Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enforce strict teleport.yaml validation #6520

Merged
merged 3 commits into from
Apr 21, 2021
Merged

Enforce strict teleport.yaml validation #6520

merged 3 commits into from
Apr 21, 2021

Conversation

awly
Copy link
Contributor

@awly awly commented Apr 20, 2021
edited
Loading

Strict validation was added in warning mode in
#5057 and released in 6.0.

For 7.0, we can drop the legacy custom validation logic, with the
assumption that all bad configs were migrated.

Fixes #5056
Fixes #5559

@webvictim
Copy link
Contributor

IMHO we shouldn't merge this without adding support for teleport configure --check as described in #5559.

It's quite likely that many users have errors in their Teleport configs and have just never realised despite us showing a warning. At DEBUG level, the console warning scrolls past within a few seconds (despite the deliberate sleep) and if you view logs with journalctl -u teleport while configuring Teleport, all the logs tend to blend together. Merging this is likely to break configs which currently function despite the errors and increase support load. It may also lock people out of remote nodes until they fix their configs, requiring a backdoor for entry. With a teleport configure --check, people could validate their configs out of band without needing to restart Teleport.

Andrew Lytvynov added 2 commits April 21, 2021 13:50
Enforce strict teleport.yaml validation
06eaa26 
Strict validation was added in warning mode in
#5057 and released in 6.0.

For 7.0, we can drop the legacy custom validation logic, with the
assumption that all bad configs were migrated.
Implement 'teleport configure --test' command
3b3246f 
This command tests an existing config for errors.
@awly awly force-pushed the andrew/strict-config-validation branch from 1b72a86 to 3b3246f Compare April 21, 2021 20:50
@awly
Copy link
Contributor Author

awly commented Apr 21, 2021

@webvictim done
@klizhentas PTAL

@awly awly requested a review from klizhentas April 21, 2021 20:50
@awly awly added the ux label Apr 21, 2021
webvictim
webvictim approved these changes Apr 21, 2021
View reviewed changes
Copy link
Contributor

@webvictim webvictim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested, works great. Thanks!

@awly awly enabled auto-merge (squash) April 21, 2021 21:57
@awly awly merged commit 13eb433 into master Apr 21, 2021
@awly awly deleted the andrew/strict-config-validation branch April 21, 2021 22:10
@kimlisa kimlisa mentioned this pull request Apr 22, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@klizhentas klizhentas klizhentas approved these changes

@webvictim webvictim webvictim approved these changes

@andrejtokarcik andrejtokarcik Awaiting requested review from andrejtokarcik

@r0mant r0mant Awaiting requested review from r0mant

@russjones russjones Awaiting requested review from russjones

Assignees
No one assigned
Labels
ux
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Improve teleport configure subcommand Tighten teleport.yaml validation
3 participants
@awly @webvictim @klizhentas