Allow non moderated sessions when no-auth connection exists#26074
Merged
Allow non moderated sessions when no-auth connection exists#26074
Conversation
tigrato
force-pushed
the
tigrato/allow-exec-sessions-no-auth
branch
from
a1bb2dc to
4758f9f
Compare
4 tasks
This PR builds the last bit required to allow users to create remote kubernetes sessions when Auth connection is not available or is intermitent. This PR allows a user to continue with the interactive session when the session does not require any moderation. PR #25202 deferred the proxy cert creation for cases where the it's mandatory (kube agent or proxy running version <=12.x.x) which allowed any user to perform simple requests against a Kubernetes cluster even when the cluster Auth server is not operational. On top of that, this PR allows a user to request an interactive session against a pod when auth conectivity is not required as long as the session isn't moderated. Part of #25541 Related to #25202 Implements #26014
tigrato
force-pushed
the
tigrato/allow-exec-sessions-no-auth
branch
from
d16af08 to
a0ac7d0
Compare
rosstimothy
approved these changes
May 15, 2023
AntonAM
approved these changes
May 15, 2023
public-teleport-github-review-bot
Bot
removed request for
timothyb89 and
tobiaszheller
github-merge-queue
Bot
removed this pull request from the merge queue due to failed status checks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR builds the last bit required to allow users to create remote
Kubernetes sessions when Auth connection is not available or is
intermittent.
This PR allows a user to continue with the interactive session when the
session does not require any moderation.
PR #25202 deferred the proxy cert creation for cases where it's
mandatory (kube agent or proxy running version <=12.x.x) which allowed
any user to perform simple requests against a Kubernetes cluster even
when the cluster Auth server is not operational. On top of that, this PR
allows a user to request an interactive session against a pod when auth
connectivity is not required as long as the session isn't moderated.
Part of #25541
Related to #25202
Implements #26014
Integration tests to formally test the behavior and regressions will be added in a separate PR.