Skip to content

Commit

Permalink
GitHub proxy part 2.5: git_server cache (#49564)
Browse files Browse the repository at this point in the history
* GitHub proxy part 2.5: git_server cache

* revert event

* fix getAll

* review comments
  • Loading branch information
greedy52 authored Dec 5, 2024
1 parent 01fc9f0 commit c4d0dc4
Show file tree
Hide file tree
Showing 14 changed files with 390 additions and 27 deletions.
7 changes: 4 additions & 3 deletions api/client/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ import (
"github.com/gravitational/teleport/api/client/discoveryconfig"
"github.com/gravitational/teleport/api/client/dynamicwindows"
"github.com/gravitational/teleport/api/client/externalauditstorage"
gitserverclient "github.com/gravitational/teleport/api/client/gitserver"
kubewaitingcontainerclient "github.com/gravitational/teleport/api/client/kubewaitingcontainer"
"github.com/gravitational/teleport/api/client/okta"
"github.com/gravitational/teleport/api/client/proto"
Expand All @@ -77,7 +78,7 @@ import (
discoveryconfigv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/discoveryconfig/v1"
dynamicwindowsv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/dynamicwindows/v1"
externalauditstoragev1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/externalauditstorage/v1"
gitserverv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/gitserver/v1"
gitserverpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/gitserver/v1"
identitycenterv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/identitycenter/v1"
integrationpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/integration/v1"
kubeproto "github.com/gravitational/teleport/api/gen/proto/go/teleport/kube/v1"
Expand Down Expand Up @@ -4876,8 +4877,8 @@ func (c *Client) UserTasksServiceClient() *usertaskapi.Client {
}

// GitServerClient returns a client for managing git servers
func (c *Client) GitServerClient() gitserverv1.GitServerServiceClient {
return gitserverv1.NewGitServerServiceClient(c.conn)
func (c *Client) GitServerClient() *gitserverclient.Client {
return gitserverclient.NewClient(gitserverpb.NewGitServerServiceClient(c.conn))
}

// GetCertAuthority retrieves a CA by type and domain.
Expand Down
125 changes: 125 additions & 0 deletions api/client/gitserver/gitserver.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,125 @@
// Copyright 2024 Gravitational, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package gitserver

import (
"context"

"github.com/gravitational/trace"

gitserverv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/gitserver/v1"
"github.com/gravitational/teleport/api/types"
)

// Client is an Git servers client.
type Client struct {
grpcClient gitserverv1.GitServerServiceClient
}

// NewClient creates a new Git servers client.
func NewClient(grpcClient gitserverv1.GitServerServiceClient) *Client {
return &Client{
grpcClient: grpcClient,
}
}

// GetGitServer returns Git servers by name.
func (c *Client) GetGitServer(ctx context.Context, name string) (types.Server, error) {
server, err := c.grpcClient.GetGitServer(ctx, &gitserverv1.GetGitServerRequest{Name: name})
if err != nil {
return nil, trace.Wrap(err)
}
return server, nil
}

// ListGitServers returns all Git servers matching filter.
func (c *Client) ListGitServers(ctx context.Context, pageSize int, pageToken string) ([]types.Server, string, error) {
resp, err := c.grpcClient.ListGitServers(ctx, &gitserverv1.ListGitServersRequest{
PageSize: int32(pageSize),
PageToken: pageToken,
})
if err != nil {
return nil, "", trace.Wrap(err)
}

servers := make([]types.Server, 0, len(resp.Servers))
for _, server := range resp.Servers {
servers = append(servers, server)
}
return servers, resp.NextPageToken, nil
}

func toServerV2(server types.Server) (*types.ServerV2, error) {
serverV2, ok := server.(*types.ServerV2)
if !ok {
return nil, trace.Errorf("encountered unexpected server type: %T", serverV2)
}
return serverV2, nil
}

// CreateGitServer creates a Git server resource.
func (c *Client) CreateGitServer(ctx context.Context, item types.Server) (types.Server, error) {
serverV2, err := toServerV2(item)
if err != nil {
return nil, trace.Wrap(err)
}
resp, err := c.grpcClient.CreateGitServer(ctx, &gitserverv1.CreateGitServerRequest{
Server: serverV2,
})
if err != nil {
return nil, trace.Wrap(err)
}
return resp, nil
}

// UpdateGitServer updates a Git server resource.
func (c *Client) UpdateGitServer(ctx context.Context, item types.Server) (types.Server, error) {
serverV2, err := toServerV2(item)
if err != nil {
return nil, trace.Wrap(err)
}
resp, err := c.grpcClient.UpdateGitServer(ctx, &gitserverv1.UpdateGitServerRequest{
Server: serverV2,
})
if err != nil {
return nil, trace.Wrap(err)
}
return resp, nil
}

// UpsertGitServer updates a Git server resource, creating it if it doesn't exist.
func (c *Client) UpsertGitServer(ctx context.Context, item types.Server) (types.Server, error) {
serverV2, err := toServerV2(item)
if err != nil {
return nil, trace.Wrap(err)
}
resp, err := c.grpcClient.UpsertGitServer(ctx, &gitserverv1.UpsertGitServerRequest{
Server: serverV2,
})
if err != nil {
return nil, trace.Wrap(err)
}
return resp, nil
}

