Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v17] Add multi-port support for TCP apps #49711

Open
wants to merge 5 commits into
base: branch/v17
Choose a base branch
from
Open

[v17] Add multi-port support for TCP apps #49711

wants to merge 5 commits into from
+8,869 −6,829

Conversation

ravicious
Copy link
Member

@ravicious ravicious commented Dec 3, 2024
edited
Loading

Backports:

This is the "backend" part of multi-port support. The only conflicts were in protos, since #49300 adds AppIdentityCenter to AppSpecV3 under the index of 12 but it hasn't been merged yet (I guess it waits for v17.1 too).

changelog: Added support for multiple ports to TCP applications

@ravicious ravicious force-pushed the r7s/v17/backport-multi-port-backend branch from 29c4a88 to ba7e743 Compare December 3, 2024 17:10
@github-actions github-actions bot added application-access backport documentation rfd Request for Discussion size/xl tctl tctl - Teleport admin tool labels Dec 3, 2024
nklaassen
nklaassen approved these changes Dec 3, 2024
View reviewed changes
Copy link
Contributor

@nklaassen nklaassen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

make sure one of the backports gets a changelog entry

api/proto/teleport/legacy/types/types.proto Show resolved Hide resolved
@github-actions GitHub Actions

This comment was marked as off-topic.

Sign in to view
@github-actions GitHub Actions

This comment was marked as off-topic.

Sign in to view
@ravicious ravicious removed the request for review from espadolini December 4, 2024 09:33
@ravicious ravicious mentioned this pull request Dec 10, 2024
Open
@github-actions GitHub Actions

This comment was marked as off-topic.

Sign in to view
@ravicious
Add Ports field to app spec
e76b7dc 
* Add Ports to AppSpecV3

* Validate ports of api/types.AppV3

* Add Ports to lib/config and lib/service/servicecfg

* lib/config TestApps: Improve error messages

* lib/service: Convert servicecfg.PortRange to types.PortRange

* Add multi-port TCP apps to config and tctl tests

* Rename Ports to TCPPorts

* Change port fields to uint16 where possible

* Update comments for Port and EndPort

* Extract port range validation to api/utils/net

* Replace custom check type with require.ErrorAssertionFunc
@ravicious
Add TargetPort to RouteToApp & use it to route connections to mul…
e9bb401 
…ti-port TCP apps

* Add TargetPort to RouteToApp and AppMetadata proto messages

* Pass TargetPort during cert generation

* Refactor Pack.makeTLSConfig to accept struct

This will make it easier to add targetPort to it.

* Add labels to UUIDs used by appaccess test pack app servers

This makes them easier to distinguish when routing doesn't work as expected.

* Refactor Pack.CreateAppSession to accept a struct

* TestTCP: Create app session within test

If we kept the old code, we'd need to manually create a session for each
target port, which would create a lot of duplication.

* Prepare integration test fixtures for multi-port tests

* Add api/utils/net.IsPortInRange

* Use TargetPort when routing TCP connections

* Inline dialMultiPortTCPApp, centralize logic

* Check target port when connecting to single-port app

* Reorder check in IsPortInRange

* Use int instead of uint16

* Extract picking dialTarget to separate function

* Improve err msg for single-port apps when targetPort != uriPort

* Fix unnecessary conversion to int
@ravicious
Pass port from VNet to local proxy
785004c 
* Prepare app specs in tests for specifying TCP ports

* Refactor logging in lib/vnet/app_resolver.go

Use libutils.NewPackageLogger, call it log instead of slog which makes
it harder to use the imported default slog logger instead of the one from
a struct.

Move creation of logger within TCPAppResolver.resolveTCPHandlerForCluster

* Pass port from VNet to local proxy

* Don't create another package logger

* Don't pass logger to newTCPAppHandler

* Fix typo in comment

* Explicitly pass port to dialHost

* Convert multi-line definitions of simple appSpecs to single-line

* Add TODO comment about validating local port

* Empty commit to trigger CI
@ravicious ravicious force-pushed the r7s/v17/backport-multi-port-backend branch from 0680d31 to 785004c Compare December 10, 2024 11:16
@ravicious ravicious mentioned this pull request Dec 10, 2024
Open
@github-actions GitHub Actions

This comment was marked as off-topic.

Sign in to view
@public-teleport-github-review-bot
Copy link

@ravicious - this PR will require admin approval to merge due to its size. Consider breaking it up into a series smaller changes.

@ravicious ravicious requested a review from zmb3 December 16, 2024 10:10
@github-actions GitHub Actions

This comment was marked as off-topic.

Sign in to view
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nklaassen nklaassen nklaassen approved these changes

@marcoandredinis marcoandredinis marcoandredinis approved these changes

@zmb3 zmb3 Awaiting requested review from zmb3

Assignees
No one assigned
Labels
application-access backport documentation rfd Request for Discussion size/xl tctl tctl - Teleport admin tool
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ravicious @marcoandredinis @nklaassen