Skip to content

docs: document label expressions#27811

Merged
nklaassen merged 4 commits intomasterfrom
nklaassen/docs-label-expressions
Jun 14, 2023
Merged

docs: document label expressions#27811
nklaassen merged 4 commits intomasterfrom
nklaassen/docs-label-expressions

Conversation

@nklaassen
Copy link
Copy Markdown
Contributor

@nklaassen nklaassen commented Jun 13, 2023

This commit adds documentation for the label expressions feature described in RFD 116.

nklaassen
nklaassen commented Jun 13, 2023
View reviewed changes
Comment thread docs/pages/access-controls/reference.mdx Outdated
Copy link
Copy Markdown
Contributor Author

@nklaassen nklaassen Jun 13, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is an important distinction, when a role explicitly denies something that means that no other role can allow access to it, even through an access request.

Comment thread docs/pages/includes/role-spec.mdx Outdated
Comment on lines 131 to 135
Copy link
Copy Markdown
Contributor Author

@nklaassen nklaassen Jun 13, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I copied this text from the existing comment on app_labels, it seems much better

Comment thread docs/pages/reference/predicate-language.mdx Outdated
Copy link
Copy Markdown
Contributor Author

@nklaassen nklaassen Jun 13, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I intentionally added some spaces in a few of these code snippets to allow line breaks in acceptable positions

@nklaassen nklaassen force-pushed the nklaassen/docs-label-expressions branch from 5841d45 to 306401a Compare June 13, 2023 16:49
@nklaassen
docs: document label expressions
fcbc55f 
This commit adds documentation for the label expressions feature
described in RFD 116.
@nklaassen nklaassen force-pushed the nklaassen/docs-label-expressions branch from 306401a to fcbc55f Compare June 13, 2023 16:54
@nklaassen nklaassen marked this pull request as ready for review June 13, 2023 16:54
@ptgott ptgott self-assigned this Jun 13, 2023
ptgott
ptgott approved these changes Jun 13, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@ptgott ptgott left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved with minor suggestions

Comment thread docs/pages/access-controls/reference.mdx Outdated
Comment thread docs/pages/reference/predicate-language.mdx Outdated
Comment thread docs/pages/reference/predicate-language.mdx Outdated
Comment thread docs/pages/reference/predicate-language.mdx Outdated
@nklaassen @ptgott
Apply suggestions from code review
91976de 
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
rosstimothy
rosstimothy approved these changes Jun 14, 2023
View reviewed changes
Comment thread docs/pages/access-controls/reference.mdx Outdated

```yaml
kind: role
version: v5
Copy link
Copy Markdown
Contributor

@rosstimothy rosstimothy Jun 14, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are label expressions available in rove v5?

Suggested change
version: v5
version: v6

Copy link
Copy Markdown
Contributor Author

@nklaassen nklaassen Jun 14, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They actually work fine all the way back to role v3. Our role versioning is weird, it really just changes the meaning of empty/default values, and we manually block some features in older versions, but I don't think there's any reason to block label expressions

zmb3
zmb3 approved these changes Jun 14, 2023
View reviewed changes
Comment thread docs/pages/access-controls/reference.mdx Outdated
Comment thread docs/pages/access-controls/reference.mdx
contains(user.spec.traits["teams"], labels["team"])
```

The `<kind>_labels_expression` fields have the same purpose of the
Copy link
Copy Markdown
Collaborator

@zmb3 zmb3 Jun 13, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can only specify one of <kind>_labels or <kind>_labels_expression, right? Worth mentioning that here?

Copy link
Copy Markdown
Contributor Author

@nklaassen nklaassen Jun 14, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can specify both if you really want to, added a short blurb to explain that

nklaassen and others added 2 commits June 14, 2023 12:33
@nklaassen @rosstimothy
use v6 role
48f9090 
Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
@nklaassen
explain setting both <kind>_labels and <kind>_labels_expression
8fc469a
@nklaassen nklaassen added this pull request to the merge queue Jun 14, 2023
Merged via the queue into master with commit 4f01053 Jun 14, 2023
@nklaassen nklaassen deleted the nklaassen/docs-label-expressions branch June 14, 2023 23:47
@public-teleport-github-review-bot
Copy link
Copy Markdown

public-teleport-github-review-bot Bot commented Jun 14, 2023

@nklaassen See the table below for backport results.

Branch Result
branch/v13 Create PR

@nklaassen nklaassen mentioned this pull request Jun 14, 2023
Merged
@nklaassen nklaassen mentioned this pull request Jun 15, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zmb3 zmb3 zmb3 approved these changes

@ptgott ptgott ptgott approved these changes

@rosstimothy rosstimothy rosstimothy approved these changes

Assignees

@ptgott ptgott

Labels

documentation size/md

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@nklaassen @zmb3 @ptgott @rosstimothy