Convert static host user to new cache mechanism

rosstimothy · rosstimothy · commit 446fc24774ab · 2025-05-03T16:20:41.000-04:00
Moves static host users to the new cache collection scheme that was introduced in #52210. No additional functionality changes have been made here. This should be a purely mechanical translation to the new internal caching machinery.
diff --git a/lib/cache/cache.go b/lib/cache/cache.go
@@ -45,7 +45,6 @@ import (
 	identitycenterv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/identitycenter/v1"
 	kubewaitingcontainerpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/kubewaitingcontainer/v1"
 	provisioningv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/provisioning/v1"
-	userprovisioningpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/userprovisioning/v2"
 	usertasksv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/usertasks/v1"
 	"github.com/gravitational/teleport/api/internalutils/stream"
 	apitracing "github.com/gravitational/teleport/api/observability/tracing"
@@ -527,7 +526,6 @@ type Cache struct {
 	lowVolumeEventsFanout        *utils.RoundRobin[*services.FanoutV2]
 	kubeWaitingContsCache        *local.KubeWaitingContainerService
 	accessMontoringRuleCache     services.AccessMonitoringRules
-	staticHostUsersCache         *local.StaticHostUserService
 	provisioningStatesCache      *local.ProvisioningStateService
 	identityCenterCache          *local.IdentityCenterService
 	pluginStaticCredentialsCache *local.PluginStaticCredentialsService
@@ -995,12 +993,6 @@ func New(config Config) (*Cache, error) {
 		return nil, trace.Wrap(err)
 	}
 
-	staticHostUserCache, err := local.NewStaticHostUserService(config.Backend)
-	if err != nil {
-		cancel()
-		return nil, trace.Wrap(err)
-	}
-
 	identityService, err := local.NewIdentityService(config.Backend)
 	if err != nil {
 		cancel()
@@ -1067,7 +1059,6 @@ func New(config Config) (*Cache, error) {
 		eventsFanout:                 fanout,
 		lowVolumeEventsFanout:        utils.NewRoundRobin(lowVolumeFanouts),
 		kubeWaitingContsCache:        kubeWaitingContsCache,
-		staticHostUsersCache:         staticHostUserCache,
 		provisioningStatesCache:      provisioningStatesCache,
 		identityCenterCache:          identityCenterCache,
 		pluginStaticCredentialsCache: pluginStaticCredentialsCache,
@@ -1898,32 +1889,6 @@ func (c *Cache) GetKubernetesWaitingContainer(ctx context.Context, req *kubewait
 	return rg.reader.GetKubernetesWaitingContainer(ctx, req)
 }
 
-// ListStaticHostUsers lists static host users.
-func (c *Cache) ListStaticHostUsers(ctx context.Context, pageSize int, pageToken string) ([]*userprovisioningpb.StaticHostUser, string, error) {
-	ctx, span := c.Tracer.Start(ctx, "cache/ListStaticHostUsers")
-	defer span.End()
-
-	rg, err := readLegacyCollectionCache(c, c.legacyCacheCollections.staticHostUsers)
-	if err != nil {
-		return nil, "", trace.Wrap(err)
-	}
-	defer rg.Release()
-	return rg.reader.ListStaticHostUsers(ctx, pageSize, pageToken)
-}
-
-// GetStaticHostUser returns a static host user by name.
-func (c *Cache) GetStaticHostUser(ctx context.Context, name string) (*userprovisioningpb.StaticHostUser, error) {
-	ctx, span := c.Tracer.Start(ctx, "cache/GetStaticHostUser")
-	defer span.End()
-
-	rg, err := readLegacyCollectionCache(c, c.legacyCacheCollections.staticHostUsers)
-	if err != nil {
-		return nil, trace.Wrap(err)
-	}
-	defer rg.Release()
-	return rg.reader.GetStaticHostUser(ctx, name)
-}
-
 func (c *Cache) GetDatabaseObject(ctx context.Context, name string) (*dbobjectv1.DatabaseObject, error) {
 	ctx, span := c.Tracer.Start(ctx, "cache/GetDatabaseObject")
 	defer span.End()
diff --git a/lib/cache/cache_test.go b/lib/cache/cache_test.go
@@ -141,7 +141,7 @@ type testPack struct {
 	crownJewels             services.CrownJewels
 	databaseObjects         services.DatabaseObjects
 	spiffeFederations       *local.SPIFFEFederationService
-	staticHostUsers         services.StaticHostUser
+	staticHostUsers         *local.StaticHostUserService
 	autoUpdateService       services.AutoUpdateService
 	provisioningStates      services.ProvisioningStates
 	identityCenter          services.IdentityCenter
@@ -1688,34 +1688,6 @@ func TestDatabaseObjects(t *testing.T) {
 	})
 }
 
