From 6b5eb60096e1b25d4c030ddf941b293dae4c3f68 Mon Sep 17 00:00:00 2001 From: Isaiah Becker-Mayer Date: Tue, 5 Jul 2022 12:32:02 -0400 Subject: [PATCH] Adds directory sharing flag to the ACL, protected by a config variable --- packages/teleport/src/Main/fixtures/index.ts | 1 + packages/teleport/src/config.ts | 2 ++ packages/teleport/src/services/user/makeAcl.ts | 8 ++++++++ packages/teleport/src/services/user/types.ts | 1 + packages/teleport/src/services/user/user.test.ts | 1 + 5 files changed, 13 insertions(+) diff --git a/packages/teleport/src/Main/fixtures/index.ts b/packages/teleport/src/Main/fixtures/index.ts index eaa3e8f50..372155720 100644 --- a/packages/teleport/src/Main/fixtures/index.ts +++ b/packages/teleport/src/Main/fixtures/index.ts @@ -44,6 +44,7 @@ export const fullAcl: Acl = { nodes: fullAccess, clipboardSharingEnabled: true, desktopSessionRecordingEnabled: true, + directorySharingEnabled: true, }; export const userContext = makeUserContext({ diff --git a/packages/teleport/src/config.ts b/packages/teleport/src/config.ts index 0e3bc5e52..4f359fd18 100644 --- a/packages/teleport/src/config.ts +++ b/packages/teleport/src/config.ts @@ -28,6 +28,8 @@ import { RecordingType } from 'teleport/services/recordings'; import generateResourcePath from './generateResourcePath'; const cfg = { + // TODO(isaiah): remove after feature is finished. + enableDirectorySharing: false, // note to reviewers: should be false in any PRs. isEnterprise: false, isCloud: false, tunnelPublicAddress: '', diff --git a/packages/teleport/src/services/user/makeAcl.ts b/packages/teleport/src/services/user/makeAcl.ts index 291c377d9..91a6f46aa 100644 --- a/packages/teleport/src/services/user/makeAcl.ts +++ b/packages/teleport/src/services/user/makeAcl.ts @@ -15,6 +15,7 @@ limitations under the License. */ import { Acl } from './types'; +import cfg from 'teleport/config'; export default function makeAcl(json): Acl { json = json || {}; @@ -43,6 +44,12 @@ export default function makeAcl(json): Acl { json.desktopSessionRecording !== undefined ? json.desktopSessionRecording : true; + // Behaves like clipboardSharingEnabled, see + // https://github.com/gravitational/teleport/pull/12684#issue-1237830087 + const directorySharingEnabled = + (json.directorySharing !== undefined ? json.directorySharing : true) && + cfg.enableDirectorySharing; + const nodes = json.nodes || defaultAccess; return { @@ -64,6 +71,7 @@ export default function makeAcl(json): Acl { clipboardSharingEnabled, desktopSessionRecordingEnabled, nodes, + directorySharingEnabled, }; } diff --git a/packages/teleport/src/services/user/types.ts b/packages/teleport/src/services/user/types.ts index 96bf6d70e..52ca12e28 100644 --- a/packages/teleport/src/services/user/types.ts +++ b/packages/teleport/src/services/user/types.ts @@ -46,6 +46,7 @@ export interface Access { } export interface Acl { + directorySharingEnabled: boolean; desktopSessionRecordingEnabled: boolean; clipboardSharingEnabled: boolean; windowsLogins: string[]; diff --git a/packages/teleport/src/services/user/user.test.ts b/packages/teleport/src/services/user/user.test.ts index a1c74b341..0702eed75 100644 --- a/packages/teleport/src/services/user/user.test.ts +++ b/packages/teleport/src/services/user/user.test.ts @@ -157,6 +157,7 @@ test('undefined values in context response gives proper default values', async ( }, clipboardSharingEnabled: true, desktopSessionRecordingEnabled: true, + directorySharingEnabled: false, }, cluster: { clusterId: 'aws',