Add proxy to instructions when creating a token for a node (#9539)

* Print proxy instead of auth server on join node instructions for Cloud instances
2024-10-21 17:53:28 +00:00 · 2022-03-02 10:20:35 -03:00 · 2022-03-02 10:20:35 -03:00 · fe519a3211
parent a480259d97
commit fe519a3211
2 changed files with 39 additions and 2 deletions
--- a/tool/tctl/common/node_command.go
+++ b/tool/tctl/common/node_command.go
@ -27,6 +27,7 @@ import (

 	"github.com/gravitational/kingpin"
 	"github.com/gravitational/trace"
+	log "github.com/sirupsen/logrus"

 	apidefaults "github.com/gravitational/teleport/api/defaults"
 	"github.com/gravitational/teleport/api/types"
@ -149,12 +150,29 @@ func (c *NodeCommand) Invite(client auth.ClientI) error {
 		if roles.Include(types.RoleTrustedCluster) {
 			fmt.Printf(trustedClusterMessage, token, int(c.ttl.Minutes()))
 		} else {
+			authServer := authServers[0].GetAddr()
+
+			pingResponse, err := client.Ping(context.TODO())
+			if err != nil {
+				log.Debugf("unnable to ping auth client: %s.", err.Error())
+			}
+
+			if err == nil && pingResponse.GetServerFeatures().Cloud {
+				proxies, err := client.GetProxies()
+				if err != nil {
+					return trace.Wrap(err)
+				}
+
+				if len(proxies) != 0 {
+					authServer = proxies[0].GetPublicAddr()
+				}
+			}
 			return nodeMessageTemplate.Execute(os.Stdout, map[string]interface{}{
 				"token":       token,
 				"minutes":     int(c.ttl.Minutes()),
 				"roles":       strings.ToLower(roles.String()),
 				"ca_pins":     caPins,
-				"auth_server": authServers[0].GetAddr(),
+				"auth_server": authServer,
 			})
 		}
 	} else {
--- a/tool/tctl/common/token_command.go
+++ b/tool/tctl/common/token_command.go
@ -33,6 +33,7 @@ import (
 	"github.com/gravitational/teleport/lib/defaults"
 	"github.com/gravitational/teleport/lib/service"
 	"github.com/gravitational/teleport/lib/tlsca"
+	log "github.com/sirupsen/logrus"

 	"github.com/gravitational/kingpin"
 	"github.com/gravitational/trace"
@ -218,12 +219,30 @@ func (c *TokenCommand) Add(client auth.ClientI) error {
 			token,
 			int(c.ttl.Minutes()))
 	default:
+		authServer := authServers[0].GetAddr()
+
+		pingResponse, err := client.Ping(context.TODO())
+		if err != nil {
+			log.Debugf("unnable to ping auth client: %s.", err.Error())
+		}
+
+		if err == nil && pingResponse.GetServerFeatures().Cloud {
+			proxies, err := client.GetProxies()
+			if err != nil {
+				return trace.Wrap(err)
+			}
+
+			if len(proxies) != 0 {
+				authServer = proxies[0].GetPublicAddr()
+			}
+		}
+
 		return nodeMessageTemplate.Execute(os.Stdout, map[string]interface{}{
 			"token":       token,
 			"roles":       strings.ToLower(roles.String()),
 			"minutes":     int(c.ttl.Minutes()),
 			"ca_pins":     caPins,
-			"auth_server": authServers[0].GetAddr(),
+			"auth_server": authServer,
 		})
 	}