// DeleteGitServer removes the specified Git server resource.
func (c *Client) DeleteGitServer(ctx context.Context, name string) error {
_, err := c.grpcClient.DeleteGitServer(ctx, &gitserverv1.DeleteGitServerRequest{Name: name})
return trace.Wrap(err)
}

// DeleteAllGitServers removes all Git server resources.
func (c *Client) DeleteAllGitServers(ctx context.Context) error {
return trace.NotImplemented("DeleteAllGitServers servers not implemented")
}
2 changes: 2 additions & 0 deletions lib/auth/accesspoint/accesspoint.go
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,7 @@ type Config struct {
ProvisioningStates services.ProvisioningStates
IdentityCenter services.IdentityCenter
PluginStaticCredentials services.PluginStaticCredentials
GitServers services.GitServers
}

func (c *Config) CheckAndSetDefaults() error {
Expand Down Expand Up @@ -207,6 +208,7 @@ func NewCache(cfg Config) (*cache.Cache, error) {
ProvisioningStates: cfg.ProvisioningStates,
IdentityCenter: cfg.IdentityCenter,
PluginStaticCredentials: cfg.PluginStaticCredentials,
GitServers: cfg.GitServers,
}

return cache.New(cfg.Setup(cacheCfg))
Expand Down
4 changes: 2 additions & 2 deletions lib/auth/authclient/clt.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ import (
"github.com/gravitational/teleport/api/client/databaseobject"
"github.com/gravitational/teleport/api/client/dynamicwindows"
"github.com/gravitational/teleport/api/client/externalauditstorage"
"github.com/gravitational/teleport/api/client/gitserver"
"github.com/gravitational/teleport/api/client/proto"
"github.com/gravitational/teleport/api/client/secreport"
"github.com/gravitational/teleport/api/client/usertask"
Expand All @@ -43,7 +44,6 @@ import (
clusterconfigpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/clusterconfig/v1"
dbobjectimportrulev1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/dbobjectimportrule/v1"
devicepb "github.com/gravitational/teleport/api/gen/proto/go/teleport/devicetrust/v1"
gitserverv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/gitserver/v1"
identitycenterv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/identitycenter/v1"
integrationv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/integration/v1"
loginrulepb "github.com/gravitational/teleport/api/gen/proto/go/teleport/loginrule/v1"
Expand Down Expand Up @@ -1896,5 +1896,5 @@ type ClientI interface {
IntegrationsClient() integrationv1.IntegrationServiceClient

// GitServerClient returns git server client.
GitServerClient() gitserverv1.GitServerServiceClient
GitServerClient() *gitserver.Client
}
1 change: 1 addition & 0 deletions lib/auth/helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -371,6 +371,7 @@ func NewTestAuthServer(cfg TestAuthServerConfig) (*TestAuthServer, error) {
WindowsDesktops: svces.WindowsDesktops,
DynamicWindowsDesktops: svces.DynamicWindowsDesktops,
PluginStaticCredentials: svces.PluginStaticCredentials,
GitServers: svces.GitServers,
})
if err != nil {
return nil, trace.Wrap(err)
Expand Down
13 changes: 13 additions & 0 deletions lib/cache/cache.go
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,7 @@ var highVolumeResources = map[string]struct{}{
types.KindWindowsDesktopService: {},
types.KindKubeServer: {},
types.KindDatabaseObject: {},
types.KindGitServer: {},
}

func isHighVolumeResource(kind string) bool {
Expand Down Expand Up @@ -199,6 +200,7 @@ func ForAuth(cfg Config) Config {
{Kind: types.KindIdentityCenterPrincipalAssignment},
{Kind: types.KindIdentityCenterAccountAssignment},
{Kind: types.KindPluginStaticCredentials},
{Kind: types.KindGitServer},
}
cfg.QueueSize = defaults.AuthQueueSize
// We don't want to enable partial health for auth cache because auth uses an event stream
Expand Down Expand Up @@ -256,6 +258,7 @@ func ForProxy(cfg Config) Config {
{Kind: types.KindAutoUpdateVersion},
{Kind: types.KindAutoUpdateAgentRollout},
{Kind: types.KindUserTask},
{Kind: types.KindGitServer},
}
cfg.QueueSize = defaults.ProxyQueueSize
return cfg
Expand Down Expand Up @@ -552,6 +555,7 @@ type Cache struct {
provisioningStatesCache *local.ProvisioningStateService
identityCenterCache *local.IdentityCenterService
pluginStaticCredentialsCache *local.PluginStaticCredentialsService
gitServersCache *local.GitServerService

// closed indicates that the cache has been closed
closed atomic.Bool
Expand Down Expand Up @@ -788,6 +792,8 @@ type Config struct {
IdentityCenter services.IdentityCenter
// PluginStaticCredentials is the plugin static credentials services
PluginStaticCredentials services.PluginStaticCredentials
// GitServers is the Git server service.
GitServers services.GitServerGetter
}

