Adding automatic migration path for existing static host users#46804
Merged
Adding automatic migration path for existing static host users#46804
Conversation
eriktate
commented
Sep 20, 2024
| Shell string | ||
| // TakeOwnership determines whether or not an existing user should be | ||
| // taken over by teleport | ||
| TakeOwnership bool |
Contributor
Author
There was a problem hiding this comment.
I think we should eventually support this on the role spec as well and consider removing the implicit migration when teleport-keep is present in a role's host_groups.
Contributor
There was a problem hiding this comment.
For the moment does this only apply to static host users? If so, let's note that in the comment for this field to set expectations.
eriktate
force-pushed
the
eriktate/add-static-host-user-migration
branch
from
de90e7d to
ed73366
Compare
rosstimothy
approved these changes
Sep 20, 2024
Contributor
rosstimothy
left a comment
rosstimothy
left a comment
There was a problem hiding this comment.
Please remember to follow up with a docs PR so that this feature is discoverable by users.
| Shell string | ||
| // TakeOwnership determines whether or not an existing user should be | ||
| // taken over by teleport | ||
| TakeOwnership bool |
Contributor
There was a problem hiding this comment.
For the moment does this only apply to static host users? If so, let's note that in the comment for this field to set expectations.
eriktate
force-pushed
the
eriktate/add-static-host-user-migration
branch
from
ed73366 to
8095db5
Compare
atburke
approved these changes
Sep 20, 2024
public-teleport-github-review-bot
Bot
removed request for
avatus and
rudream
eriktate
force-pushed
the
eriktate/add-static-host-user-migration
branch
from
8095db5 to
b99fa8e
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #46803
Adding
take_ownership_if_user_existsflag to static host user resource to allow for automatic migration/import of unmanaged users with colliding names. When set totrue, host user creation will add theteleport-staticgroup to the existing user along with any groups defined on the SHU resource.changelog: Added a new flag to static host users spec that allows teleport to automatically take ownership across matching hosts of any users with the same name as the static host user.