-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update proxy features #45979
Update proxy features #45979
Conversation
7ef795d
to
b610f4c
Compare
a5561d3
to
0b30b7b
Compare
…tirola/update-proxy-features
…tirola/update-proxy-features
…tirola/update-proxy-features
08a8cf0
to
5c8233e
Compare
…tirola/update-proxy-features
The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with |
lib/web/features.go
Outdated
// SetClusterFeatures sets the flags for supported and unsupported features | ||
func (h *Handler) SetClusterFeatures(features proto.Features) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this be an unexported function? What external entities should be capable of temporarily overwriting the last stored features?
// SetClusterFeatures sets the flags for supported and unsupported features | |
func (h *Handler) SetClusterFeatures(features proto.Features) { | |
// setClusterFeatures sets the flags for supported and unsupported features | |
func (h *Handler) setClusterFeatures(features proto.Features) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ideally, but there is a test in e/lib/web/plugindescriptor_okta_test.go:
that is using it, and updating this test is not trivial.
I've added a TODO
to change this method to unexported, and I'll sync with someone more familiar with those tests to change it.
…ational/teleport into mcbattirola/update-proxy-features
…tirola/update-proxy-features
@mcbattirola See the table below for backport results.
|
The proxy service only reads features at startup, leading to potential stale features if they change after the initial load. Some code paths (e.g., SCIM web handlers) check features during requests, which means proxies must be restarted when features change.
This PR introduces a
startFeatureWatcher
method in the web handler. The watcher periodically pings the auth server (every 5 to 10 minutes) to fetch and update features, ensuring they remain up-to-date without restarting the proxy.I chose to add the watcher within the handler rather than
service.TeleportProcess
to minimize the impact on other services. This avoids unintended side effects, as the proxy handler is currently the only component requiring dynamic feature updates. If other services need this in the future, we can consider moving the watcher to a higher-level component. Let me know what you think.Closes #39161