-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v11] Don't prematurely close context in app service. #20437
Conversation
0618818
to
e2f540b
Compare
The app service was prematurely closing the context for the AWS signer handler, causing `tsh aws` requests to fail with a context cancel.
e2f540b
to
80eb678
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Has this regressed recently? Do we know where it broke and why it wasn't caught by unit tests (and can we add test coverage here)?
Yes, this is a recent regression. The code here has changed recently due to the Azure CLI changes and some of this code was backported to v11 to make future backports easier, but it got a little clobbered in the process. This is a little tough to introduce tests for because the issue doesn't even crop up until attempting to use the AWS signer handler, which we don't have any integration tests for. IMO in order to catch something like this we'd need a test that actually deploys a Teleport cluster to AWS and attempts to run One of my biggest worries with app access is the need for more black box testing that uses Teleport as a user would. It's going to be increasingly hard to mimic these sorts of environments as app access grows more complex. We could introduce tests in here that query the context for each sub-handler for app access, but it feels like the wrong way to go about detecting this problem IMO. |
@capnspacehook @rosstimothy Could one of you take a look as well when you get a chance? We should release this quickly in a patch release, combined with the other AWS access fix Mike has. |
The app service was prematurely closing the context for the AWS signer handler, causing
tsh aws
requests to fail with a context cancel. This only affects v11.