Conversation
The plugins interface now supports HasPluginType, which returns true if a plugin of the given type has been detected within the backend.
* Change SyncInventory streams to track missing devices * Update generated protos * Convert new device profile fields * Update fileconf.go example
Within Okta, user groups can assign permission to many applications and applications can belong to many user groups. This commit establishes that mapping so that the Okta service can perform more user friendly access requests by adding all applications from a user group to the access request and additionally allowing application access requests to request associated user groups as well.
The e ref has been updated to pull in the modifications to the NewUserGroup function and to not use deprecated device trust components.
At a minimum, the GitHub app that Teleport uses must have the read:org scope so that we can identify which users are members of which teams. Closes #14825
* make dynamic edit first * expand scope... So that dynamic resource is still the default option for all scopes * add local auth tip... Since we're telling the reader to switch to SAML before it's configured, we should provide a way to log in again using local auth. * provide full path to key... Since updated docs using <code>tctl sso configure</code> won't always include the key for easy reference in its output. * update okta guide to use tctl sso configure * Specify enterprise/cloud tctl downloads... Because <code>tctl sso configure saml</code> is only available in the enterprise tctl versions. This makes this PR dependent on #26124 * strongly encourage testing * use preset flag
* Okta service docs only show in enterprise and cloud. The docs describing the Okta service now only display in the enterprise and cloud scopes. Additionally, some of the wording and variable usage was corrected in the Okta guide. * Update docs/pages/application-access/okta/guide.mdx Co-authored-by: Steven Martin <steven@goteleport.com> --------- Co-authored-by: Steven Martin <steven@goteleport.com>
Reviewer and requester roles have been added to allow for easy defaults for reviewing and requesting applications and user groups for the Okta service.
remove messaging indicating approvals happen directly in slack as that was removed for security concerns
…28051) * AWS OIDC Integration: Deploy DB Service in a single click This PR adds a new AWS OIDC Integration action: deploy database service This uses Amazon ECS to deploy a Database and a Discovery Service in a single click. Please read `lib/integrations/awsoidc.DeployDBService` for more information. * set discovery group to uuid * add agent matcher labels * add tags to indicate ownership * create deployment mode * allow for dot named clusters * rename service and taskdefinition to include deployment mode * add ECS service dashboard url to the response * change ownership tags * remove delete service api call * fix json indent in comment and iam token name
* update message on empty tsh ls results * Update message to have no docs * update verbiage Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> --------- Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
* feat: adds motd to the ui * address review suggestions: - update MOTD to Motd - moved motd state to useLogin - added behaviour tests * add motd test to apiserver_test.go webconfig. update snapshot test to address motd warning * git mv to update MOTD to Motd * multiple fix: - add unmount test - remove motd title - group states together in useLogin - update arrow func to classic js func * remove unused waitForElementToBeRemoved
Closes #9865 Teleport increments this metric whenever there is a request to the backend, not just when there is a write request (see lib/backend/report.go for all the times we call `trackRequest()` to increment this metric). This change updates the metric help text and documentation.
This is the result of running `make manifests` in integrations/operator to update the CRDs with the latest role spec definition, which includes label expressions.
Signed-off-by: Evan Freed <evan.freed@goteleport.com>
`auth_service` is a top level key in the config file, not under `teleport`.
* Use the one-liner in install-linux.mdx Closes #25505 We now have a one-line installation command for Teleport Community Edition. Since the script the command runs already checks the user's OS and attempts to use the appropriate package manager, there is no need for the tabbed installation instructions in the Community Edition tab of `install-linux.mdx`. * Linter fix
* docs: update macos tsh install instructions * spellfix * update verbiage Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Update docs/pages/includes/install-tsh.mdx Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com> --------- Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
…rs (#28132) * permission-warning.mdx: Advise NOT TO give access,editor to users * Give users an alternative rather than indicating what not to do Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> --------- Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
* Add initial opsgenie client (#23707) * Add initial opsgenie client * Embed opsgenie client config in client and move some helper funcs * Fix mod and sum and call to opsgenie client buildalertbody * Add more godocs and use vendored teleport plugins lib * Rename opsgenie client and config to prevent repetition * Fix struct tag in opsgenie alertbody * Fix misleading comment * Add tests to opsgenie client to check note bodies are formatted * Wrap errs with more descriptive types * Close response bodies and fix error handling * Add missing godoc and fix defer and return order * Add missing godocs to opsgenie types * Change opsgenie client test to not depend on json indent etc * Add example of api url to godoc * Undo unnecessary mod and sum changes * Fix go sum * Move opsgenie client code to integrations/lib * Fix typos * Add opsgenie plugin (#25995)
