[v15] fix k8s moderated sessions bypass with ephemeral containers (#4…

…0906) * fix k8s moderated sessions bypass with ephemeral containers * rebase with master * only retrieve logs on a specific error * fix cache test again and a linter issue * only look for ephemeral container name when waiting for the container to start * address feedback * add support for other merge strategies * handle case * reorganize gomod * address feedback * fix missing patchtype * propagate errors * Update lib/kube/proxy/sess.go Co-authored-by: Tiago Silva <tiago.silva@goteleport.com> * add hint of exec process into session tracker * address feedback * optionally filter listed waiting conts server-side * add TODO to test against tsh kubectl * Revert "optionally filter listed waiting conts server-side" This reverts commit 9a33868363e427f52bba8d95ead2bfc0d939e6e7. * fix failing integration test, undo accidental dep update --------- Co-authored-by: Tiago Silva <tiago.silva@goteleport.com> * fix kube ephemeral container test flakiness --------- Co-authored-by: Tiago Silva <tiago.silva@goteleport.com>
gravitational · Apr 26, 2024 · 4ba4e3f · 4ba4e3f
1 parent d36eb3d
commit 4ba4e3f
Show file tree

Hide file tree

Showing 10 changed files with 1,347 additions and 73 deletions.
diff --git a/fixtures/ci-teleport-rbac/ci-teleport.yaml b/fixtures/ci-teleport-rbac/ci-teleport.yaml
@@ -38,7 +38,7 @@ metadata:
 rules:
 - apiGroups: [""]
   resources: ["pods"]
-  verbs: ["get"]
+  verbs: ["get", "list", "watch"]
   resourceNames: ["test-pod"]
 - apiGroups: [""]
   resources: ["pods/exec"]
@@ -48,6 +48,14 @@ rules:
   resources: ["pods/portforward"]
   verbs: ["create"]
   resourceNames: ["test-pod"]
+- apiGroups: [""]
+  resources: ["pods/ephemeralcontainers"]
+  verbs: ["patch"]
+  resourceNames: ["test-pod"]
+- apiGroups: [""]
+  resources: ["pods/log"]
+  verbs: ["get"]
+  resourceNames: ["test-pod"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding

diff --git a/go.mod b/go.mod
@@ -79,6 +79,7 @@ require (
 	github.com/dustin/go-humanize v1.0.1
 	github.com/elastic/go-elasticsearch/v8 v8.11.1
 	github.com/elimity-com/scim v0.0.0-20230426070224-941a5eac92f3
+	github.com/evanphx/json-patch v5.7.0+incompatible
 	github.com/flynn/hid v0.0.0-20190502022136-f1b9b6cc019a
 	github.com/flynn/u2f v0.0.0-20180613185708-15554eb68e5d
 	github.com/fsouza/fake-gcs-server v1.47.7
@@ -308,7 +309,6 @@ require (
 	github.com/dvsekhvalnov/jose2go v1.6.0 // indirect
 	github.com/elastic/elastic-transport-go/v8 v8.3.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
-	github.com/evanphx/json-patch v5.7.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
 	github.com/fatih/camelcase v1.0.0 // indirect