Added support to save cluster to profile. (#2905)

Upon calling "tsh login <clusterName>", Teleport will save the cluster name in ~/.tsh/profile. This value will then be used similar to the --cluster flag to select which cluster to run a tsh subcommand on.
2024-10-21 01:34:01 +00:00 · 2019-08-17 10:32:39 -07:00 · 2019-08-17 10:32:39 -07:00 · 3686158adf
parent b014d85230
commit 3686158adf
2 changed files with 27 additions and 2 deletions
--- a/lib/client/api.go
+++ b/lib/client/api.go
@ -382,13 +382,25 @@ func readProfile(profileDir string, profileName string) (*ProfileStatus, error)
 	// certificate (like can the user request a PTY, port forwarding, etc.)
 	var extensions []string
 	for ext := range cert.Extensions {
-		if ext == teleport.CertExtensionTeleportRoles {
+		if ext == teleport.CertExtensionTeleportRoles ||
+			ext == teleport.CertExtensionTeleportRouteToCluster {
 			continue
 		}
 		extensions = append(extensions, ext)
 	}
 	sort.Strings(extensions)

+	// Extract cluster name from the profile.
+	clusterName := profile.SiteName
+	// DELETE IN: 4.2.0.
+	//
+	// Older versions of tsh did not always store the cluster name in the
+	// profile. If no cluster name is found, fallback to the name of the profile
+	// for backward compatibility.
+	if clusterName == "" {
+		clusterName = profile.Name()
+	}
+
 	return &ProfileStatus{
 		ProxyURL: url.URL{
 			Scheme: "https",
@ -399,7 +411,7 @@ func readProfile(profileDir string, profileName string) (*ProfileStatus, error)
 		ValidUntil: validUntil,
 		Extensions: extensions,
 		Roles:      roles,
-		Cluster:    profile.Name(),
+		Cluster:    clusterName,
 	}, nil
 }

@ -1612,10 +1624,13 @@ func (tc *TeleportClient) Login(ctx context.Context, activateKey bool) (*Key, er
 	key.TLSCert = response.TLSCert
 	key.ProxyHost = webProxyHost

+	// Check that a host certificate for at least one cluster was returned and
+	// extract the name of the current cluster from the first host certificate.
 	if len(response.HostSigners) <= 0 {
 		return nil, trace.BadParameter("bad response from the server: expected at least one certificate, got 0")
 	}
 	key.ClusterName = response.HostSigners[0].ClusterName
+	tc.SiteName = response.HostSigners[0].ClusterName

 	if activateKey {
 		// save the list of CAs client trusts to ~/.tsh/known_hosts
--- a/lib/client/client.go
+++ b/lib/client/client.go
@ -134,6 +134,16 @@ func (proxy *ProxyClient) GenerateCertsForCluster(ctx context.Context, routeToCl
 	if err != nil {
 		return trace.Wrap(err)
 	}
+
+	// Before requesting a certificate, check if the requested cluster is valid.
+	_, err = clt.GetCertAuthority(services.CertAuthID{
+		Type:       services.HostCA,
+		DomainName: routeToCluster,
+	}, false)
+	if err != nil {
+		return trace.NotFound("cluster %v not found", routeToCluster)
+	}
+
 	req := proto.UserCertsRequest{
 		Username:       cert.KeyId,
 		PublicKey:      key.Pub,