Skip to content

Store original roles with user login state.#34257

Merged
mdwn merged 2 commits intomasterfrom
mike.wilson/user-login-state-original
Nov 8, 2023
Merged

Store original roles with user login state.#34257
mdwn merged 2 commits intomasterfrom
mike.wilson/user-login-state-original

Conversation

@mdwn
Copy link
Copy Markdown
Contributor

@mdwn mdwn commented Nov 6, 2023

The user's original static roles are now stored along with the user login state. This is necessary to properly recalculate user access on access list membership change, as SSO users will expire after 24 hours, making it impossible to refer to the original user definition to determine the new role membership for the user.

Store original roles with user login state.
8be1672 
The user's original static roles are now stored along with the user login
state. This is necessary to properly recalculate user access on access list
membership change, as SSO users will expire after 24 hours, making it
impossible to refer to the original user definition to determine the new
role membership for the user.
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Nov 6, 2023

The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with changelog: followed by the changelog entries for the PR.

@mdwn mdwn added the no-changelog Indicates that a PR does not require a changelog entry label Nov 6, 2023
@zmb3
Copy link
Copy Markdown
Collaborator

zmb3 commented Nov 6, 2023

Any concerns with backwards compatibility here? (Doesn't look like it, though a subsequent PR probably needs to be careful to handle the case where one of the original roles no longer exists..)

@mdwn
Copy link
Copy Markdown
Contributor Author

mdwn commented Nov 6, 2023

Any concerns with backwards compatibility here? (Doesn't look like it, though a subsequent PR probably needs to be careful to handle the case where one of the original roles no longer exists..)

No, but totally agreed. I'll need to ensure that the consumers of this look after this situation carefully.

zmb3
zmb3 approved these changes Nov 6, 2023
View reviewed changes
Comment thread api/proto/teleport/userloginstate/v1/userloginstate.proto Outdated
Comment thread lib/auth/userloginstate/generator_test.go Outdated
Comment thread lib/auth/userloginstate/generator_test.go Outdated
tigrato
tigrato approved these changes Nov 8, 2023
View reviewed changes
Comment thread api/proto/teleport/userloginstate/v1/userloginstate.proto Outdated
@mdwn mdwn enabled auto-merge November 8, 2023 18:42
@mdwn mdwn added this pull request to the merge queue Nov 8, 2023
Merged via the queue into master with commit 6fe920d Nov 8, 2023
@mdwn mdwn deleted the mike.wilson/user-login-state-original branch November 8, 2023 19:13
@public-teleport-github-review-bot
Copy link
Copy Markdown

public-teleport-github-review-bot Bot commented Nov 8, 2023

@mdwn See the table below for backport results.

Branch Result
branch/v13 Create PR
branch/v14 Create PR

This was referenced Nov 8, 2023
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tigrato tigrato tigrato approved these changes

@zmb3 zmb3 zmb3 approved these changes

Assignees

No one assigned

Labels

no-changelog Indicates that a PR does not require a changelog entry size/sm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mdwn @zmb3 @tigrato