* Update teleport cloud faq.mdx add note indicating automatic upgrades are not triggered if incompatible agents are detected * Update docs/pages/choose-an-edition/teleport-cloud/faq.mdx Co-authored-by: Evan Freed <2314084+evanfreed@users.noreply.github.com> --------- Co-authored-by: Evan Freed <2314084+evanfreed@users.noreply.github.com>
github-actions
Bot
added
database-access
github-actions
Bot
added
tctl
|
@r0mant - this PR will require admin approval to merge due to its size. Consider breaking it up into a series smaller changes. |
marcoandredinis
removed request for
alexfornuto,
lsgunn-teleport and
marcoandredinis
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
discovery_groupparameter ([v13] Documentdiscovery_groupparameter #24712)session.SetEnvs([v13] Revert usage ofsession.SetEnvs#24801)Per Roleper session mfa example accurate ([v13] Makes thePer Roleper session mfa example accurate #24926)auth.Serveritself toinventory.NewController#25008)listen_addrtoweb_listen_addrin custom Helm deployment guide ([v13] docs: Changelisten_addrtoweb_listen_addrin custom Helm deployment guide #24975)disconnect_expired_certwhen Kube Identity forwarding is used ([v13] Fixdisconnect_expired_certwhen Kube Identity forwarding is used #25058)tsh benchcommands ([v13] Hidetsh benchcommands #25092)kube_service([v13] Fixes cache init problem with missingkube_service#25006)tsh ssh --headless([v13] Avoid prompting users for mfa when usingtsh ssh --headless#25164)ssh_service.public_addrsinIsMFARequiredcheck #25219)GenerateUserCerts#24955)underlying reader not a terminalissues ([v13] Fixunderlying reader not a terminalissues #25241)auth.TLSServer#25273)TestAuthSignKubeconfigtest ([v13] FixTestAuthSignKubeconfigtest #25268)tsh kube login([v13] Add option to override kube context ontsh kube login#25252)TestKubernetesLicenseEnforcementdata race ([v13] FixTestKubernetesLicenseEnforcementdata race #25478)RoleRemoteProxyto list 'kube_servers` when no Kube license ([v13] AllowRoleRemoteProxyto listkube_serverswhen cluster isn't licensed for Kubernetes #25492)eref #25600)eref (Updateeref #25726)tsh bench ssh --random([v13] Reuse resources fortsh bench ssh --random#25698)SetFeaturesmethod to modules ([v13] AddSetFeaturesmethod to modules #25654)not a valid Unix loginlogging ([v13] Removenot a valid Unix loginlogging #25838)not a valid Unix loginlogging ([v13] Removenot a valid Unix loginlogging #25838)go envvalues ([v13] Makefile: cachego envvalues #25894)tsh fido2 attobj([v13] Add the debug commandtsh fido2 attobj#25923)apt/yum/dnfinstead ofdpkg/rpm([v13] docs: instruct users to useapt/yum/dnfinstead ofdpkg/rpm#25937)TestLoadConfigFromProfile#25969)--setformatting ([v13] Change Helm reference--setformatting #25509)ssh_portsession start intossh_port_v2,k8s_port([v13] usagereporter: split thessh_portsession start intossh_port_v2,k8s_port#26062)authclient.Connect([v13] Fix GoRoutine leak inauthclient.Connect#26125)tbot([v13] Add pprof diagnostics endpoints totbot#26117)lib/client([v13] Revert usage of grpc error interceptors inlib/client#26271)tsh kube join([v13] TLS Routing behind ALB:tsh kube join#26283)electronandelectron-builder([v13] Updateelectronandelectron-builder#26327)gravitational/protobuffork tag (Updategravitational/protobuffork tag #26373) ([v13]: Updategravitational/protobuffork tag (#26373) #26488)kubectl auth can-isupport forkubernetes_resourcesRBAC rules ([v13] Extendkubectl auth can-isupport forkubernetes_resourcesRBAC rules #26584)teleport join opensshoneshot command ([V13] Add certificate rotation toteleport join opensshoneshot command #26674)tsh lssupport for multiple labels ([v13] Describetsh lssupport for multiple labels #26539)cgroup2when restarting ([v13] Don't unmountcgroup2when restarting #26728)crypto.randomUUID#26611)build.assets/tooling(Update dependencies forbuild.assets/tooling#26907) ([v13] Update dependencies forbuild.assets/tooling(#26907) #26918)--add-keys-to-agent=no#26929)clusterNamecontains a colon ([v13] helm: Fail to install ifclusterNamecontains a colon #26973)buf breaking#26793)terserandminimatch(#26919) (#27025)kingpin& allow autocompletion (#26238) (#26999)e(#27087)tsh app login. (#26820)TestKube/Joindata race (#26619) (#27124)tsh kubectlsupport for tracer exporter (#27130)buf breakingCI action (#26833)v1.53.1and upgradedepguardconfig tov2(#27293)config.js(#26785) (#27362)Node(#27018) (#27442)tsh app login --cluster=leaf(#27197)teleport-kube-agentupgrade server (#27572)github.com/gravitational/predicatetov1.3.1(#27483)teleport-kube-agentpost-delete hook (#27637)nodelock to useserver_idinstead (#27621)TestHeadlessAuthenticationWatcher_WaitForUpdate(#27765)server-id(#27845)backend_read_secondsduration (#27857)TestDiagnoseSSHConnectionflakiness (#27762) (#27849)UpsertAuthServer(#27887)tctl auth signis used (#27928)tshprivilege elevation for TPM enrollment (#27959)tbot(#27946)pagerdutyplugin source intoteleport(#27612)tshrelogin on not found errors (#27974)Assistimport so it does not break storybook (#28047)eref (#28144)useradd(#28194)assume_role_arnfor database dynamic resources (#28039) (#28210)denyarm ofkubernetes_resources(#28285)kubernetes_usersandkubernetes_groups(#28323)admindatabase permission requirement for MongoDB (#28362)e(#28406)editorchanges (#28209) (#28481)e(#28605)tsh db connectshould prefer mongosh (#28668)ereference (#28684)database_labelstodb_labels(#28687)googleclaim is not present (#28759)exit_on_synctoggle (#28394) (#28415)tsh kube credentialslock when no-login is required (#28811)assume_role_arnfor Kube cluster matchers (#28282) (#28832)sqlcmdsupport (#28944)ProxyGroupsupport to reverse tunnels (#28930)eref to enable PagerDuty plugin (#28986)tsh request searchwhenreplicas>1(#28889)teleport discovery boostrap(#29002)dynamicCredsConfig(#29058)sqliteproperly (#29099)closeinstead ofexit; Fix FailedApp theme (#29108)sqlite(#29130)