GitHub proxy part 2.5: git_server cache

api/client/client.go

@@ -55,6 +55,7 @@ import (
 	"github.com/gravitational/teleport/api/client/discoveryconfig"
 	"github.com/gravitational/teleport/api/client/dynamicwindows"
 	"github.com/gravitational/teleport/api/client/externalauditstorage"
+	gitserverclient "github.com/gravitational/teleport/api/client/gitserver"
 	kubewaitingcontainerclient "github.com/gravitational/teleport/api/client/kubewaitingcontainer"
 	"github.com/gravitational/teleport/api/client/okta"
 	"github.com/gravitational/teleport/api/client/proto"
@@ -77,7 +78,7 @@ import (
 	discoveryconfigv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/discoveryconfig/v1"
 	dynamicwindowsv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/dynamicwindows/v1"
 	externalauditstoragev1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/externalauditstorage/v1"
-	gitserverv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/gitserver/v1"
+	gitserverpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/gitserver/v1"
 	identitycenterv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/identitycenter/v1"
 	integrationpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/integration/v1"
 	kubeproto "github.com/gravitational/teleport/api/gen/proto/go/teleport/kube/v1"
@@ -4876,8 +4877,8 @@ func (c *Client) UserTasksServiceClient() *usertaskapi.Client {
 }
 
 // GitServerClient returns a client for managing git servers
-func (c *Client) GitServerClient() gitserverv1.GitServerServiceClient {
-	return gitserverv1.NewGitServerServiceClient(c.conn)
+func (c *Client) GitServerClient() *gitserverclient.Client {
+	return gitserverclient.NewClient(gitserverpb.NewGitServerServiceClient(c.conn))
 }
 
 // GetCertAuthority retrieves a CA by type and domain.

api/client/events.go

@@ -171,8 +171,15 @@ func EventToGRPC(in types.Event) (*proto.Event, error) {
 			Namespace: r,
 		}
 	case *types.ServerV2:
-		out.Resource = &proto.Event_Server{
-			Server: r,
+		switch r.GetKind() {
+		case types.KindGitServer:
+			out.Resource = &proto.Event_GitServer{
+				GitServer: r,
+			}
+		default:
+			out.Resource = &proto.Event_Server{
+				Server: r,
+			}
 		}
 	case *types.ReverseTunnelV2:
 		out.Resource = &proto.Event_ReverseTunnel{
@@ -609,6 +616,9 @@ func EventFromGRPC(in *proto.Event) (*types.Event, error) {
 	} else if r := in.GetIdentityCenterAccountAssignment(); r != nil {
 		out.Resource = types.Resource153ToLegacy(r)
 		return &out, nil
+	} else if r := in.GetGitServer(); r != nil {
+		out.Resource = r
+		return &out, nil
 	} else {
 		return nil, trace.BadParameter("received unsupported resource %T", in.Resource)
 	}