// CheckAndSetDefaults checks parameters and sets default values
Expand Down Expand Up @@ -1033,6 +1039,12 @@ func New(config Config) (*Cache, error) {
return nil, trace.Wrap(err)
}

gitServersCache, err := local.NewGitServerService(config.Backend)
if err != nil {
cancel()
return nil, trace.Wrap(err)
}

cs := &Cache{
ctx: ctx,
cancel: cancel,
Expand Down Expand Up @@ -1081,6 +1093,7 @@ func New(config Config) (*Cache, error) {
provisioningStatesCache: provisioningStatesCache,
identityCenterCache: identityCenterCache,
pluginStaticCredentialsCache: pluginStaticCredentialsCache,
gitServersCache: gitServersCache,
Logger: log.WithFields(log.Fields{
teleport.ComponentKey: config.Component,
}),
Expand Down
12 changes: 12 additions & 0 deletions lib/cache/cache_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,7 @@ type testPack struct {
provisioningStates services.ProvisioningStates
identityCenter services.IdentityCenter
pluginStaticCredentials *local.PluginStaticCredentialsService
gitServers services.GitServers
}

// testFuncs are functions to support testing an object in a cache.
Expand Down Expand Up @@ -409,6 +410,11 @@ func newPackWithoutCache(dir string, opts ...packOption) (*testPack, error) {
return nil, trace.Wrap(err)
}

p.gitServers, err = local.NewGitServerService(p.backend)
if err != nil {
return nil, trace.Wrap(err)
}

return p, nil
}

Expand Down Expand Up @@ -463,6 +469,7 @@ func newPack(dir string, setupConfig func(c Config) Config, opts ...packOption)
ProvisioningStates: p.provisioningStates,
IdentityCenter: p.identityCenter,
PluginStaticCredentials: p.pluginStaticCredentials,
GitServers: p.gitServers,
MaxRetryPeriod: 200 * time.Millisecond,
EventsC: p.eventsC,
}))
Expand Down Expand Up @@ -878,6 +885,7 @@ func TestCompletenessInit(t *testing.T) {
IdentityCenter: p.identityCenter,
PluginStaticCredentials: p.pluginStaticCredentials,
EventsC: p.eventsC,
GitServers: p.gitServers,
}))
require.NoError(t, err)

Expand Down Expand Up @@ -963,6 +971,7 @@ func TestCompletenessReset(t *testing.T) {
PluginStaticCredentials: p.pluginStaticCredentials,
MaxRetryPeriod: 200 * time.Millisecond,
EventsC: p.eventsC,
GitServers: p.gitServers,
}))
require.NoError(t, err)

Expand Down Expand Up @@ -1175,6 +1184,7 @@ func TestListResources_NodesTTLVariant(t *testing.T) {
MaxRetryPeriod: 200 * time.Millisecond,
EventsC: p.eventsC,
neverOK: true, // ensure reads are never healthy
GitServers: p.gitServers,
}))
require.NoError(t, err)

Expand Down Expand Up @@ -1270,6 +1280,7 @@ func initStrategy(t *testing.T) {
PluginStaticCredentials: p.pluginStaticCredentials,
MaxRetryPeriod: 200 * time.Millisecond,
EventsC: p.eventsC,
GitServers: p.gitServers,
}))
require.NoError(t, err)

Expand Down Expand Up @@ -3544,6 +3555,7 @@ func TestCacheWatchKindExistsInEvents(t *testing.T) {
types.KindIdentityCenterAccountAssignment: types.Resource153ToLegacy(newIdentityCenterAccountAssignment("some_account_assignment")),
types.KindIdentityCenterPrincipalAssignment: types.Resource153ToLegacy(newIdentityCenterPrincipalAssignment("some_principal_assignment")),
types.KindPluginStaticCredentials: &types.PluginStaticCredentialsV1{},
types.KindGitServer: &types.ServerV2{},
}

for name, cfg := range cases {
Expand Down
14 changes: 14 additions & 0 deletions lib/cache/collections.go
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,7 @@ type cacheCollections struct {
identityCenterPrincipalAssignments collectionReader[identityCenterPrincipalAssignmentGetter]
identityCenterAccountAssignments collectionReader[identityCenterAccountAssignmentGetter]
pluginStaticCredentials collectionReader[pluginStaticCredentialsGetter]
gitServers collectionReader[services.GitServerGetter]
}

// setupCollections returns a registry of collections.
Expand Down Expand Up @@ -799,6 +800,19 @@ func setupCollections(c *Cache, watches []types.WatchKind) (*cacheCollections, e
}
collections.byKind[resourceKind] = collections.pluginStaticCredentials

case types.KindGitServer:
if c.GitServers == nil {
return nil, trace.BadParameter("missing parameter GitServers")
}
collections.gitServers = &genericCollection[
types.Server,
services.GitServerGetter,
gitServerExecutor,
]{
cache: c,
watch: watch,
}
collections.byKind[resourceKind] = collections.gitServers
default:
return nil, trace.BadParameter("resource %q is not supported", watch.Kind)
}
Expand Down
Loading

0 comments on commit c4d0dc4

Please sign in to comment.