Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Migrate teleport package to use go/build #35267

Merged
merged 6 commits into from
Dec 3, 2024
Merged

Migrate teleport package to use go/build #35267

Changes from 3 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
d546a2e
convert package to use go/build and expand test coverage
mamccorm Nov 26, 2024
67d4a23
small tweak to re-trigger elasticbuild
mamccorm Nov 26, 2024
73618f4
Add additional test for proxy service
mamccorm Nov 26, 2024
d3a2f0f
Add 'auditable'
mamccorm Nov 27, 2024
9d0fa38
combine some of the go/build commands
mamccorm Nov 30, 2024
f185035
Merge branch 'main' into teleport-update
mamccorm Nov 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
190 changes: 166 additions & 24 deletions teleport.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
package:
name: teleport
version: 17.0.1
version: 17.0.2
epoch: 0
description: The easiest, and most secure way to access and protect all of your infrastructure.
copyright:
Expand All @@ -18,6 +18,7 @@ environment:
- build-base
- busybox
- ca-certificates-bundle
- cargo-auditable
- corepack
- go
- node-gyp
Expand All @@ -26,6 +27,7 @@ environment:
- openssl-dev
- pnpm
- python3
- rust
- rustup
- wasm-pack
- yarn
Expand All @@ -35,32 +37,62 @@ pipeline:
- uses: git-checkout
with:
repository: https://github.com/gravitational/teleport
expected-commit: dc5837102a82fdfc4807a8c760839f4ca4be08a9
expected-commit: a5c84e4b74f1da43a44bd6c18ae184f612fb26f6
tag: v${{package.version}}

- uses: go/bump
with:
deps: github.com/golang-jwt/jwt/[email protected]

- runs: |
# https://github.com/gravitational/teleport#building-teleport
mkdir -p "${{targets.contextdir}}"/var/lib/teleport
mkdir -p "${{targets.contextdir}}"/usr/local/bin

# This build requires the stable version of rust, managed by rustup, because it requires a few other toolchains too.
rustup install stable
rustup default stable
ARCH=$(uname -m)
export PATH="$HOME/.rustup/toolchains/stable-${ARCH}-unknown-linux-gnu/bin:$PATH"
rustup target add wasm32-unknown-unknown

# This is a bit of a hack, but it's the easiest way to get the right version of rustc and cargo in the path.
export PATH="$HOME/.rustup/toolchains/stable-${{host.triplet.rust}}/bin:$PATH"
make full
pnpm config set package-import-method copy

# create me a for loop that iterates over the binaries in build/
# and installs them to "${{targets.contextdir}}"/usr/local/bin
for bin in build/*; do
echo "Installing $bin to /usr/local/bin"
install -Dm755 $bin -t "${{targets.contextdir}}"/usr/local/bin
mamccorm marked this conversation as resolved.
Show resolved Hide resolved
done
# Install dependencies and build web assets
make ensure-js-deps
make ensure-webassets

- uses: go/build
with:
packages: ./tool/teleport
output: teleport
tags: webassets_embed,kustomize_disable_go_plugin_support
mamccorm marked this conversation as resolved.
Show resolved Hide resolved

- uses: go/build
with:
packages: ./tool/tctl
output: tctl
tags: kustomize_disable_go_plugin_support

- uses: go/build
with:
packages: ./tool/tsh
mamccorm marked this conversation as resolved.
Show resolved Hide resolved
output: tsh
tags: kustomize_disable_go_plugin_support

- uses: go/build
with:
packages: ./tool/tbot
output: tbot
tags: kustomize_disable_go_plugin_support

- uses: go/build
with:
packages: ./tool/teleport-update
output: teleport-update
tags: kustomize_disable_go_plugin_support

- runs: |
cd tool/fdpass-teleport && cargo build --release --locked
mamccorm marked this conversation as resolved.
Show resolved Hide resolved
install -Dm755 target/release/fdpass-teleport "${{targets.contextdir}}"/usr/local/bin/

- uses: strip

Expand All @@ -75,18 +107,10 @@ test:
contents:
packages:
- wait-for-it
- curl
pipeline:
- runs: |
teleport configure -o file
teleport start -c /etc/teleport.yaml &

# wait for teleport to start :3080
wait-for-it localhost:3080 -t 10

echo "Teleport is running on port 3080!"

