Skip to content

fix: prevent tctl edit overwriting static file config#48329

Merged
nklaassen merged 1 commit intomasterfrom
nklaassen/tctl-edit-file-config
Nov 4, 2024
Merged

fix: prevent tctl edit overwriting static file config#48329
nklaassen merged 1 commit intomasterfrom
nklaassen/tctl-edit-file-config

Conversation

@nklaassen
Copy link
Copy Markdown
Contributor

@nklaassen nklaassen commented Nov 1, 2024

tctl create -f prevents overwriting the cluster_auth_preference, cluster_networking_config, or session_recording_config if their configuration is coming from a static config file. Any dynamic edits made to these resources would be overwritten the next time the auth server restarts, so a user trying to edit them using tctl is usually making a mistake. tctl create prevents this mistake unless the user explicitly passes --confirm which might be useful in some break-glass scenarios.

But unfortunately tctl edit does nothing to prevent edits to these resources and I have confused myself many times when my config later gets overwritten after a successful tctl edit. This PR updates tctl edit to do the same check and require the --confirm flag to edit any resources configured statically.

changelog: Added a warning to tctl edit about dynamic edits to statically configured resources

@nklaassen nklaassen requested a review from zmb3 November 1, 2024 22:50
@github-actions github-actions Bot added size/sm tctl tctl - Teleport admin tool labels Nov 1, 2024
@aws-amplify-us-west-2
Copy link
Copy Markdown

aws-amplify-us-west-2 Bot commented Nov 1, 2024

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-48329.d3pp5qlev8mo18.amplifyapp.com

@nklaassen nklaassen enabled auto-merge November 4, 2024 15:23
@nklaassen nklaassen added no-changelog Indicates that a PR does not require a changelog entry and removed no-changelog Indicates that a PR does not require a changelog entry labels Nov 4, 2024
@nklaassen nklaassen added this pull request to the merge queue Nov 4, 2024
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Nov 4, 2024
@nklaassen nklaassen added this pull request to the merge queue Nov 4, 2024
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Nov 4, 2024
@nklaassen nklaassen added this pull request to the merge queue Nov 4, 2024
Merged via the queue into master with commit 9c8d93e Nov 4, 2024
@nklaassen nklaassen deleted the nklaassen/tctl-edit-file-config branch November 4, 2024 19:29
@public-teleport-github-review-bot
Copy link
Copy Markdown

public-teleport-github-review-bot Bot commented Nov 4, 2024

@nklaassen See the table below for backport results.

Branch Result
branch/v14 Failed
branch/v15 Create PR
branch/v16 Create PR
branch/v17 Create PR

This was referenced Nov 4, 2024
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marcoandredinis marcoandredinis marcoandredinis approved these changes

@zmb3 zmb3 zmb3 approved these changes

Assignees

No one assigned

Labels

backport/branch/v17 size/sm tctl tctl - Teleport admin tool

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nklaassen @marcoandredinis @zmb3