Removes the call for wait for ssh.Session end to check for errors
in web terminal which fixes a regression bug where typing "exit"
in web terminal does not return session end event.
PR #8081 removed the need to check for errors as it correctly
returns exit errors whereas before it returned nil.
Download Rust and Go per-build to ensure that the right version is used
and that builds do not step on each other.
Also rungs cbindgen in quiet mode to suppress the annoying output it
spews for non-public symbols.
The default user verification setting, "preferred", leaves it open for
client-side implementations whether to to perform verification checks.
In theory it sounds reasonable, but in practice it takes a variety of
forms: Chrome will perform PIN checks if a PIN is configured, a
redundant check in face of our existing password checks. Windows goes a
step further and directs user to set a PIN, a further deviation from the
usual security key workflow.
The traditional workflow is achieved by setting user verification to
discouraged, implemented here.
Reference:
- https://chromium.googlesource.com/chromium/src/+/refs/heads/main/content/browser/webauth/uv_preferred.md
* Set user verification to "discouraged" for WebAuthn
* Add user verification to CredentialAssertion proto
* Add authenticator selection to CredentialCreation proto
The race condition detector is being tripped by a concurrent `Write` and
`Close` in the `PipeNetCon` in several integration tests. This is a naive
fix to serialize the write and close operations to resolve the race
condition.
The affected tests were also not handling asynchronous error reporting
correctly (i.e. it's not legal to call `require.XYZ()` from a goroutine
other than the one executing the test function.). This patch introduces
some plumbing to marshal asynchronous errors back into the main test
routine before failing the test.
The Rust code now uses vendored mode [1] to statically link openssl,
so we no longer need dynamic linking for these libraries.
This also resolves an issue where extra flags were needed to build
locally on macOS.
[1]: https://docs.rs/openssl/0.10.36/openssl/#vendored
- Ensure Rust is installed in the buildbox image
- Install Rust toolchains for each arch we support
- Use openssl's vendor feature to ensure we always link a static lib
- Automatically include RDP client if Rust is detected
In some cases, it's possible for a package to be marked as a test
failure even if no tests inside it have failed. The motivating example
for this change is a timeout: a test overshooting the allotted timeout
is considered by go test to be a package-level failure, even if no
tests inside the package are considered failures.
This led to cases where the user would see an "All tests passed"
message from the go test filter, but still mysteriously fail the make
step.
To address this, the test renderer now:
* treats package-level pass/fail/skip events as first-class citizens
and includes them in its event count,
* tracks the cached test output at both a package and individual test
level, and
* displays the whole package output if a package is marked as failed,
but only if there is no obvious failed test top account for the
package-level failure.
This patch also removes the json files created by the unit tests, as
they are not yet needed for anything.
Allow users to opt in to changing routing behavior when duplicate
nodes are present. Legacy behavior is to return an error when multiple
nodes are matched by the routing logic in proxyToHost. A new RouteToMostRecent
flag in ClusterNetworkingConfig can be set to allow users to opt in to returning
the most recent node instead of an error. By default, the legacy behavior
is preserved.
