Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GitHub proxy: download GitHub server keys #50891

Merged
merged 2 commits into from
Jan 21, 2025
Merged

GitHub proxy: download GitHub server keys #50891

merged 2 commits into from
Jan 21, 2025

Conversation

greedy52
Copy link
Contributor

@greedy52 greedy52 commented Jan 8, 2025

@greedy52 greedy52 added the no-changelog Indicates that a PR does not require a changelog entry label Jan 8, 2025
espadolini
espadolini reviewed Jan 8, 2025
View reviewed changes
lib/srv/git/github.go Outdated
}

func (c *githubMetadataHTTPClient) fetchFingerprints() ([]string, string, error) {
resp, err := http.Get(c.api)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not use https://pkg.go.dev/github.com/google/go-github/v68/github#MetaService.Get instead? This is something that we likely only need to refresh at most every 24 hours or so.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's a pretty simple get call so i would prefer not to import another package. i also like the idea doing If-None-Match.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I'd rather use pre-existing package to lower the maintenance costs, but it is true an extra dependency of this size is not trivial.

@greedy52 greedy52 requested review from espadolini and Tener January 9, 2025 03:14
Tener
Tener reviewed Jan 9, 2025
View reviewed changes
@greedy52 greedy52 changed the title GitHub proxy: download GitHub server fingerprints GitHub proxy: download GitHub server keys Jan 9, 2025
@greedy52 greedy52 mentioned this pull request Jan 9, 2025
Closed
9 tasks
Base automatically changed from STeve/48762_ssh to master January 14, 2025 22:08
@greedy52 greedy52 closed this Jan 17, 2025
@greedy52 greedy52 force-pushed the STeve/48762_verify_github branch from 4a2bedb to 91a7bfd Compare January 17, 2025 19:26
@greedy52 greedy52 reopened this Jan 17, 2025
@greedy52 greedy52 force-pushed the STeve/48762_verify_github branch 2 times, most recently from e6f0ee3 to 7492d59 Compare January 17, 2025 20:08
@greedy52 greedy52 force-pushed the STeve/48762_verify_github branch from 7492d59 to c794c2f Compare January 17, 2025 20:22
@greedy52 greedy52 requested a review from Tener January 17, 2025 20:30
@greedy52 greedy52 marked this pull request as ready for review January 17, 2025 20:30
@greedy52 greedy52 added backport/branch/v17 github-integration GitHub integration related labels Jan 17, 2025
Tener
Tener reviewed Jan 20, 2025
View reviewed changes
espadolini
espadolini reviewed Jan 20, 2025
View reviewed changes
lib/srv/git/key_manager.go
return trace.Wrap(err)
}

// Start background downloads only when git_servers are found.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you sure we can't do the first fetch synchronously when needed instead of setting up a single-use watcher?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as discussed above #50891 (comment), trying to avoid blocking on the first call. also we could retry upon failures this way.

i am happy to revert it to a lazy fetch on first call if we don't think the implementation is worth it.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the async fetch is preferable. There is value in having the overall service up and running as quickly as possible.

@greedy52 greedy52 added this pull request to the merge queue Jan 21, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Jan 21, 2025
@greedy52 greedy52 added this pull request to the merge queue Jan 21, 2025
Merged via the queue into master with commit ef96070 Jan 21, 2025
41 checks passed
@greedy52 greedy52 deleted the STeve/48762_verify_github branch January 21, 2025 15:18
@public-teleport-github-review-bot
Copy link

@greedy52 See the table below for backport results.

Branch Result
branch/v17 Failed

greedy52 added a commit that referenced this pull request Jan 21, 2025
@greedy52
GitHub proxy: download GitHub server keys (#50891)
e4e936c 
* GitHub proxy: download GitHub server keys

* review comments
@greedy52 greedy52 mentioned this pull request Jan 21, 2025
Merged
github-merge-queue bot pushed a commit that referenced this pull request Jan 22, 2025
@greedy52
[v17] GitHub proxy: download GitHub server keys (#51293)
2a91388 
* GitHub proxy: download GitHub server keys (#50891)

* GitHub proxy: download GitHub server keys

* review comments

* remove empty line from bad merge
carloscastrojumo pushed a commit to carloscastrojumo/teleport that referenced this pull request Feb 19, 2025
@greedy52 @carloscastrojumo
GitHub proxy: download GitHub server keys (gravitational#50891)
3a6b1d4 
* GitHub proxy: download GitHub server keys

* review comments
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Tener Tener Tener approved these changes

@espadolini espadolini espadolini approved these changes

Assignees
No one assigned
Labels
backport/branch/v17 github-integration GitHub integration related no-changelog Indicates that a PR does not require a changelog entry size/md
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@greedy52 @Tener @espadolini