change special suffix to teleport-github-org for routing

gravitational · Jan 9, 2025 · bbd0f4c · bbd0f4c
1 parent 6ac577d
commit bbd0f4c
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 4 deletions.
diff --git a/api/types/constants.go b/api/types/constants.go
@@ -1496,5 +1496,5 @@ const (
 const (
 	// GitHubOrgServerDomain is the sub domain used in the hostname of a
 	// types.Server to indicate the GitHub organization of a Git server.
-	GitHubOrgServerDomain = "github-org"
+	GitHubOrgServerDomain = "teleport-github-org"
 )
diff --git a/api/types/server.go b/api/types/server.go
@@ -616,9 +616,6 @@ func (s *ServerV2) gitServerCheckAndSetDefaults() error {
 }
 
 func (s *ServerV2) githubCheckAndSetDefaults() error {
-	// Set SSH host port for GitHub.
-	s.Spec.Addr = "github.com:22"
-
 	if s.Spec.GitHub == nil {
 		return trace.BadParameter("github must be set for Subkind %q", s.SubKind)
 	}
@@ -629,6 +626,9 @@ func (s *ServerV2) githubCheckAndSetDefaults() error {
 		return trace.Wrap(err, "invalid GitHub organization name")
 	}
 
+	// Set SSH host port for connection and "fake" hostname for routing. These
+	// values are hard-coded and cannot be customized.
+	s.Spec.Addr = "github.com:22"
 	s.Spec.Hostname = MakeGitHubOrgServerDomain(s.Spec.GitHub.Organization)
 	if s.Metadata.Labels == nil {
 		s.Metadata.Labels = make(map[string]string)

diff --git a/lib/srv/authhandlers.go b/lib/srv/authhandlers.go
@@ -468,6 +468,8 @@ func (h *AuthHandlers) UserKeyAuth(conn ssh.ConnMetadata, key ssh.PublicKey) (*s
 		log.WarnContext(ctx, "Received unexpected cert type", "cert_type", cert.CertType)
 	}
 
+	// Skip RBAC check for proxy or git servers. RBAC check on git servers are
+	// performed outside this handler.
 	if h.isProxy() || h.c.Component == teleport.ComponentForwardingGit {
 		return permissions, nil
 	}