-// TestStaticHostUsers tests that CRUD operations on static host user resources are
-// replicated from the backend to the cache.
-func TestStaticHostUsers(t *testing.T) {
-	t.Parallel()
-
-	p := newTestPack(t, ForAuth)
-	t.Cleanup(p.Close)
-
-	testResources153(t, p, testFuncs153[*userprovisioningpb.StaticHostUser]{
-		newResource: func(name string) (*userprovisioningpb.StaticHostUser, error) {
-			return newStaticHostUser(t, name), nil
-		},
-		create: func(ctx context.Context, item *userprovisioningpb.StaticHostUser) error {
-			_, err := p.staticHostUsers.CreateStaticHostUser(ctx, item)
-			return trace.Wrap(err)
-		},
-		list: func(ctx context.Context) ([]*userprovisioningpb.StaticHostUser, error) {
-			items, _, err := p.staticHostUsers.ListStaticHostUsers(ctx, 0, "")
-			return items, trace.Wrap(err)
-		},
-		cacheList: func(ctx context.Context) ([]*userprovisioningpb.StaticHostUser, error) {
-			items, _, err := p.cache.ListStaticHostUsers(ctx, 0, "")
-			return items, trace.Wrap(err)
-		},
-		deleteAll: p.cache.staticHostUsersCache.DeleteAllStaticHostUsers,
-	})
-}
-
 // testResources is a generic tester for resources.
 func testResources[T types.Resource](t *testing.T, p *testPack, funcs testFuncs[T]) {
 	ctx := context.Background()
diff --git a/lib/cache/collections.go b/lib/cache/collections.go
@@ -26,6 +26,7 @@ import (
 	identitycenterv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/identitycenter/v1"
 	machineidv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/machineid/v1"
 	notificationsv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/notifications/v1"
+	userprovisioningv2 "github.com/gravitational/teleport/api/gen/proto/go/teleport/userprovisioning/v2"
 	workloadidentityv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/workloadidentity/v1"
 	"github.com/gravitational/teleport/api/types"
 )
@@ -98,6 +99,7 @@ type collections struct {
 	locks                            *collection[types.Lock, lockIndex]
 	tunnelConnections                *collection[types.TunnelConnection, tunnelConnectionIndex]
 	remoteClusters                   *collection[types.RemoteCluster, remoteClusterIndex]
+	staticHostUsers                  *collection[*userprovisioningv2.StaticHostUser, staticHostUserIndex]
 }
 
 // setupCollections ensures that the appropriate [collection] is
@@ -467,6 +469,14 @@ func setupCollections(c Config) (*collections, error) {
 
 			out.remoteClusters = collect
 			out.byKind[resourceKind] = out.remoteClusters
+		case types.KindStaticHostUser:
+			collect, err := newStaticHostUserCollection(c.StaticHostUsers, watch)
+			if err != nil {
+				return nil, trace.Wrap(err)
+			}
+
+			out.staticHostUsers = collect
+			out.byKind[resourceKind] = out.staticHostUsers
 		}
 	}
 
