Skip to content

[v16] Backport Secrets scanner #44799

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tigrato merged 26 commits into from
Aug 13, 2024
Merged

[v16] Backport Secrets scanner #44799

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
df768bd
Add the device assertion protos (#43804)
codingllama Jul 5, 2024
2988021
Add a client-side API to assert devices (#43890)
codingllama Jul 10, 2024
3ef73ba
Define server-side device assertion interfaces (#44036)
codingllama Jul 11, 2024
986419a
[sec_scan][1] Add `teleport.access_graph.v1.SecretsScannerService` (#…
tigrato Jul 9, 2024
f95e4d8
[sec_scan][2] expose `ssh_scan_enabled` in `AccessGraphConfig` respon…
tigrato Jul 9, 2024
e60ed86
[sec_scan][3] add `PrivateKey`, `AuthorizedKey` and `Device` to Acces…
tigrato Jul 9, 2024
e1912f0
fix: fix `nextKey` values when using multiple prefixes (#43486)
tigrato Jul 9, 2024
63d25ee
[sec_scan][5] add secrets backend service (#43543)
tigrato Jul 11, 2024
2874ca5
[sec_scan][6] add device events (#43905)
tigrato Jul 11, 2024
bf86094
[sec_scan][7] add authorizedKeys and privateKeys events support (#43906)
tigrato Jul 11, 2024
559020c
[sec_scan][9] add `access_graph_settings` protobuf (#44010)
tigrato Jul 11, 2024
0c0ea0d
[sec_scan][10] add `AccessGraphSettingsUpdate` audit event (#44011)
tigrato Jul 12, 2024
58161ff
[sec_scan][11] add `AccessGraphSettings` backend service (#44014)
tigrato Jul 17, 2024
b266260
[sec_scan][12] add cache and events support for `AccessGraphSettings`…
tigrato Jul 17, 2024
72018c9
[sec_scan][13] add `AccessGraphSettings` gRPC implementation (#44021)
tigrato Jul 19, 2024
fe41289
[sec_scan][14] create `AccessGraphSettings` on first auth init (#44032)
tigrato Jul 22, 2024
57ed57d
[sec_scan][15] add support for edits to `AccessGraphSettings` via `tc…
tigrato Jul 23, 2024
a42ee9e
[sec_scan][16] add methods to store/retrieve device assertion functio…
tigrato Jul 15, 2024
5353c6b
[sec_scan][17] add `AssertDevice` to `FakeDeviceService` (#44159)
tigrato Jul 15, 2024
a1f4041
[sec_scan][20] add `ReportSecrets` forwarder to proxy's gRPC insecure…
tigrato Jul 18, 2024
1ea66fe
[sec_scan][19] add `tsh scan keys` implementation (#44220)
tigrato Jul 25, 2024
22b6489
[sec_scan][22] add authorized keys reporter (#44523)
tigrato Jul 29, 2024
1028828
[sec_scan][24] extract AuthorizedKey's comment and type (#44643)
tigrato Jul 29, 2024
16e8f68
fix api module
tigrato Jul 30, 2024
1ef60c9
[sec_scan][27] add support for LDAP users and macOS (#45109)
tigrato Aug 7, 2024
88399d1
Merge branch 'branch/v16' into tigrato/sec-scan-v16
tigrato Aug 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions api/client/events.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import (

"github.com/gravitational/teleport/api/client/proto"
accessmonitoringrulesv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/accessmonitoringrules/v1"
clusterconfigpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/clusterconfig/v1"
crownjewelv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/crownjewel/v1"
dbobjectv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/dbobject/v1"
kubewaitingcontainerpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/kubewaitingcontainer/v1"
Expand Down Expand Up @@ -80,6 +81,10 @@ func EventToGRPC(in types.Event) (*proto.Event, error) {
out.Resource = &proto.Event_DatabaseObject{
DatabaseObject: r,
}
case *clusterconfigpb.AccessGraphSettings:
out.Resource = &proto.Event_AccessGraphSettings{
AccessGraphSettings: r,
}
default:
return nil, trace.BadParameter("resource type %T is not supported", r)
}
Expand Down Expand Up @@ -511,6 +516,9 @@ func EventFromGRPC(in *proto.Event) (*types.Event, error) {
} else if r := in.GetDatabaseObject(); r != nil {
out.Resource = types.Resource153ToLegacy(r)
return &out, nil
} else if r := in.GetAccessGraphSettings(); r != nil {
out.Resource = types.Resource153ToLegacy(r)
return &out, nil
} else {
return nil, trace.BadParameter("received unsupported resource %T", in.Resource)
}
Expand Down
583 changes: 306 additions & 277 deletions api/client/proto/event.pb.go
View file
Open in desktop

Large diffs are not rendered by default.

331 changes: 331 additions & 0 deletions api/gen/proto/go/teleport/accessgraph/v1/authorized_key.pb.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading