Conversation
github-actions
Bot
requested review from
gabrielcorado,
nklaassen,
ptgott,
r0mant,
xinding33 and
zmb3
Contributor
|
The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with |
1 similar comment
Contributor
|
The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with |
Contributor
|
🤖 Vercel preview here: https://docs-kbrdaloze-goteleport.vercel.app/docs/ver/preview |
r0mant
approved these changes
Jan 10, 2024
mdwn
approved these changes
Jan 11, 2024
| return nil, trace.Wrap(err) | ||
| } | ||
| return &serverInfoCollection{serverInfos: serverInfos}, nil | ||
| case types.KindAccessList: |
Contributor
There was a problem hiding this comment.
This blurb isn't totally needed because tctl acl ls/get exists. I'm not opposed to this though.
Contributor
Author
There was a problem hiding this comment.
title create / title get work in tandem; if one is implemented, I think the second should also be. Subcommands can provide more straightforward ways of interacting with the resource, but get/create/edit/delete are the baseline for everything.
This was not standardized when accesslists were implemented but has been formalized since in RFD-0153: https://github.com/gravitational/teleport/blob/master/rfd/0153-resource-guidelines.md#new-resource-checklist
public-teleport-github-review-bot
Bot
removed request for
gabrielcorado,
nklaassen,
ptgott,
xinding33 and
zmb3
Contributor
|
🤖 Vercel preview here: https://docs-hb5qx5f81-goteleport.vercel.app/docs/ver/preview |
|
@hugoShaka See the table below for backport results.
|
zmb3
pushed a commit
that referenced
this pull request
Jan 12, 2024
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Jan 13, 2024
* Refactor desktop player Adopt an approach similar to the SSH player (more standard react calls and less event emitting). This also updates the progress bar to be more of a "dumb" component that just renders state, and leaves the smoothing out of progress updates to the client. In addition, this adds support for seeking by dragging the progress bar to a particular portion of the video. Fixes #17199 * Prevents EOF from being reported as a tdp.Notification error at the end of every session * Removes duplicated code, handles errors in handleRDPFastPathPDU, ensures we always spit out some message if an error notification pops up in the UI * Add dynamic/ prefix to server info labels (#36219) This change: - Adds the dynamic/ prefix to labels from a server_info resource created with tctl - Forbids labels with the dynamic/ prefix form being used in deny rules for new roles. Existing roles will generate warnings in tctl as well as a cluster alert. * Address deprecation TODOs for or before v15. (#36473) * Convert insecure-drop to drop for unsupported clients (#35803) This change converts the insecure-drop host user creation mode to drop for clients that don't support it. * discovery: remove update if discovery group differs (#36472) * discovery: remove update if discovery group differs This PR removes code marked to be removed in Teleport 15 that updated unconditionally kubernetes and databases that were discovered using a different discovery group. Until this PR, if the `onCreate` function returned `trace.AlreadyExists` error, the resource ended up being updated without any condition. After this PR, the resource is only updated if the existing resource has an empty discovery group. This behavior is kept to ensure that users that migrate from bad configs don't need to delete resources manually. Signed-off-by: Tiago Silva <tiago.silva@goteleport.com> * Update discovery.go Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com> * handle code review suggestions --------- Signed-off-by: Tiago Silva <tiago.silva@goteleport.com> Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com> * Refactor Kubernetes Exec sessions upgrade logic (#36325) * Refactor Kubernetes Exec sessions upgrade logic Signed-off-by: Tiago Silva <tiago.silva@goteleport.com> * handle code review suggestions * Update lib/kube/proxy/forwarder.go Co-authored-by: Anton Miniailo <anton@goteleport.com> * Update lib/kube/proxy/forwarder.go Co-authored-by: Anton Miniailo <anton@goteleport.com> * handle code review suggestions --------- Signed-off-by: Tiago Silva <tiago.silva@goteleport.com> Co-authored-by: Anton Miniailo <anton@goteleport.com> * Deduplicate yarn.lock (#36560) * Deduplicate yarn.lock * Fix types in ProgressBar * docs: updates to tsh connect your client (#36526) * docs: updates to tsh connect your client * remove extra dash * Add backend code for listing EKS clusters through AWS OIDC integration. (#36489) * Add backend code for listing EKS clusters through AWS OIDC integration. * Remove leftover commented code. Co-authored-by: Marco André Dinis <marco.dinis@goteleport.com> * Add godoc. * Remove unneeded intialization of a parameter. * Reduce nesting. * Rename ExtraLabels to JoinLabels. --------- Co-authored-by: Marco André Dinis <marco.dinis@goteleport.com> * Update devbox. (#36193) * Update AWS account ID used in `update-ami-ids` GHA workflow (#36556) PR #36153 updated the AWS account ID used for pulling AMIs, but the GHA workflow was not updated to use this updated AWS account ID. Ref #34282. * Fix accesslist `tctl` (#36531) * Support unmarshalling accesslists manifests wihtout next_audit_date * Support `tctl get access_lists` * Fix accesslist reference * accountrecovery.go: Unconditionally delete the token after use (#36527) A previous conditional was allowing a replay attack on the recovery process. Although discovery of this token is a high bar for an attacker, we should be able to unconditionally delete this token after it's used. * Add app gateways to Connect (#36393) * Allow creating app gateways in tshd * Add UI for document gateway app * Show apps in connections This is a copy & paste from other connection kinds. * Capture app protocol * Start app proxy when clicking on 'Connect' in app * Remove `removeAppGateway` * `appUri` -> `targetUri` * Add TCP and HTTP constants * Add CLI command for HTTP apps * Add `makeAppGateway` * Specify `handleChangePort` dependencies correctly * Remove `doc.gateway_app` and `connection.app`, instead differentiate gateways by URI * Correctly report protocol usage * Mention that AWS apps are supported in tsh * Rename constants and add godoc * Add a TODO comment about dialogs for connecting to unsupported apps * `onRun` -> `onButtonClick`, `runButtonText` -> `buttonText` * Show a notification after copying to clipboard * Make the message about unsupported gateways more precise * Revert mistakenly removed `document.targetUri` from `getResourceUri` * Remove 'Local app proxy' header * Post-merge fixes * Use proper component for the 'offline gateway' state * Support all gateway types in relogin UI * Fix JSdoc comment * Add a TODO comment about the docs link --------- Co-authored-by: Rafał Cieślak <rafal.cieslak@goteleport.com> * Allow configuration of Okta access list importing. (#36569) Configuration options for enabling/disabling Okta access list importing have been added. This defaults to false. This has been added to both to Okta plugin settings and the standalone Okta service. Co-authored-by: Trent Clarke <trent@goteleport.com> * Fix example mysql grant all command (#36519) Fixing example mysql grant all command, because current one fails with `ERROR 1102 (42000): Incorrect database name ' % '` because of extra spaces around `%` * lib/teleterm app access: Add middleware for handling expired certs (#36520) * Add middleware for app gateways * Accommodate for app gateways in integration tests The previous version of tests depended on receiving helpers.TeleInstance from higher up. It was then used to generate valid and expired user certs, as well as to get client.TeleportClient. proxy.Suite (Kube tests) and dbhelpers.DatabasePack (db tests) expose helpers.TeleInstance so it wasn't a problem. However, appaccess.Pack, which we're going to use for app access tests, does not expose it. To work around that, we introduce two new fields to gatewayCertRenewalParams, tc (which accepts client.TeleportClient) and generateAndSetupUserCreds. These two fields get rid of the dependency on helpers.TeleInstance. * Add integration tests for app gateways * Switch to the new account settings screen (#36525) * Migrate `RotateCertAuthority` to gRPC (#36536) * Add RotateCertAuthority to gRPC TrustService. * Add gRPC server implementation. * Move RotateRequest type to api/types. * Mark deprecated HTTP rotate endpoint for deletion. * Add client implemenation and HTTP fallback. * Update go-oidc to get final go-jose v2 -> v3 updates (#36514) * Update go-oidc to get final go-jose v2 updates This updates our replaced go-oidc fork to use a tag with go-jose updated to v3: gravitational/go-oidc#19 This update removes the final usage of v2, and fully addresses the GHSA-2c7c-3mj9-8fqh DoS. * Update gopkg.in/go-jose/go-jose.v2 to 2.6.2 to get p2c DoS fix * Add ClusterDropdown component (#36310) This replaces the current ClusterSelector in the TopBar and adds the functionality to ClusterDropdown component on relevant pages * fix: Verify MFA device locks during authentication (#36471) * Test authn and password change with a locked user * Verify MFA device locks during authentication * Configure a LockWatcher in the passwordSuite setup * Appease linter * Update Toggle component styles (#36535) * Reintroduces the changes in #33273 which were erroneously deleted in #33273 (#36538) * Route to server by public addr (#36584) This change fixes a bug where tsh ssh could not dial a node with its public address. * Add EKS Discover into web testplan. (#36578) * Remove unused static token endpoints. (#36545) * Ensure player finishes at 100% * Fix style for disabled progress bar * Remove unused file * fix import order --------- Signed-off-by: Tiago Silva <tiago.silva@goteleport.com> Co-authored-by: Isaiah Becker-Mayer <isaiah@goteleport.com> Co-authored-by: Andrew Burke <31974658+atburke@users.noreply.github.com> Co-authored-by: Brian Joerger <bjoerger@goteleport.com> Co-authored-by: Tiago Silva <tiago.silva@goteleport.com> Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com> Co-authored-by: Anton Miniailo <anton@goteleport.com> Co-authored-by: Rafał Cieślak <rafal.cieslak@goteleport.com> Co-authored-by: Steven Martin <steven@goteleport.com> Co-authored-by: Marco André Dinis <marco.dinis@goteleport.com> Co-authored-by: Michael Wilson <mike@mdwn.dev> Co-authored-by: Reed Loden <reed@goteleport.com> Co-authored-by: Hugo Shaka <hugo.hervieux@goteleport.com> Co-authored-by: Mike Jensen <jentfoo@users.noreply.github.com> Co-authored-by: Grzegorz Zdunek <gzdunek@users.noreply.github.com> Co-authored-by: Trent Clarke <trent@goteleport.com> Co-authored-by: Taras <9948629+taraspos@users.noreply.github.com> Co-authored-by: Bartosz Leper <bartosz.leper@goteleport.com> Co-authored-by: Michael <michael.myers@goteleport.com> Co-authored-by: Alan Parra <alan.parra@goteleport.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
changelog: fix
tctl get access_listand support creating Access Lists without a next audit date.This PR contains the following fixes:
tctlwill accept accesslist manifests without a next audit date (the API supports it since AccessLists: pick a next audit date if not specified #35795)tctl getnow supportsaccess_listresourcesfrenquencyfield that was ignored