diff --git a/lib/cache/legacy_collections.go b/lib/cache/legacy_collections.go
@@ -33,7 +33,6 @@ import (
 	identitycenterv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/identitycenter/v1"
 	kubewaitingcontainerpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/kubewaitingcontainer/v1"
 	provisioningv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/provisioning/v1"
-	userprovisioningpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/userprovisioning/v2"
 	userspb "github.com/gravitational/teleport/api/gen/proto/go/teleport/users/v1"
 	usertasksv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/usertasks/v1"
 	"github.com/gravitational/teleport/api/types"
@@ -118,7 +117,6 @@ type legacyCollections struct {
 	userTasks                          collectionReader[userTasksGetter]
 	crownJewels                        collectionReader[crownjewelsGetter]
 	kubeWaitingContainers              collectionReader[kubernetesWaitingContainerGetter]
-	staticHostUsers                    collectionReader[staticHostUserGetter]
 	networkRestrictions                collectionReader[networkRestrictionGetter]
 	proxies                            collectionReader[services.ProxyGetter]
 	uiConfigs                          collectionReader[uiConfigGetter]
@@ -288,15 +286,6 @@ func setupLegacyCollections(c *Cache, watches []types.WatchKind) (*legacyCollect
 				watch: watch,
 			}
 			collections.byKind[resourceKind] = collections.kubeWaitingContainers
-		case types.KindStaticHostUser:
-			if c.StaticHostUsers == nil {
-				return nil, trace.BadParameter("missing parameter StaticHostUsers")
-			}
-			collections.staticHostUsers = &genericCollection[*userprovisioningpb.StaticHostUser, staticHostUserGetter, staticHostUserExecutor]{
-				cache: c,
-				watch: watch,
-			}
-			collections.byKind[resourceKind] = collections.staticHostUsers
 		case types.KindAccessMonitoringRule:
 			if c.AccessMonitoringRules == nil {
 				return nil, trace.BadParameter("missing parameter AccessMonitoringRule")
@@ -776,56 +765,6 @@ type kubernetesWaitingContainerGetter interface {
 
 var _ executor[*kubewaitingcontainerpb.KubernetesWaitingContainer, kubernetesWaitingContainerGetter] = kubeWaitingContainerExecutor{}
 
-type staticHostUserExecutor struct{}
-
-func (staticHostUserExecutor) getAll(ctx context.Context, cache *Cache, loadSecrets bool) ([]*userprovisioningpb.StaticHostUser, error) {
-	var (
-		startKey string
-		allUsers []*userprovisioningpb.StaticHostUser
-	)
-	for {
-		users, nextKey, err := cache.StaticHostUsers.ListStaticHostUsers(ctx, 0, startKey)
-		if err != nil {
-			return nil, trace.Wrap(err)
-		}
-
-		allUsers = append(allUsers, users...)
-
-		if nextKey == "" {
-			break
-		}
-		startKey = nextKey
-	}
-	return allUsers, nil
-}
-
-func (staticHostUserExecutor) upsert(ctx context.Context, cache *Cache, resource *userprovisioningpb.StaticHostUser) error {
-	_, err := cache.staticHostUsersCache.UpsertStaticHostUser(ctx, resource)
-	return trace.Wrap(err)
-}
-
-func (staticHostUserExecutor) deleteAll(ctx context.Context, cache *Cache) error {
-	return trace.Wrap(cache.staticHostUsersCache.DeleteAllStaticHostUsers(ctx))
-}
-
-func (staticHostUserExecutor) delete(ctx context.Context, cache *Cache, resource types.Resource) error {
-	return trace.Wrap(cache.staticHostUsersCache.DeleteStaticHostUser(ctx, resource.GetName()))
-}
-
-func (staticHostUserExecutor) isSingleton() bool { return false }
-
-func (staticHostUserExecutor) getReader(cache *Cache, cacheOK bool) staticHostUserGetter {
-	if cacheOK {
-		return cache.staticHostUsersCache
-	}
-	return cache.Config.StaticHostUsers
-}
-
-type staticHostUserGetter interface {
-	ListStaticHostUsers(ctx context.Context, pageSize int, pageToken string) ([]*userprovisioningpb.StaticHostUser, string, error)
-	GetStaticHostUser(ctx context.Context, name string) (*userprovisioningpb.StaticHostUser, error)
-}
-
 type crownJewelsExecutor struct{}
 
