-
Notifications
You must be signed in to change notification settings - Fork 82
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pagerduty plugin migration to new API client and support of new Teleport features #220
Conversation
@marshall-lee does it close it with the new auto behavior as well? |
ee663d3
to
28679a4
Compare
432cd46
to
4f4d9d6
Compare
2e4eb65
to
57c34f6
Compare
739b5f6
to
86b1c09
Compare
cb898be
to
49c25bd
Compare
c4eb4c8
to
79e195d
Compare
@r0mant @Joerger @fspmarshall can you team please review? |
@marshall-lee can you please refresh PR to resolve conflicts? |
faf2ad7
to
ba7d3cd
Compare
@r0mant @fspmarshall @Joerger please review folks |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I might've missed some things, I don't have any prior experience with this code.
access/pagerduty/app.go
Outdated
return trace.Wrap(err) | ||
} else { | ||
logger.Get(ctx).Debugf("Failed to determine a notification service info: %s", err.Error()) | ||
shouldTryApprove = true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Curious why do we fallback to trying to auto-approve if we failed to get the service info? Wouldn't it be safer to default to false?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for pointing this out, I rewrote that part and added some comments that clarify my idea.
access/pagerduty/app.go
Outdated
RequestID: req.GetName(), | ||
Review: types.AccessReview{ | ||
ProposedState: types.RequestState_APPROVED, | ||
Reason: fmt.Sprintf("Access requested by on-call user %s (%s)", user.Name, user.Email), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Log the active incident in the reason as well for tracking?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There could be more than one active incident and theoretically there could be many of them.
But I added a logging of service names in which there're some active incidents found.
// modifyPluginData performs a compare-and-swap update of access request's plugin data. | ||
func (a *App) modifyPluginData(ctx context.Context, reqID string, fn func(data *PluginData) (PluginData, bool)) (bool, error) { | ||
var lastErr error | ||
for i := 0; i < maxModifyPluginDataTries; i++ { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would convert this to a select statement on a ticker inside the for loop to provide some backoff and be nice to the PD API.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see how the backoff is useful here. It's a compare-and-swap trial loop, we can just retry immediately.
And in 99.99% cases there will be at most one retry.
efce3e4
to
8730ae9
Compare
c7b2738
to
ce1f795
Compare
ce1f795
to
a0e4953
Compare
- Render resolve reason in the notification incident. - Render access reviews as a comments to notification incident. - Configure target services using request annotations. - Manage plugin data state safely using compare-and-swap. - Migrate tests to testify.
a0e4953
to
38335bf
Compare
closed in favor of #266 |
Closes #219.
Part of #209.