api/client/gitserver/gitserver.go

@@ -0,0 +1,124 @@
+// Copyright 2024 Gravitational, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package gitserver
+
+import (
+	"context"
+	"github.com/gravitational/trace"
+
+	gitserverv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/gitserver/v1"
+	"github.com/gravitational/teleport/api/types"
+)
+
+// Client is an External Audit Storage client.
+type Client struct {
+	grpcClient gitserverv1.GitServerServiceClient
+}
+
+// NewClient creates a new ExternalAuditStorage client.
+func NewClient(grpcClient gitserverv1.GitServerServiceClient) *Client {
+	return &Client{
+		grpcClient: grpcClient,
+	}
+}
+
+// GetGitServer returns Git servers by name.
+func (c *Client) GetGitServer(ctx context.Context, name string) (types.Server, error) {
+	server, err := c.grpcClient.GetGitServer(ctx, &gitserverv1.GetGitServerRequest{Name: name})
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	return server, nil
+}
+
+// ListGitServers returns all Git servers matching filter.
+func (c *Client) ListGitServers(ctx context.Context, pageSize int, pageToken string) ([]types.Server, string, error) {
+	resp, err := c.grpcClient.ListGitServers(ctx, &gitserverv1.ListGitServersRequest{
+		PageSize:  int32(pageSize),
+		PageToken: pageToken,
+	})
+	if err != nil {
+		return nil, "", trace.Wrap(err)
+	}
+
+	servers := make([]types.Server, 0, len(resp.Servers))
+	for _, server := range resp.Servers {
+		servers = append(servers, server)
+	}
+	return servers, resp.NextPageToken, nil
+}
+
+func toServerV2(server types.Server) (*types.ServerV2, error) {
+	serverV2, ok := server.(*types.ServerV2)
+	if !ok {
+		return nil, trace.Errorf("encountered unexpected server type: %T", serverV2)
+	}
+	return serverV2, nil
+}
+
+// CreateGitServer creates a Git server resource.
+func (c *Client) CreateGitServer(ctx context.Context, item types.Server) (types.Server, error) {
+	serverV2, err := toServerV2(item)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	resp, err := c.grpcClient.CreateGitServer(ctx, &gitserverv1.CreateGitServerRequest{
+		Server: serverV2,
+	})
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	return resp, nil
+}
+
+// UpdateGitServer updates a Git server resource.
+func (c *Client) UpdateGitServer(ctx context.Context, item types.Server) (types.Server, error) {
+	serverV2, err := toServerV2(item)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	resp, err := c.grpcClient.UpdateGitServer(ctx, &gitserverv1.UpdateGitServerRequest{
+		Server: serverV2,
+	})
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	return resp, nil
+}
+
+// UpsertGitServer updates a Git server resource, creating it if it doesn't exist.
+func (c *Client) UpsertGitServer(ctx context.Context, item types.Server) (types.Server, error) {
+	serverV2, err := toServerV2(item)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	resp, err := c.grpcClient.UpsertGitServer(ctx, &gitserverv1.UpsertGitServerRequest{
+		Server: serverV2,
+	})
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	return resp, nil
+}
+
+// DeleteGitServer removes the specified Git server resource.
+func (c *Client) DeleteGitServer(ctx context.Context, name string) error {
+	_, err := c.grpcClient.DeleteGitServer(ctx, &gitserverv1.DeleteGitServerRequest{Name: name})
+	return trace.Wrap(err)
+}
+
+// DeleteAllGitServers removes all Git server resources.
+func (c *Client) DeleteAllGitServers(ctx context.Context) error {
+	return trace.NotImplemented("delete all git servers not implemented")
+}

api/proto/teleport/legacy/client/proto/event.proto

@@ -206,5 +206,7 @@ message Event {
     // IdentityCenterAccountlAssignment is a resource representing a potential
     // Permission Set grant on a specific AWS account.
     teleport.identitycenter.v1.AccountAssignment IdentityCenterAccountAssignment = 74;
+    // GitServer is a resource for Git proxy server.
+    types.ServerV2 GitServer = 75;
   }
 }

lib/auth/accesspoint/accesspoint.go

@@ -108,6 +108,7 @@ type Config struct {
 	AutoUpdateService       services.AutoUpdateServiceGetter
 	ProvisioningStates      services.ProvisioningStates
 	IdentityCenter          services.IdentityCenter
+	GitServers              services.GitServers
 }
 
 func (c *Config) CheckAndSetDefaults() error {
@@ -205,6 +206,7 @@ func NewCache(cfg Config) (*cache.Cache, error) {
 		DynamicWindowsDesktops:  cfg.DynamicWindowsDesktops,
 		ProvisioningStates:      cfg.ProvisioningStates,
 		IdentityCenter:          cfg.IdentityCenter,
+		GitServers:              cfg.GitServers,
 	}
 
 	return cache.New(cfg.Setup(cacheCfg))

lib/auth/authclient/clt.go

@@ -35,6 +35,7 @@ import (
 	"github.com/gravitational/teleport/api/client/databaseobject"
 	"github.com/gravitational/teleport/api/client/dynamicwindows"
 	"github.com/gravitational/teleport/api/client/externalauditstorage"
+	"github.com/gravitational/teleport/api/client/gitserver"
 	"github.com/gravitational/teleport/api/client/proto"
 	"github.com/gravitational/teleport/api/client/secreport"
 	"github.com/gravitational/teleport/api/client/usertask"
@@ -43,7 +44,6 @@ import (
 	clusterconfigpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/clusterconfig/v1"
 	dbobjectimportrulev1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/dbobjectimportrule/v1"
 	devicepb "github.com/gravitational/teleport/api/gen/proto/go/teleport/devicetrust/v1"
-	gitserverv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/gitserver/v1"
 	identitycenterv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/identitycenter/v1"
 	integrationv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/integration/v1"
 	loginrulepb "github.com/gravitational/teleport/api/gen/proto/go/teleport/loginrule/v1"
@@ -1893,5 +1893,5 @@ type ClientI interface {
 	ProvisioningServiceClient() provisioningv1.ProvisioningServiceClient
 
 	// GitServerClient returns git server client.
-	GitServerClient() gitserverv1.GitServerServiceClient
+	GitServerClient() *gitserver.Client
 }