Skip to content

Reject unsupported clients by default#41239

Merged
rosstimothy merged 1 commit intomasterfrom
tross/reject_connections
May 13, 2024
Merged

Reject unsupported clients by default#41239
rosstimothy merged 1 commit intomasterfrom
tross/reject_connections

Conversation

@rosstimothy
Copy link
Copy Markdown
Contributor

@rosstimothy rosstimothy commented May 6, 2024

#38026 made rejecting client running unusupported major versions an opt-in behavior. Moving forward(v16 and beyond) this is now going to be an opt-out behavior(TELEPORT_UNSTABLE_ALLOW_OLD_CLIENTS=yes). In addition, a cluster alert is now being emitted once for the life of an Auth process if it rejects an unsupported client - with visibility limited to users with token:create permissions.

@rosstimothy rosstimothy added the no-changelog Indicates that a PR does not require a changelog entry label May 6, 2024
@rosstimothy rosstimothy force-pushed the tross/reject_connections branch 9 times, most recently from 940c969 to 1b6442e Compare May 7, 2024 15:14
@rosstimothy rosstimothy marked this pull request as ready for review May 7, 2024 16:15
@github-actions github-actions Bot requested review from camscale and ryanclark May 7, 2024 16:16
@rosstimothy
Copy link
Copy Markdown
Contributor Author

rosstimothy commented May 9, 2024

PTAL @camscale @ryanclark

camscale
camscale reviewed May 10, 2024
View reviewed changes
Comment thread lib/auth/middleware.go Outdated
Comment thread lib/auth/middleware.go Outdated
Comment thread lib/auth/middleware.go Outdated
camscale
camscale reviewed May 10, 2024
View reviewed changes
Comment thread lib/auth/middleware.go Outdated
@rosstimothy rosstimothy force-pushed the tross/reject_connections branch 3 times, most recently from 38221c0 to a030af3 Compare May 10, 2024 23:09
@rosstimothy rosstimothy requested a review from camscale May 10, 2024 23:14
@rosstimothy
Reject unsupported clients by default
0baf477 
#38026 made rejecting client running unusupported major versions an
opt-in behavior. Moving forward(v16 and beyond) this is now going
to be an opt-out behavior(TELEPORT_UNSTABLE_ALLOW_OLD_CLIENTS=yes).
In addition, a cluster alert is now being emitted once for the life
of an Auth process if it rejects an unsupported client - with
visibility limited to users with token:create permissions.
@rosstimothy rosstimothy force-pushed the tross/reject_connections branch from a030af3 to 0baf477 Compare May 13, 2024 12:26
@rosstimothy rosstimothy added this pull request to the merge queue May 13, 2024
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks May 13, 2024
@rosstimothy rosstimothy added this pull request to the merge queue May 13, 2024
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks May 13, 2024
@rosstimothy rosstimothy added this pull request to the merge queue May 13, 2024
Merged via the queue into master with commit ffa3dba May 13, 2024
@rosstimothy rosstimothy deleted the tross/reject_connections branch May 13, 2024 13:26
@rosstimothy rosstimothy mentioned this pull request Jun 9, 2024
Closed
@rosstimothy rosstimothy mentioned this pull request Mar 12, 2026
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ryanclark ryanclark ryanclark approved these changes

@camscale camscale camscale approved these changes

Assignees

No one assigned

Labels

no-changelog Indicates that a PR does not require a changelog entry size/sm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rosstimothy @ryanclark @camscale