From ab0bcdd75bf816d61b70fd0d684af12d1018090b Mon Sep 17 00:00:00 2001 From: Lisa Gunn Date: Wed, 11 Oct 2023 13:42:05 -0700 Subject: [PATCH] Add Docker to Mattermost plugin --- .../ssh-approval-mattermost.mdx | 32 ++++++++++++------- 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/docs/pages/access-controls/access-request-plugins/ssh-approval-mattermost.mdx b/docs/pages/access-controls/access-request-plugins/ssh-approval-mattermost.mdx index 5feb9c74f246c..24ddd64e644aa 100644 --- a/docs/pages/access-controls/access-request-plugins/ssh-approval-mattermost.mdx +++ b/docs/pages/access-controls/access-request-plugins/ssh-approval-mattermost.mdx @@ -3,9 +3,9 @@ title: Access Requests with Mattermost description: How to set up Teleport's Mattermost plugin for privilege elevation approvals. --- -This guide will explain how to set up Teleport with Mattermost, an open source -messaging platform. Teleport's Mattermost notifies individuals of -Access Requests. Users can then approve and deny Access Requests by following the +This guide explains how to integrate Teleport access requests with Mattermost, an open +source messaging platform. The Teleport Mattermost plugin notifies individuals of +access requests. Users can then approve and deny access requests by following the message link, making it easier to implement security best practices without compromising productivity. @@ -17,13 +17,13 @@ compromising productivity. - A Mattermost account with admin privileges. This plugin has been tested with Mattermost v7.0.1. -- Either a Linux host or Kubernetes cluster where you will run the Mattermost plugin. +- Either a Linux host or Kubernetes cluster where you will run the Teleport Mattermost plugin. - (!docs/pages/includes/tctl.mdx!) ## Step 1/8. Define RBAC resources -Before you set up the Mattermost plugin, you will need to enable Role Access -Requests in the Proxy or Auth Service. +Before you set up the Teleport Mattermost plugin, you need to enable Role Access +Requests in the Teleport Proxy Service or Teleport Auth Service. (!/docs/pages/includes/plugins/editor-request-rbac.mdx!) @@ -34,7 +34,7 @@ Requests in the Proxy or Auth Service. We recommend installing Teleport plugins on the same host as the Teleport Proxy Service. This is an ideal location as plugins have a low memory footprint, and -will require both public internet access and Teleport Auth Service access. +require both public internet access and Teleport Auth Service access. @@ -121,9 +121,9 @@ plugin to use these credentials and post messages in the right channels for your workspace. - -The Mattermost plugin uses a config file in TOML format. On the host where you -will run the Mattermost plugin, generate a boilerplate config by running the + +The Mattermost plugin uses a configuration file in TOML format. On the host where you +will run the Mattermost plugin, generate a boilerplate configuration by running the following commands: ```code @@ -172,7 +172,7 @@ For example, this configuration will notify `first.last@example.com` and the `Town Square` channel in the `myteam` team of any Access Request events: - + ```toml recipients = [ @@ -222,7 +222,7 @@ Mattermost. The final configuration should look similar to this: - + ```yaml # example mattermost configuration TOML file [teleport] @@ -272,6 +272,14 @@ DEBU Watcher connected mattermost/main.go:260 DEBU Mattermost API health check finished ok mattermost/main.go:19 ``` + + +Run the plugin: + +```bash +$ docker run -v :/etc/teleport-mattermost.toml public.ecr.aws/gravitational/teleport-plugin-mattermost:(=teleport.version=) start +``` + After modifying your configuration, run the bot with the following command: