set cluster connector name on signin for first cloud user#17834
Merged
JanKaczmarkiewicz merged 41 commits intomasterfrom Nov 14, 2022
Merged
set cluster connector name on signin for first cloud user#17834JanKaczmarkiewicz merged 41 commits intomasterfrom
JanKaczmarkiewicz merged 41 commits intomasterfrom
Conversation
jimbishopp
reviewed
Nov 7, 2022
mcbattirola
reviewed
Nov 7, 2022
added 6 commits
November 7, 2022 17:18
nklaassen
reviewed
Nov 8, 2022
nklaassen
reviewed
Nov 8, 2022
codingllama
reviewed
Nov 10, 2022
codingllama
reviewed
Nov 10, 2022
Contributor
codingllama
left a comment
codingllama
left a comment
There was a problem hiding this comment.
Looks good, thanks for the updating the PR description too.
Holding out a bit more for:
- Tests for clusters with non-"local" connectors and
- A resolution to the "NewTestAuthServer" thread
Co-authored-by: Alan Parra <alan.parra@goteleport.com>
codingllama
reviewed
Nov 10, 2022
…ange custom connector" Co-authored-by: Alan Parra <alan.parra@goteleport.com>
codingllama
approved these changes
Nov 10, 2022
nklaassen
approved these changes
Nov 10, 2022
JanKaczmarkiewicz
added a commit
that referenced
this pull request
Nov 14, 2022
* feat: set cluster connector name on first user signin * perf: move is passwordless enabled before get users * fix: move logic to correct handler * test: test setting default passwordless connector name for cloud (positive case) * test: add negative test cases * refactor: flatten nested code * fix: remove return in case auth preference was not set * fix: run logic only in cloud * docs: typo * fix: run when passwordless * test: move trySettingConnectorNameToPasswordless as separete method * docs: add safety comments * test: rephrase safety comment * refactor: remove space between call and error check * fix: remove unnessesery error log from trySettingConnectorNameToPasswordless * refactor: pass context, rename session context * docs: add description to trySettingConnectorNameToPasswordless * test: add descriptive assertion text Co-authored-by: Alan Parra <alan.parra@goteleport.com> * refactor: simplify error handilng Co-authored-by: Alan Parra <alan.parra@goteleport.com> * fix: check for non default setting Co-authored-by: Alan Parra <alan.parra@goteleport.com> * test: correct RPID * refactor: simplify user creation Co-authored-by: Alan Parra <alan.parra@goteleport.com> * docs: fix typo Co-authored-by: Alan Parra <alan.parra@goteleport.com> * test: reorder name filed in the test cases struct * test: better names for test cases * refactor: generate token instead of hardcoding arbitrary value * test: remove user agent header * fix: check for empty password * docs: add passwordless check description Co-authored-by: Alan Parra <alan.parra@goteleport.com> * test: add "first cloud sign-in does not change custom connector" * test: use correct number of users in "first cloud sign-in does not change custom connector" Co-authored-by: Alan Parra <alan.parra@goteleport.com> * test: remove is cloud check from test helpers, instead use config * refactor: store is_passwordless_registration in variable * test: first cloud sign-in with password does not change connector * refactor: change isPasswordlessRegistration name Co-authored-by: Alan Parra <alan.parra@goteleport.com>
JanKaczmarkiewicz
added a commit
that referenced
this pull request
Nov 16, 2022
…18445) * feat: set cluster connector name on first user signin * perf: move is passwordless enabled before get users * fix: move logic to correct handler * test: test setting default passwordless connector name for cloud (positive case) * test: add negative test cases * refactor: flatten nested code * fix: remove return in case auth preference was not set * fix: run logic only in cloud * docs: typo * fix: run when passwordless * test: move trySettingConnectorNameToPasswordless as separete method * docs: add safety comments * test: rephrase safety comment * refactor: remove space between call and error check * fix: remove unnessesery error log from trySettingConnectorNameToPasswordless * refactor: pass context, rename session context * docs: add description to trySettingConnectorNameToPasswordless * test: add descriptive assertion text Co-authored-by: Alan Parra <alan.parra@goteleport.com> * refactor: simplify error handilng Co-authored-by: Alan Parra <alan.parra@goteleport.com> * fix: check for non default setting Co-authored-by: Alan Parra <alan.parra@goteleport.com> * test: correct RPID * refactor: simplify user creation Co-authored-by: Alan Parra <alan.parra@goteleport.com> * docs: fix typo Co-authored-by: Alan Parra <alan.parra@goteleport.com> * test: reorder name filed in the test cases struct * test: better names for test cases * refactor: generate token instead of hardcoding arbitrary value * test: remove user agent header * fix: check for empty password * docs: add passwordless check description Co-authored-by: Alan Parra <alan.parra@goteleport.com> * test: add "first cloud sign-in does not change custom connector" * test: use correct number of users in "first cloud sign-in does not change custom connector" Co-authored-by: Alan Parra <alan.parra@goteleport.com> * test: remove is cloud check from test helpers, instead use config * refactor: store is_passwordless_registration in variable * test: first cloud sign-in with password does not change connector * refactor: change isPasswordlessRegistration name Co-authored-by: Alan Parra <alan.parra@goteleport.com> Co-authored-by: Alan Parra <alan.parra@goteleport.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Automatically set the passwordless cluster authentication preference for cloud users.
When the first user chooses to sign in with passwordless,
cluster_auth_preference.connector_namewill be set to"passwordless". This will instruct login and sign-in flow to usepasswordlessas the default method (the user can still choose another available method).Testing guide:
If you run into a missing
DEB_PATHerror you can temporarily restorebuild.assets/charts/Dockerfileold code before https://github.com/gravitational/teleport/pull/17597/files#diff-3b89b68ec0c7abb15cbf57af77d2f3cced352cbe65159772d3b680ef76f9915eImplements RFD: https://github.com/gravitational/cloud/pull/2405
Fixes: https://github.com/gravitational/cloud/issues/2069