always generate request IDs server-side#31760
Merged
fspmarshall merged 2 commits intomasterfrom Sep 13, 2023
Merged
Conversation
github-actions
Bot
requested review from
espadolini,
marcoandredinis and
tigrato
github-actions
Bot
added
size/sm
tctl
espadolini
approved these changes
Sep 12, 2023
Contributor
espadolini
left a comment
espadolini
left a comment
There was a problem hiding this comment.
Is the v14 backport only going to contain client changes?
tigrato
approved these changes
Sep 12, 2023
public-teleport-github-review-bot
Bot
removed request for
jentfoo and
marcoandredinis
rosstimothy
reviewed
Sep 12, 2023
Contributor
There was a problem hiding this comment.
Let's not forget to circle back and update this to point at the commit on master when the accompanying PR in e lands
jentfoo
approved these changes
Sep 12, 2023
Contributor
jentfoo
left a comment
jentfoo
left a comment
There was a problem hiding this comment.
Overall changes look good, but it looks like integration tests are still trying to use the old CreateAccessRequest
fspmarshall
force-pushed
the
fspmarshall/server-side-request-ids
branch
2 times, most recently
from
0bc19db to
636dcdf
Compare
fspmarshall
force-pushed
the
fspmarshall/server-side-request-ids
branch
from
636dcdf to
5623215
Compare
|
@fspmarshall See the table below for backport results.
|
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Sep 14, 2023
* always generate request IDs server-side (#31760) * server-side request ids * update e-ref
camscale
added a commit
to gravitational/teleport-plugins
that referenced
this pull request
Sep 21, 2023
Update Teleport version to 14.0.0 from 13.8.8. The former has now been released and is available. Update the Go version to 1.21.1, as used by Teleport 14. Fix a couple of tests that used `lib/client.Client.CreateAccessRequest()` to use `CreateAccessRequestV2()` as that supersedes the former. The fix is as per gravitational/teleport#31760. Co-authored-by: Cam Hutchison <camh@goteleport.com>
camscale
added a commit
to gravitational/teleport-plugins
that referenced
this pull request
Sep 21, 2023
Update Teleport version to 14.0.0 from 13.8.8. The former has now been released and is available. Update the Go version to 1.21.1, as used by Teleport 14. Fix a couple of tests that used `lib/client.Client.CreateAccessRequest()` to use `CreateAccessRequestV2()` as that supersedes the former. The fix is as per gravitational/teleport#31760. Co-authored-by: Cam Hutchison <camh@goteleport.com>
marcoandredinis
added a commit
to gravitational/teleport-plugins
that referenced
this pull request
Sep 21, 2023
Update Teleport version to 14.0.0 from 13.8.8. The former has now been released and is available. Update the Go version to 1.21.1, as used by Teleport 14. Fix a couple of tests that used `lib/client.Client.CreateAccessRequest()` to use `CreateAccessRequestV2()` as that supersedes the former. The fix is as per gravitational/teleport#31760. Co-authored-by: Cam Hutchison <camh@goteleport.com>
marcoandredinis
added a commit
to gravitational/teleport-plugins
that referenced
this pull request
Sep 21, 2023
* Prepare for Teleport V14 Update Teleport version to 14.0.0 from 13.8.8. The former has now been released and is available. Update the Go version to 1.21.1, as used by Teleport 14. Fix a couple of tests that used `lib/client.Client.CreateAccessRequest()` to use `CreateAccessRequestV2()` as that supersedes the former. The fix is as per gravitational/teleport#31760. Co-authored-by: Cam Hutchison <camh@goteleport.com> * Update go.mod to Teleport 14 tag Update the go.mod file to use Teleport 14 from the tag not the branch by running: make update-teleport-dep-version VERSION=14.0.0 The codeql workflow still seems to use an older version of Go which fails to parse the new `toolchain` directive in `go.mod`, so add a "Set up Go" step the same as the Teleport repo to ensure the latest version is installed for the workflow. * Update protoc-gen-terraform version to 2.1.0 Use 2.1.0 as this is the current latest of gravitational/protoc-gen-terraform, and the instructions say to use the latest. * Specify RoleV6...KuberbetesResources.Verbs as computed Specify `RoleV6.Spec.Allow.KubernetesResources.Verbs` as a computed field and re-generate the terraform provider. This is needed as the verbs field has a default value of `[ "*" ]`, which causes the error: role_test.go:244: Step 7/8 error: Error running apply: exit status 1 Error: Provider produced inconsistent result after apply When applying changes to teleport_role.upgrade, provider "provider[\"registry.terraform.io/hashicorp/teleport\"]" produced an unexpected new value: .spec.allow.kubernetes_resources[0].verbs: was null, but now cty.ListVal([]cty.Value{cty.StringVal("*")}). This is a bug in the provider, which should be reported in the provider's own issue tracker. Ideally this would not be computed but would have a default specified instead, but it does not look like we can do that with the current generator. --------- Co-authored-by: Cam Hutchison <camh@goteleport.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Improve best-practices around Access Request ID generation. This change is relatively minor, but needs to land in a major version since it deprecates an API.
Related: https://github.com/gravitational/teleport.e/pull/2194
Note: this has been manually tested using both UI and CLI request flows.
Changelog: Security improvements for access request API (users may be prompted to upgrade
tsh).