From 10feddd496c8932a5ce362cd85c748bb805e9ebe Mon Sep 17 00:00:00 2001 From: Matt Brock Date: Thu, 23 Jan 2025 09:18:30 -0600 Subject: [PATCH] PR feedback --- lib/srv/discovery/access_graph_aws.go | 18 +++++++++--------- lib/srv/discovery/access_graph_azure.go | 11 +++-------- .../discovery/fetchers/azuresync/azure-sync.go | 5 ----- 3 files changed, 12 insertions(+), 22 deletions(-) diff --git a/lib/srv/discovery/access_graph_aws.go b/lib/srv/discovery/access_graph_aws.go index a28b2c9d81594..fa662da21dada 100644 --- a/lib/srv/discovery/access_graph_aws.go +++ b/lib/srv/discovery/access_graph_aws.go @@ -50,6 +50,15 @@ const ( batchSize = 500 // defaultPollInterval is the default interval between polling for access graph resources defaultPollInterval = 15 * time.Minute + // Configure health check service to monitor access graph service and + // automatically reconnect if the connection is lost without + // relying on new events from the auth server to trigger a reconnect. + serviceConfig = `{ + "loadBalancingPolicy": "round_robin", + "healthCheckConfig": { + "serviceName": "" + } + }` ) // errNoAccessGraphFetchers is returned when there are no TAG fetchers. @@ -257,15 +266,6 @@ func (s *Server) initializeAndWatchAccessGraph(ctx context.Context, reloadCh <-c const ( // aws discovery semaphore lock. semaphoreName = "access_graph_aws_sync" - // Configure health check service to monitor access graph service and - // automatically reconnect if the connection is lost without - // relying on new events from the auth server to trigger a reconnect. - serviceConfig = `{ - "loadBalancingPolicy": "round_robin", - "healthCheckConfig": { - "serviceName": "" - } - }` ) clusterFeatures := s.Config.ClusterFeatures() diff --git a/lib/srv/discovery/access_graph_azure.go b/lib/srv/discovery/access_graph_azure.go index 80d7e7495b7be..d7f911bb2a449 100644 --- a/lib/srv/discovery/access_graph_azure.go +++ b/lib/srv/discovery/access_graph_azure.go @@ -1,6 +1,6 @@ /* * Teleport - * Copyright (C) 2024 Gravitational, Inc. + * Copyright (C) 2025 Gravitational, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as published by @@ -66,6 +66,7 @@ func (s *Server) reconcileAccessGraphAzure( // Fetch results concurrently resultsC := make(chan fetcherResult, len(allFetchers)) + // Restricts concurrently running fetchers to 3 tokens := make(chan struct{}, 3) accountIds := map[string]struct{}{} for _, fetcher := range allFetchers { @@ -217,12 +218,6 @@ func (s *Server) initializeAndWatchAzureAccessGraph(ctx context.Context, reloadC const ( semaphoreExpiration = time.Minute semaphoreName = "access_graph_azure_sync" - serviceConfig = `{ - "loadBalancingPolicy": "round_robin", - "healthCheckConfig": { - "serviceName": "" - } - }` ) lease, err := services.AcquireSemaphoreLockWithRetry( ctx, @@ -255,7 +250,7 @@ func (s *Server) initializeAndWatchAzureAccessGraph(ctx context.Context, reloadC defer func() { lease.Stop() if err := lease.Wait(); err != nil { - s.Log.WarnContext(ctx, "error cleaning up semaphore", "error", err) + s.Log.WarnContext(ctx, "error cleaning up semaphore", "error", err, "semaphore", semaphoreName) } }() diff --git a/lib/srv/discovery/fetchers/azuresync/azure-sync.go b/lib/srv/discovery/fetchers/azuresync/azure-sync.go index 35d4a5c4018d3..53d4d4144c5cf 100644 --- a/lib/srv/discovery/fetchers/azuresync/azure-sync.go +++ b/lib/srv/discovery/fetchers/azuresync/azure-sync.go @@ -181,11 +181,6 @@ func (f *Fetcher) fetch(ctx context.Context, feats Features) (*Resources, error) errsCh <- err return nil } - principals, err = expandMemberships(ctx, f.graphClient, principals) - if err != nil { - errsCh <- err - return nil - } result.Principals, err = expandMemberships(ctx, f.graphClient, principals) if err != nil { errsCh <- err