Skip to content

Add and map the MDM system role#26395

Merged
codingllama merged 4 commits intomasterfrom
codingllama/dt-rolemdm
May 17, 2023
Merged

Add and map the MDM system role#26395
codingllama merged 4 commits intomasterfrom
codingllama/dt-rolemdm

Conversation

@codingllama
Copy link
Copy Markdown
Contributor

@codingllama codingllama commented May 16, 2023

Add the MDM system role and code the necessary mappings.

The PR also specializes the output for "mdm" tokens in tctl tokens add.

For example:

$ tctl tokens add --type=mdm
> The invite token: 3aca68eaccb13571cf0fb19b41fd31bd
> This token will expire in 30 minutes.
> 
> Use this token to add an MDM service to Teleport.
> 
> > teleport start \
>    --token=3aca68eaccb13571cf0fb19b41fd31bd \
>    --ca-pin=sha256:4b32d9c54b2b3332019d5f0720b8f9a603de03ace07d308bcd743465eee1f200 \
>    -c=/path/to/mdm_service.yaml

This PR is part of the groundwork necessary for the new "MDM service".

https://github.com/gravitational/teleport.e/issues/826

@codingllama codingllama requested review from mdwn and strideynet May 16, 2023 20:24
@github-actions github-actions Bot added size/sm tctl tctl - Teleport admin tool labels May 16, 2023
@github-actions github-actions Bot requested review from atburke and zmb3 May 16, 2023 20:25
zmb3
zmb3 approved these changes May 16, 2023
View reviewed changes
Comment thread tool/tctl/common/token_command.go Outdated
@codingllama codingllama force-pushed the codingllama/dt-rolemdm branch 2 times, most recently from f040b9a to ef3c9c5 Compare May 17, 2023 15:34
@codingllama
Copy link
Copy Markdown
Contributor Author

codingllama commented May 17, 2023

Friendly ping @mdwn @strideynet @atburke ?

mdwn
mdwn approved these changes May 17, 2023
View reviewed changes
Comment thread lib/authz/permissions.go Outdated
@codingllama
Copy link
Copy Markdown
Contributor Author

codingllama commented May 17, 2023

Thanks everyone for the quick +1s.

@codingllama
Copy link
Copy Markdown
Contributor Author

codingllama commented May 17, 2023

I just realized that TestLocalServiceRolesHavePermissionsForUploaderService is failing, as it wants RoleMDM to have powers to write events. Chatting with @zmb3 to figure out the best way forward.

@codingllama codingllama force-pushed the codingllama/dt-rolemdm branch from ef3c9c5 to 2e39f57 Compare May 17, 2023 17:29
@codingllama codingllama force-pushed the codingllama/dt-rolemdm branch from 2e39f57 to c9febe6 Compare May 17, 2023 17:30
@codingllama
Copy link
Copy Markdown
Contributor Author

codingllama commented May 17, 2023

Pushed c9febe6 to address the previous comment. I'll take a look at uploader role selection in a follow-up PR.

@codingllama codingllama enabled auto-merge May 17, 2023 17:31
@codingllama codingllama added this pull request to the merge queue May 17, 2023
Merged via the queue into master with commit a4d168f May 17, 2023
@codingllama codingllama deleted the codingllama/dt-rolemdm branch May 17, 2023 18:02
@public-teleport-github-review-bot
Copy link
Copy Markdown

public-teleport-github-review-bot Bot commented May 17, 2023

@codingllama See the table below for backport results.

Branch Result
branch/v13 Create PR

This was referenced May 17, 2023
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zmb3 zmb3 zmb3 approved these changes

@atburke atburke atburke approved these changes

+1 more reviewer

@mdwn mdwn mdwn approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

size/sm tctl tctl - Teleport admin tool

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@codingllama @mdwn @zmb3 @atburke