Skip to content

[v17] Use second_factor in the v17 teleport-cluster chart#54735

Merged
espadolini merged 1 commit intobranch/v17from
espadolini/v17-second-factor-chart
May 13, 2025
Merged

[v17] Use second_factor in the v17 teleport-cluster chart#54735
espadolini merged 1 commit intobranch/v17from
espadolini/v17-second-factor-chart

Conversation

@espadolini
Copy link
Copy Markdown
Contributor

@espadolini espadolini commented May 12, 2025

Using the second_factors field in the cluster-auth-preference of a v17 cluster that still has v16 agents or clients can result in widespread problems due to our overly strict checks in (*AuthPreferenceV2).CheckAndSetDefaults. This PR reverts the change in default values in the teleport-cluster chart done in #53319, since the problem can be avoided just by not using the new field in favor of the old one.

This PR is straight for v17 since v18 will only have to deal with v17+ clients which will all support the new field correctly.

changelog: reverted the default behavior of the teleport-cluster Helm chart to use authentication.secondFactor rather than authentication.secondFactors to avoid incompatibility during upgrades

@espadolini espadolini requested review from Joerger and hugoShaka May 12, 2025 21:21
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 12, 2025
edited
Loading

Amplify deployment status

Branch Commit Job ID Status Preview Updated (UTC)
espadolini/v17-second-factor-chart HEAD 1 ✅SUCCEED espadolini-v17-second-factor-chart 2025-05-12 21:27:23

@hugoShaka
Copy link
Copy Markdown
Contributor

hugoShaka commented May 12, 2025
edited
Loading

Can we also update the teleport.yaml reference to say something like "DO NOT USE FEATURE UNTIL ALL YOUR AGENTS ARE v17 ELSE YOUR CLUSTER WILL EXPLODE" because not every user deploy with Helm.

@espadolini
Copy link
Copy Markdown
Contributor Author

espadolini commented May 12, 2025

Can we also update the teleport.yaml reference

@Joerger said he's gonna address the docs around second_factors more broadly.

@espadolini espadolini added this pull request to the merge queue May 13, 2025
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks May 13, 2025
@espadolini espadolini added this pull request to the merge queue May 13, 2025
Merged via the queue into branch/v17 with commit 6e55d11 May 13, 2025
42 checks passed
@espadolini espadolini deleted the espadolini/v17-second-factor-chart branch May 13, 2025 13:37
@Joerger Joerger mentioned this pull request May 16, 2025
Merged
@doggydogworld doggydogworld mentioned this pull request Jun 3, 2025
Merged
@BrewTestBot BrewTestBot mentioned this pull request Jun 5, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marcoandredinis marcoandredinis marcoandredinis approved these changes

@hugoShaka hugoShaka hugoShaka approved these changes

Assignees

No one assigned

Labels

documentation helm size/sm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@espadolini @hugoShaka @marcoandredinis