# create a user
tctl get roles --format=text
- name: Check binary versions
runs: |
tbot version
tbot --help
tctl version
Expand All @@ -95,3 +119,121 @@ test:
teleport --help
tsh version
tsh --help
- name: Test auth service and tctl
runs: |
#!/bin/bash
set -e

# Create required directories
mkdir -p /tmp/teleport
mkdir -p /var/lib/teleport

# Create minimal config file for auth server
cat <<-EOF > /tmp/teleport-auth.yaml
version: v3
teleport:
data_dir: /tmp/teleport
log:
output: stderr
severity: DEBUG
auth_service:
enabled: "yes"
cluster_name: "test-cluster"
listen_addr: 127.0.0.1:3025
tokens:
- "proxy,node:test123"
proxy_service:
enabled: "no"
ssh_service:
enabled: "no"
EOF

# Initialize auth server with static UUID for tctl
echo "00000000-0000-0000-0000-000000000000" > /var/lib/teleport/host_uuid
chmod 644 /var/lib/teleport/host_uuid

# Start auth server
teleport start --config=/tmp/teleport-auth.yaml --roles=auth &
AUTH_PID=$!

# Wait for auth server
wait-for-it 127.0.0.1:3025 -t 30 || (kill $AUTH_PID; exit 1)

# Give auth server time to initialize
sleep 5

# Test tctl
TCTL_CONFIG=$(base64 /tmp/teleport-auth.yaml)
TELEPORT_CONFIG="$TCTL_CONFIG" tctl get roles --format=text

echo "Auth service test successful!"
kill $AUTH_PID
- name: Test proxy service
runs: |
#!/bin/bash
set -e

# Create required directories
mkdir -p /tmp/teleport-auth /tmp/teleport-proxy

# Create auth server config
cat <<-EOF > /tmp/teleport-auth.yaml
version: v3
teleport:
data_dir: /tmp/teleport-auth
log:
output: stderr
severity: DEBUG
auth_service:
enabled: "yes"
cluster_name: "test-cluster"
listen_addr: 127.0.0.1:3025
tokens:
- "proxy,node:test123"
proxy_service:
enabled: "no"
ssh_service:
enabled: "no"
EOF

# Create proxy config
cat <<-EOF > /tmp/teleport-proxy.yaml
version: v3
teleport:
data_dir: /tmp/teleport-proxy
auth_token: "test123"
auth_server: "127.0.0.1:3025"
proxy_service:
enabled: "yes"
web_listen_addr: "127.0.0.1:3080"
listen_addr: "127.0.0.1:3023"
auth_service:
enabled: "no"
ssh_service:
enabled: "no"
EOF

# Start auth server
teleport start --config=/tmp/teleport-auth.yaml --roles=auth &
AUTH_PID=$!

# Wait for auth server
wait-for-it 127.0.0.1:3025 -t 30 || (kill $AUTH_PID; exit 1)

# Start proxy
teleport start --config=/tmp/teleport-proxy.yaml --roles=proxy &
PROXY_PID=$!

# Wait for proxy
wait-for-it 127.0.0.1:3080 -t 30 || (kill $AUTH_PID $PROXY_PID; exit 1)

# Test proxy web interface with HTTPS
HTTP_CODE=$(curl -k -s -o /dev/null -w "%{http_code}" https://127.0.0.1:3080/webapi/ping)
if [ "$HTTP_CODE" != "200" ]; then
echo "Proxy web interface test failed with HTTP code: $HTTP_CODE"
kill $AUTH_PID $PROXY_PID
exit 1
fi

echo "Proxy test successful!"
kill $AUTH_PID $PROXY_PID
Loading