Leaf cluster authentication regression in role mapping #3252
Assignees
Labels
Comments
klizhentas
added a commit
that referenced
this issue
Jan 9, 2020
This commit fixes #3252 Security patches 4.2 introduced a regression - leaf clusters ignore role mapping and attempt to use role names coming from identity of the root cluster whenever GetNodes method was used. This commit reverts back the logic, however it ensures that the original fix is preserved - traits and groups are updated on the user object. Integration test has been extended to avoid the regression in the future.
klizhentas
added a commit
that referenced
this issue
Jan 10, 2020
This commit fixes #3252 Security patches 4.2 introduced a regression - leaf clusters ignore role mapping and attempt to use role names coming from identity of the root cluster whenever GetNodes method was used. This commit reverts back the logic, however it ensures that the original fix is preserved - traits and groups are updated on the user object. Integration test has been extended to avoid the regression in the future.
klizhentas
added a commit
that referenced
this issue
Jan 10, 2020
This commit fixes #3252 Security patches 4.2 introduced a regression - leaf clusters ignore role mapping and attempt to use role names coming from identity of the root cluster whenever GetNodes method was used. This commit reverts back the logic, however it ensures that the original fix is preserved - traits and groups are updated on the user object. Integration test has been extended to avoid the regression in the future.
klizhentas
added a commit
that referenced
this issue
Jan 10, 2020
This commit fixes #3252 Security patches 4.2 introduced a regression - leaf clusters ignore role mapping and attempt to use role names coming from identity of the root cluster whenever GetNodes method was used. This commit reverts back the logic, however it ensures that the original fix is preserved - traits and groups are updated on the user object. Integration test has been extended to avoid the regression in the future.
r0mant
pushed a commit
that referenced
this issue
Jan 10, 2020
This commit fixes #3252 Security patches 4.2 introduced a regression - leaf clusters ignore role mapping and attempt to use role names coming from identity of the root cluster whenever GetNodes method was used. This commit reverts back the logic, however it ensures that the original fix is preserved - traits and groups are updated on the user object. Integration test has been extended to avoid the regression in the future.
klizhentas
added a commit
that referenced
this issue
Jan 11, 2020
This commit fixes #3252 Security patches 4.2 introduced a regression - leaf clusters ignore role mapping and attempt to use role names coming from identity of the root cluster whenever GetNodes method was used. This commit reverts back the logic, however it ensures that the original fix is preserved - traits and groups are updated on the user object. Integration test has been extended to avoid the regression in the future.
klizhentas
added a commit
that referenced
this issue
Jan 11, 2020
This commit fixes #3252 Security patches 4.2 introduced a regression - leaf clusters ignore role mapping and attempt to use role names coming from identity of the root cluster whenever GetNodes method was used. This commit reverts back the logic, however it ensures that the original fix is preserved - traits and groups are updated on the user object. Integration test has been extended to avoid the regression in the future.
klizhentas
added a commit
that referenced
this issue
Jan 11, 2020
This commit fixes #3252 Security patches 4.2 introduced a regression - leaf clusters ignore role mapping and attempt to use role names coming from identity of the root cluster whenever GetNodes method was used. This commit reverts back the logic, however it ensures that the original fix is preserved - traits and groups are updated on the user object. Integration test has been extended to avoid the regression in the future.
klizhentas
added a commit
that referenced
this issue
Jan 11, 2020
This commit fixes #3252 Security patches 4.2 introduced a regression - leaf clusters ignore role mapping and attempt to use role names coming from identity of the root cluster whenever GetNodes method was used. This commit reverts back the logic, however it ensures that the original fix is preserved - traits and groups are updated on the user object. Integration test has been extended to avoid the regression in the future.
