
tool/tctl/common/auth_rotate_command.go Outdated Show resolved Hide resolved
@nklaassen
Copy link
Contributor Author

nklaassen commented Nov 22, 2024

I need to fix mfa prompts and logs, need prompts to potentially handle stdin and output to not mess with the bubbletea rendering

edit: done

@nklaassen
Copy link
Contributor Author

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull these changes into a separate PR so that they can be backported?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I plan to backport all this to 17, but I'm default-against backporting anything other than bugfixes unless there's a compelling reason to do so

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this result in any measurable difference rendering a table? If so, that would improve the UX for folks using tsh ls on a large cluster.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know if it does, I made the change for dev ergonomics not performance, it's just nicer to write the table directly to a writer I already have than to get a buffer and copy it. Is table rendering a known problem on large clusters? I'd naively expect the network calls to dominate over the table rendering. For all I know buffering the writes in memory could actually be much faster than making a bunch of small writes to stdout. I just wouldn't backport something like this past the current release branch, I don't understand the value of backporting minor UX changes, if our users value stability on release branches and we value dev velocity it seems counterproductive

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess I am just used to having a very high bar for deciding what should be backported. I view every backport as a potential source of instability that we will ship out in a patch release with very little testing. Even if the change is trivial, the more changes we have the less obvious it is exactly what has changed in a given patch release and the more we (or our customers) have to look at if a patch happens to break something

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should these changes be backported?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I plan to backport all this to 17, but I'm default-against backporting anything other than bugfixes unless there's a compelling reason to do so

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wouldn't it be a UX improvement? Is that why you included them here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I included them here for selfish reasons, so I can use the same string in the text and in the example tctl get command. By default I wouldn't backport something like this but I can manually backport if you think it would be worthwhile

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i will manually backport these to all release branches

tool/tctl/common/status_command.go Outdated Show resolved Hide resolved
Comment on lines 784 to 781
targetPhase, "nodes", adaptServerGetter(func() ([]types.Server, error) {
return client.GetNodes(context.TODO(), apidefaults.Namespace)
})),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this will cause the waiting for nodes spinner to spin indefinitely if there are any agentless nodes present. We probably want to hit ListUnifiedResources with a filter here instead.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed this in the latest

tool/tctl/common/auth_rotate_command.go Outdated Show resolved Hide resolved
tool/tctl/common/auth_rotate_command.go Outdated Show resolved Hide resolved
@public-teleport-github-review-bot public-teleport-github-review-bot bot removed the request for review from rudream December 5, 2024 18:50
@nklaassen nklaassen force-pushed the nklaassen/rotate-ux branch from bcf9189 to d0f46ee Compare December 5, 2024 20:48
@nklaassen nklaassen added this pull request to the merge queue Dec 5, 2024
Merged via the queue into master with commit 94f1291 Dec 5, 2024
41 checks passed
@nklaassen nklaassen deleted the nklaassen/rotate-ux branch December 5, 2024 23:57
@public-teleport-github-review-bot

@nklaassen See the table below for backport results.

Branch Result
branch/v17 Failed

nklaassen added a commit that referenced this pull request Dec 6, 2024
Backport #49171 to branch/v17

changelog: Added an interactive mode for tctl auth rotate
nklaassen added a commit that referenced this pull request Dec 6, 2024
This is a partial backport of #49171 that just adds a couple plural
resource shortcuts that were missing.
github-merge-queue bot pushed a commit that referenced this pull request Dec 6, 2024
Backport #49171 to branch/v17

changelog: Added an interactive mode for tctl auth rotate
github-merge-queue bot pushed a commit that referenced this pull request Dec 9, 2024
This is a partial backport of #49171 that just adds a couple plural
resource shortcuts that were missing.
Comment on lines +1226 to +1231
case types.SPIFFECA:
// TODO(strideynet): populate any known manual steps during SPIFFE CA rotation.
fallthrough
case types.OktaCA:
// TODO(smallinsky): populate any known manual steps during Okta CA rotation.
fallthrough
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh btw @strideynet @smallinsky I meant to tag you guys before merging this, but I wasn't sure if there will be any manual steps required during a rotation for the SPIFFE or Okta CAs that the user has to do, if there are we can add them here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport/branch/v17 size/lg tctl tctl - Teleport admin tool
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants