feat: Support multiple active CAs in Web exports#51301
Merged
codingllama merged 7 commits intomasterfrom Jan 23, 2025
Merged
Conversation
codingllama
added
the
no-changelog
Contributor
Author
Contributor
Author
|
The PR is smaller than it seems, as there's a big move from the larger apiserver{,_test}.go files to ca_export{,_test}.go files. Because of that I suggest reviewing commit-by-commit. |
Contributor
Author
|
Takes inspiration from Gavin's #35754, although it has my own spin on it. |
Collaborator
|
Do we have a way to put multiple DER-encoded certs in the zip file for windows, or will the zip always use PEM? The use case that led to this issue was exporting the windows CA when using HSMs. In order to import the CA on the windows side it needs to be DER. |
Contributor
Author
I used type=tls-user as an example, but it works the same for type=windows - you'd get the same zip as a result, but the underlying .cer files are DER and not PEM. |
Contributor
Author
|
Friendly ping @mvbrock @probakowski @GavinFrazar. |
codingllama
force-pushed
the
codingllama/export-all-web
branch
from
806d6b6 to
e2f08d1
Compare
Contributor
Author
|
Rebased onto master, no changes. |
zmb3
approved these changes
Jan 22, 2025
Contributor
Author
|
Thanks, Zac! |
codingllama
force-pushed
the
codingllama/export-all-web
branch
from
ccec73a to
9e1b309
Compare
Contributor
Author
Contributor
Author
|
Friendly ping @mvbrock @probakowski @GavinFrazar ? |
probakowski
approved these changes
Jan 23, 2025
public-teleport-github-review-bot
Bot
removed request for
GavinFrazar and
mvbrock
|
@codingllama See the table below for backport results.
|
codingllama
added a commit
that referenced
this pull request
Jan 23, 2025
* Move /auth/export code to own file * Implement "/auth/export?format=zip" * Refactor existing tests * Test format=zip * Fix comment * Use bytes.NewReader * Remove lib/client.ExportAuthorities
codingllama
added a commit
that referenced
this pull request
Jan 23, 2025
* Move /auth/export code to own file * Implement "/auth/export?format=zip" * Refactor existing tests * Test format=zip * Fix comment * Use bytes.NewReader * Remove lib/client.ExportAuthorities
codingllama
added a commit
that referenced
this pull request
Jan 23, 2025
* Move /auth/export code to own file * Implement "/auth/export?format=zip" * Refactor existing tests * Test format=zip * Fix comment * Use bytes.NewReader * Remove lib/client.ExportAuthorities
codingllama
added a commit
that referenced
this pull request
Jan 23, 2025
* Move /auth/export code to own file * Implement "/auth/export?format=zip" * Refactor existing tests * Test format=zip * Fix comment * Use bytes.NewReader * Remove lib/client.ExportAuthorities
zmb3
added a commit
that referenced
this pull request
Jan 27, 2025
Now that #51301 is merged, we have the ability to get all of the active user CA certificates.
zmb3
added a commit
that referenced
this pull request
Jan 29, 2025
Now that #51301 is merged, we have the ability to get all of the active user CA certificates.
zmb3
added a commit
that referenced
this pull request
Jan 29, 2025
Now that #51301 is merged, we have the ability to get all of the active user CA certificates.
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Jan 29, 2025
Now that #51301 is merged, we have the ability to get all of the active user CA certificates.
github-actions Bot
pushed a commit
that referenced
this pull request
Jan 29, 2025
Now that #51301 is merged, we have the ability to get all of the active user CA certificates.
zmb3
added a commit
that referenced
this pull request
Jan 30, 2025
Now that #51301 is merged, we have the ability to get all of the active user CA certificates.
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Jan 30, 2025
Now that #51301 is merged, we have the ability to get all of the active user CA certificates.
carloscastrojumo
pushed a commit
to carloscastrojumo/teleport
that referenced
this pull request
Feb 19, 2025
* Move /auth/export code to own file * Implement "/auth/export?format=zip" * Refactor existing tests * Test format=zip * Fix comment * Use bytes.NewReader * Remove lib/client.ExportAuthorities
carloscastrojumo
pushed a commit
to carloscastrojumo/teleport
that referenced
this pull request
Feb 19, 2025
Now that gravitational#51301 is merged, we have the ability to get all of the active user CA certificates.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add support for exporting multiple active CAs via the "format=zip" param.
Error before this PR:
After this PR:
If format=zip is supplied (for example, "/auth/export?type=tls-user&format=zip") then a zip file called "Teleport_CA.zip" is returned as an attachment. The file contains various "ca$i.cer" files, one for each exported CA, in whatever format it would have as a single-file export.
Follow up from #51189. Sibling PR to #51298.
#35444
Changelog: Added support for multiple active CAs in the /auth/export endpoint