This was referenced Jan 13, 2020
klizhentas
added a commit
that referenced
this issue
Jan 14, 2020
This commit fixes #3252 Security patches 4.2 introduced a regression - leaf clusters ignore role mapping and attempt to use role names coming from identity of the root cluster whenever GetNodes method was used. This commit reverts back the logic, however it ensures that the original fix is preserved - traits and groups are updated on the user object. Integration test has been extended to avoid the regression in the future.
klizhentas
added a commit
that referenced
this issue
Jan 15, 2020
This commit fixes #3252 Security patches 4.2 introduced a regression - leaf clusters ignore role mapping and attempt to use role names coming from identity of the root cluster whenever GetNodes method was used. This commit reverts back the logic, however it ensures that the original fix is preserved - traits and groups are updated on the user object. Integration test has been extended to avoid the regression in the future.
klizhentas
added a commit
that referenced
this issue
Jan 15, 2020
This commit fixes #3252 Security patches 4.2 introduced a regression - leaf clusters ignore role mapping and attempt to use role names coming from identity of the root cluster whenever GetNodes method was used. This commit reverts back the logic, however it ensures that the original fix is preserved - traits and groups are updated on the user object. Integration test has been extended to avoid the regression in the future.
russjones
pushed a commit
that referenced
this issue
Feb 21, 2020
This commit fixes #3252 Security patches 4.2 introduced a regression - leaf clusters ignore role mapping and attempt to use role names coming from identity of the root cluster whenever GetNodes method was used. This commit reverts back the logic, however it ensures that the original fix is preserved - traits and groups are updated on the user object. Integration test has been extended to avoid the regression in the future.
russjones
pushed a commit
that referenced
this issue
Feb 21, 2020
This commit fixes #3252 Security patches 4.2 introduced a regression - leaf clusters ignore role mapping and attempt to use role names coming from identity of the root cluster whenever GetNodes method was used. This commit reverts back the logic, however it ensures that the original fix is preserved - traits and groups are updated on the user object. Integration test has been extended to avoid the regression in the future.
r0mant
pushed a commit
that referenced
this issue
May 15, 2020
This commit fixes #3252 Security patches 4.2 introduced a regression - leaf clusters ignore role mapping and attempt to use role names coming from identity of the root cluster whenever GetNodes method was used. This commit reverts back the logic, however it ensures that the original fix is preserved - traits and groups are updated on the user object. Integration test has been extended to avoid the regression in the future.
r0mant
added a commit
that referenced
this issue
May 18, 2020
This commit fixes #3252 Security patches 4.2 introduced a regression - leaf clusters ignore role mapping and attempt to use role names coming from identity of the root cluster whenever GetNodes method was used. This commit reverts back the logic, however it ensures that the original fix is preserved - traits and groups are updated on the user object. Integration test has been extended to avoid the regression in the future. Co-authored-by: Sasha Klizhentas <[email protected]>
3 tasks
knisbet
pushed a commit
that referenced
this issue
Oct 5, 2020
* Re-sync branch e-ref * Fix role mapping for trusted clusters This commit fixes #3252 Security patches 4.2 introduced a regression - leaf clusters ignore role mapping and attempt to use role names coming from identity of the root cluster whenever GetNodes method was used. This commit reverts back the logic, however it ensures that the original fix is preserved - traits and groups are updated on the user object. Integration test has been extended to avoid the regression in the future. * Updated CHANGELOG.md. * Release 3.2.15. * Revendor golang.org/x/crypto. Update golang.org/x/crypto to mitigate CVE-2020-9283. See the following link for more details: https://groups.google.com/forum/#!msg/golang-announce/3L45YRc91SY/ywEPcKLnGQAJ * Updated CHANGELOG.md. * Release 3.2.16. * Update github.com/russellhaering/goxmldsig to v1.1.0 See GHSA-q547-gmf8-8jr7 * set version to 3.2.17-gravity Co-authored-by: Sasha Klizhentas <[email protected]> Co-authored-by: Russell Jones <[email protected]> Co-authored-by: Andrew Lytvynov <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Have a question? Please use Our Forum
What happened:
Security patches post 4.2 introduced the regression - leaf cluster ignores role mapping
and attempts to use role names coming from identity of the root cluster
What you expected to happen:
Mapping should work as designed
How to reproduce it (as minimally and precisely as possible):
admin,devdevrole from the trusted cluster setuptsh login leaf; tsh lsadminis not found", although it should not be expected to exist in the first placeEnvironment:
teleport version):4.1.13+
The text was updated successfully, but these errors were encountered: