Reorganize tctl commands to not require an auth client by default #48894
Conversation
github-actions
bot
added
tctl
vapopov
force-pushed
the
vapopov/reorgonize-tctl-commands
branch
from
ceef55e to
3d57ff8
Compare
vapopov
force-pushed
the
vapopov/reorgonize-tctl-commands
branch
from
3d57ff8 to
fa9f372
Compare
|
I don't love this approach but I'm struggling to come up with a better idea at the moment.. 🤔 |
@zmb3 I tried couple other options but they also look not perfect, like to make auth client initialization as lazy loading so only commands which requires auth going to init connection, and another one - not return error if auth client failed to init, so in commands TryRun(ctx context.Context, cmd string, client *authclient.Client) |
There was a problem hiding this comment.
I agree with Zac, I'm not particularly fond of splitting up the commands. We could potentially expand on your suggestion to have the client be lazily constructed and instead of
TryRun(ctx context.Context, cmd string, client *authclient.Client)we could do
TryRun(ctx context.Context, cmd string, clientFunc func() *authclient.Client)In that scenario, the logic of building the client can stay where it is, but only be executed if the command requires an authenticated connection to the cluster.
vapopov
added
the
no-changelog
|
I've refactored to have separate auth client initialization after command matching |
tool/tctl/common/auth_command.go
Outdated
| switch cmd { | ||
| case a.authGenerate.FullCommand(): | ||
| err = a.GenerateKeys(ctx, client) | ||
| client, clientClose, err := clientFunc(ctx) |
There was a problem hiding this comment.
There's a lot of repeated code here. Would it be simpler to run the clientFunc prior to the switch?
There was a problem hiding this comment.
In this case we init auth client (start checking profile folder, establish connection, request ping) before actual matching the command has to be run. We need to identify what command it is by FullCommand() and then each command decides if auth client is required
Replace logrus to use slog
vapopov
force-pushed
the
vapopov/reorgonize-tctl-commands
branch
from
7240ab5 to
b6fe948
Compare
|
would appreciate of review of this PR |
vapopov
force-pushed
the
vapopov/reorgonize-tctl-commands
branch
from
0569781 to
c68f24f
Compare
|
one more review by any chance |
| func (c *fido2Command) TryRun(ctx context.Context, cmd string, _ commonclient.InitFunc) (match bool, err error) { | ||
| return c.impl.TryRun(ctx, cmd) |
There was a problem hiding this comment.
This PR makes the fido2 command work even without a valid client, nice :)
public-teleport-github-review-bot
bot
removed request for
r0mant and
espadolini
…lient Code review changes
vapopov
force-pushed
the
vapopov/reorgonize-tctl-commands
branch
from
70123e6 to
4b1e596
Compare
vapopov
changed the title
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
…8894) * Reorganize tctl commands to have commands not required auth client * Replace auth client with lazy loading approach * Fix linter warning * Replace camel case in import alias Replace logrus to use slog * Rename close function * Refactor plugin commands to use interface of auth client and plugin client Code review changes * Refactor workload identity commands * Add access to global config for the commands * Add test checking all tctl commands match process * Fix golangci-lint warnings
…8894) * Reorganize tctl commands to have commands not required auth client * Replace auth client with lazy loading approach * Fix linter warning * Replace camel case in import alias Replace logrus to use slog * Rename close function * Refactor plugin commands to use interface of auth client and plugin client Code review changes * Refactor workload identity commands * Add access to global config for the commands * Add test checking all tctl commands match process * Fix golangci-lint warnings
In this PR added ability to declare tctl commands which not required auth client such as version command
Related: #47692 (comment)