 func (crownJewelsExecutor) getAll(ctx context.Context, cache *Cache, loadSecrets bool) ([]*crownjewelv1.CrownJewel, error) {
diff --git a/lib/cache/static_host_user.go b/lib/cache/static_host_user.go
@@ -0,0 +1,111 @@
+// Teleport
+// Copyright (C) 2025 Gravitational, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package cache
+
+import (
+	"context"
+
+	"github.com/gravitational/trace"
+
+	headerv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/header/v1"
+	userprovisioningv2 "github.com/gravitational/teleport/api/gen/proto/go/teleport/userprovisioning/v2"
+	"github.com/gravitational/teleport/api/types"
+	"github.com/gravitational/teleport/api/utils"
+	"github.com/gravitational/teleport/lib/services"
+)
+
+type staticHostUserIndex string
+
+const staticHostUserNameIndex staticHostUserIndex = "name"
+
+func newStaticHostUserCollection(upstream services.StaticHostUser, w types.WatchKind) (*collection[*userprovisioningv2.StaticHostUser, staticHostUserIndex], error) {
+	if upstream == nil {
+		return nil, trace.BadParameter("missing parameter StaticHostUser")
+	}
+
+	return &collection[*userprovisioningv2.StaticHostUser, staticHostUserIndex]{
+		store: newStore(map[staticHostUserIndex]func(*userprovisioningv2.StaticHostUser) string{
+			staticHostUserNameIndex: func(shu *userprovisioningv2.StaticHostUser) string {
+				return shu.GetMetadata().GetName()
+			},
+		}),
+		fetcher: func(ctx context.Context, loadSecrets bool) ([]*userprovisioningv2.StaticHostUser, error) {
+			var startKey string
+			var allUsers []*userprovisioningv2.StaticHostUser
+
+			for {
+				users, nextKey, err := upstream.ListStaticHostUsers(ctx, 0, startKey)
+				if err != nil {
+					return nil, trace.Wrap(err)
+				}
+
+				allUsers = append(allUsers, users...)
+
+				if nextKey == "" {
+					break
+				}
+				startKey = nextKey
+			}
+			return allUsers, nil
+		},
+		headerTransform: func(hdr *types.ResourceHeader) *userprovisioningv2.StaticHostUser {
+			return &userprovisioningv2.StaticHostUser{
+				Kind:    hdr.Kind,
+				Version: hdr.Version,
+				Metadata: &headerv1.Metadata{
+					Name: hdr.Metadata.Name,
+				},
+			}
+		},
+		watch: w,
+	}, nil
+}
+
+// ListStaticHostUsers lists static host users.
+func (c *Cache) ListStaticHostUsers(ctx context.Context, pageSize int, pageToken string) ([]*userprovisioningv2.StaticHostUser, string, error) {
+	ctx, span := c.Tracer.Start(ctx, "cache/ListStaticHostUsers")
+	defer span.End()
+
+	lister := genericLister[*userprovisioningv2.StaticHostUser, staticHostUserIndex]{
+		cache:        c,
+		collection:   c.collections.staticHostUsers,
+		index:        staticHostUserNameIndex,
+		upstreamList: c.Config.StaticHostUsers.ListStaticHostUsers,
+		nextToken: func(t *userprovisioningv2.StaticHostUser) string {
+			return t.GetMetadata().GetName()
+		},
+		clone: utils.CloneProtoMsg[*userprovisioningv2.StaticHostUser],
+	}
+	out, next, err := lister.list(ctx, pageSize, pageToken)
+	return out, next, trace.Wrap(err)
+}
+
+// GetStaticHostUser returns a static host user by name.
+func (c *Cache) GetStaticHostUser(ctx context.Context, name string) (*userprovisioningv2.StaticHostUser, error) {
+	ctx, span := c.Tracer.Start(ctx, "cache/GetStaticHostUser")
+	defer span.End()
+
+	getter := genericGetter[*userprovisioningv2.StaticHostUser, staticHostUserIndex]{
+		cache:       c,
+		collection:  c.collections.staticHostUsers,
+		index:       staticHostUserNameIndex,
+		upstreamGet: c.Config.StaticHostUsers.GetStaticHostUser,
+		clone:       utils.CloneProtoMsg[*userprovisioningv2.StaticHostUser],
+	}
+	out, err := getter.get(ctx, name)
+	return out, trace.Wrap(err)
+}
diff --git a/lib/cache/static_host_user_test.go b/lib/cache/static_host_user_test.go
