tctl sign auth --tar is failing to run with kubernetes output format #34371
Assignees
Labels
Comments
tcsc
added a commit
that referenced
this issue
Nov 15, 2023
Prior this patch, using the `--format=kubernetes` option with `tctl auth sign --tar` would crash due to the filesystem abstraction used to capture the `tctl` output files did not support removing or `stat`ing files. In addition, the kubeconfig file writer did not use the filesystem abstraction given to the identity file writer, but would only write files out to the host filesystem. This means that any kubeconfig file oututs would not be included in the output tarfile stream. This patch: * Updates the tarfile filesystem abstraction to buffer files created by `tctl` until the write is complete, and then stream the archive out at the end. This gives sensible semabtics to the remove and stat operations. * Updates the kubeconfig writer to take a filesystem abstraction compatible with the one used by the identity file writer, so that the kubeconfg file output is correctly caught by the tarfile writer. Fixes: #34371 Changelog: Fixes crash when writing kubeconfig with `tctl auth sign --tar`
github-merge-queue bot
pushed a commit
that referenced
this issue
Nov 21, 2023
* Fixes crash when writing kubeconfig with `tctl auth sign --tar` Prior this patch, using the `--format=kubernetes` option with `tctl auth sign --tar` would crash due to the filesystem abstraction used to capture the `tctl` output files did not support removing or `stat`ing files. In addition, the kubeconfig file writer did not use the filesystem abstraction given to the identity file writer, but would only write files out to the host filesystem. This means that any kubeconfig file oututs would not be included in the output tarfile stream. This patch: * Updates the tarfile filesystem abstraction to buffer files created by `tctl` until the write is complete, and then stream the archive out at the end. This gives sensible semabtics to the remove and stat operations. * Updates the kubeconfig writer to take a filesystem abstraction compatible with the one used by the identity file writer, so that the kubeconfg file output is correctly caught by the tarfile writer. Fixes: #34371 Changelog: Fixes crash when writing kubeconfig with `tctl auth sign --tar` * iterface & lint fixups * Fix kubecofig loader origin settings * Re-route tar-breaking log msg to stderr
github-merge-queue bot
pushed a commit
that referenced
this issue
Nov 21, 2023
…#34822) * [v13] Fixes crash when writing kubeconfig with `tctl auth sign --tar` Backports #34612 Prior this patch, using the `--format=kubernetes` option with `tctl auth sign --tar` would crash due to the filesystem abstraction used to capture the `tctl` output files did not support removing or `stat`ing files. In addition, the kubeconfig file writer did not use the filesystem abstraction given to the identity file writer, but would only write files out to the host filesystem. This means that any kubeconfig file oututs would not be included in the output tarfile stream. This patch: * Updates the tarfile filesystem abstraction to buffer files created by `tctl` until the write is complete, and then stream the archive out at the end. This gives sensible semabtics to the remove and stat operations. * Updates the kubeconfig writer to take a filesystem abstraction compatible with the one used by the identity file writer, so that the kubeconfg file output is correctly caught by the tarfile writer. Fixes: #34371 Changelog: Fixes crash when writing kubeconfig with `tctl auth sign --tar` * Fix backport test detritus
github-merge-queue bot
pushed a commit
that referenced
this issue
Dec 5, 2023
…#34874) Backports #34612 Prior this patch, using the `--format=kubernetes` option with `tctl auth sign --tar` would crash due to the filesystem abstraction used to capture the `tctl` output files did not support removing or `stat`ing files. In addition, the kubeconfig file writer did not use the filesystem abstraction given to the identity file writer, but would only write files out to the host filesystem. This means that any kubeconfig file oututs would not be included in the output tarfile stream. This patch: * Updates the tarfile filesystem abstraction to buffer files created by `tctl` until the write is complete, and then stream the archive out at the end. This gives sensible semabtics to the remove and stat operations. * Updates the kubeconfig writer to take a filesystem abstraction compatible with the one used by the identity file writer, so that the kubeconfg file output is correctly caught by the tarfile writer. Fixes: #34371 Changelog: Fixes crash when writing kubeconfig with `tctl auth sign --tar` * Fix backport test detritus
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Expected behavior:
tctl auth sign -d --user={user} --ttl={identity_ttl} --tar --out={outfile} --format=kubernetes --proxy={proxy} --kube-cluster-name={cluster}This should output the kubeconfig (tar'd) to stdout
Current behavior:
The command results in:
Results in
Note the
Original Error: *trace.NotImplementedError tarWriter.Remove()Here we can see that tarWriter.Remove() is not implemented.
https://github.com/gravitational/teleport/blob/master/tool/tctl/common/tarwriter.go#L46-L50
But it is still invoked when the format is kubernetes: https://github.com/gravitational/teleport/blob/master/lib/client/identityfile/identity.go#L401-L403
Since the images have gone distroless, we can no longer
kubectl cporkubectl exec -- catthe auth file out of the box, so we need to rely on that tar implementation. See #27639 for more details on why--tarwas implemented.The text was updated successfully, but these errors were encountered: