gravitational · jentfoo · Jan 24, 2024 · Jan 23, 2024 · Jan 11, 2024 · Jan 23, 2024
diff --git a/api/proto/teleport/legacy/types/types.proto b/api/proto/teleport/legacy/types/types.proto
@@ -3276,14 +3276,8 @@ message LoginStatus {
     (gogoproto.nullable) = false,
     (gogoproto.jsontag) = "lock_expires,omitempty"
   ];
-  // RecoveryAttemptLockExpires contains the time when this lock will expire
-  // from reaching MaxAccountRecoveryAttempts. This field is used to determine
-  // if a user got locked from recovery attempts.
-  google.protobuf.Timestamp RecoveryAttemptLockExpires = 5 [
-    (gogoproto.stdtime) = true,
-    (gogoproto.nullable) = false,
-    (gogoproto.jsontag) = "recovery_attempt_lock_expires,omitempty"
-  ];
+  reserved 5; // removed "google.protobuf.Timestamp RecoveryAttemptLockExpires" after lockout was removed
+  reserved "RecoveryAttemptLockExpires";
 }
 
 // CreatedBy holds information about the person or agent who created the user

diff --git a/api/types/types.pb.go b/api/types/types.pb.go
diff --git a/api/types/user.go b/api/types/user.go
@@ -80,8 +80,6 @@ type User interface {
 	GetStatus() LoginStatus
 	// SetLocked sets login status to locked
 	SetLocked(until time.Time, reason string)
-	// SetRecoveryAttemptLockExpires sets the lock expiry time for both recovery and login attempt.
-	SetRecoveryAttemptLockExpires(until time.Time, reason string)
 	// ResetLocks resets lock related fields to empty values.
 	ResetLocks()
 	// SetRoles sets user roles
@@ -527,18 +525,11 @@ func (u *UserV2) SetLocked(until time.Time, reason string) {
 	u.Spec.Status.LockedTime = time.Now().UTC()
 }
 
-// SetRecoveryAttemptLockExpires sets the lock expiry time for both recovery and login attempt.
-func (u *UserV2) SetRecoveryAttemptLockExpires(until time.Time, reason string) {
-	u.Spec.Status.RecoveryAttemptLockExpires = until
-	u.SetLocked(until, reason)
-}
-
 // ResetLocks resets lock related fields to empty values.
 func (u *UserV2) ResetLocks() {
 	u.Spec.Status.IsLocked = false
 	u.Spec.Status.LockedMessage = ""
 	u.Spec.Status.LockExpires = time.Time{}
-	u.Spec.Status.RecoveryAttemptLockExpires = time.Time{}
 }
 
 // DeepCopy creates a clone of this user value.

diff --git a/docs/pages/access-controls/sso.mdx b/docs/pages/access-controls/sso.mdx
@@ -100,7 +100,6 @@ spec:
     is_locked: false
     lock_expires: "0001-01-01T00:00:00Z"
     locked_time: "0001-01-01T00:00:00Z"
-    recovery_attempt_lock_expires: "0001-01-01T00:00:00Z"
   traits:
     github_teams:
     - my-team

diff --git a/e2e/config/state.yaml b/e2e/config/state.yaml
@@ -17,7 +17,6 @@ spec:
     is_locked: false
     lock_expires: "0001-01-01T00:00:00Z"
     locked_time: "0001-01-01T00:00:00Z"
-    recovery_attempt_lock_expires: "0001-01-01T00:00:00Z"
   traits:
     aws_role_arns: null
     azure_identities: null
@@ -30,4 +29,4 @@ spec:
     logins:
       - root
     windows_logins: null
-version: v2
+version: v2
diff --git a/integrations/operator/crdgen/testdata/protofiles/teleport/legacy/types/types.proto b/integrations/operator/crdgen/testdata/protofiles/teleport/legacy/types/types.proto
@@ -3081,14 +3081,8 @@ message LoginStatus {
     (gogoproto.nullable) = false,
     (gogoproto.jsontag) = "lock_expires,omitempty"
   ];
-  // RecoveryAttemptLockExpires contains the time when this lock will expire
-  // from reaching MaxAccountRecoveryAttempts. This field is used to determine
-  // if a user got locked from recovery attempts.
-  google.protobuf.Timestamp RecoveryAttemptLockExpires = 5 [
-    (gogoproto.stdtime) = true,
-    (gogoproto.nullable) = false,
-    (gogoproto.jsontag) = "recovery_attempt_lock_expires,omitempty"
-  ];
+  reserved 5;  // removed "google.protobuf.Timestamp RecoveryAttemptLockExpires" after lockout was removed
+  reserved "RecoveryAttemptLockExpires";
 }
 
 // CreatedBy holds information about the person or agent who created the user