self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-22 10:13:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixes App Icon download and copy for Plugins. [docs] (#4242)

Browse source 
Co-authored-by: Gus Luxton <gus@gravitational.com>
This commit is contained in:
Ben Arent 2020-08-26 07:50:21 -07:00 committed by GitHub
parent 3d5831bff5
commit 68748dea7a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 15 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
docs/4.3/architecture/authentication.md
View file

@ -226,9 +226,9 @@ back-ends as shown in the table below:
Data Type | Supported Back-ends | Notes
-----------------|---------------------------|---------
Cluster state | `dir`, `etcd`, `dynamodb` | Multi-server (HA) configuration is only supported using `etcd` and `dynamodb` back-ends.
Audit Log Events | `dir`, `dynamodb` | If `dynamodb` is used for the audit log events, `s3` back-end **must** be used for the recorded sessions.
Recorded Sessions| `dir`, `s3` | `s3` is mandatory if `dynamodb` is used for the audit log.
Cluster state | `dir`, `etcd`, `dynamodb`,`firestore` | Multi-server (HA) configuration is only supported using `etcd`, `dynamodb`, and `firestore` back-ends.
Audit Log Events | `dir`, `dynamodb`, `firestore` | If `dynamodb` is used for the audit log events, `s3` back-end **must** be used for the recorded sessions.
Recorded Sessions| `dir`, `s3` | `s3` is mandatory if `dynamodb` is used for the audit log. For Google Cloud storage use `audit_sessions_uri: 'gs://`
!!! tip "Note"

2
docs/4.3/enterprise/workflow/ssh_approval_jira_cloud.md
View file

@ -54,7 +54,7 @@ $ tctl auth sign --format=tls --user=access-plugin --out=auth --ttl=8760h
# ...
```
The above sequence should result in three PEM encoded files being generated: auth.crt, auth.key, and auth.cas (certificate, private key, and CA certs respectively). We'll reference these later when [configuring Teleport-Plugins](#configuration-file).
The above sequence should result in three PEM encoded files being generated: auth.crt, auth.key, and auth.cas (certificate, private key, and CA certs respectively). We'll reference the auth.crt, auth.key, and auth.cas files later when [configuring the plugins](#configuration-file).
!!! note "Certificate Lifetime"
By default, [`tctl auth sign`](https://gravitational.com/teleport/docs/cli-docs/#tctl-auth-sign) produces certificates with a relatively short lifetime. For production deployments, the `--ttl` flag can be used to ensure a more practical certificate lifetime. `--ttl=8760h` exports a 1 year token

2
docs/4.3/enterprise/workflow/ssh_approval_jira_server.md
View file

@ -62,7 +62,7 @@ $ tctl auth sign --format=tls --user=access-plugin-jira --out=auth --ttl=8760h
# ...
```
The above sequence should result in three PEM encoded files being generated: auth.crt, auth.key, and auth.cas (certificate, private key, and CA certs respectively). We'll reference these later when [configuring Teleport-Plugins](#configuration-file).
The above sequence should result in three PEM encoded files being generated: auth.crt, auth.key, and auth.cas (certificate, private key, and CA certs respectively). We'll reference the auth.crt, auth.key, and auth.cas files later when [configuring the plugins](#configuration-file).
!!! note "Certificate Lifetime"
By default, [`tctl auth sign`](https://gravitational.com/teleport/docs/cli-docs/#tctl-auth-sign) produces certificates with a relatively short lifetime. For production deployments, the `--ttl` flag can be used to ensure a more practical certificate lifetime. `--ttl=8760h` exports a 1 year token

7
docs/4.3/enterprise/workflow/ssh_approval_mattermost.md
View file

@ -20,7 +20,6 @@ using [Mattermost](https://mattermost.com/) an open source messaging platform.
Your browser does not support the video tag.
</video>
## Setup
### Prerequisites
This guide assumes that you have:
@ -40,13 +39,13 @@ Go back to your team, then Integrations → Bot Accounts → Add Bot Account.
The new bot account will need Post All permission.
<a href="/img/enterprise/plugins/teleport_bot@2x.png" download>Download Teleport Bot Icon</a>
**App Icon:** <a href="https://gravitational.com/teleport/docs/img/enterprise/plugins/teleport_bot@2x.png" download>Download Teleport Bot Icon</a>
![Enable Mattermost Bots](../../img/enterprise/plugins/mattermost/mattermost_bot.png)
##### Create an OAuth 2.0 Application
In Mattermost, go to System Console → Integrations → OAuth 2.0 Applications.
- Set Callback URLs to the location of your Teleport Proxy
![Create OAuth Application](../../img/enterprise/plugins/mattermost/mattermost_OAuth_token.png)
@ -96,7 +95,7 @@ $ tctl auth sign --format=tls --user=access-plugin-mattermost --out=auth --ttl=8
# ...
```
The above sequence should result in three PEM encoded files being generated: auth.crt, auth.key, and auth.cas (certificate, private key, and CA certs respectively). We'll reference these later when [configuring Teleport-Plugins](#configuring-mattermost-bot).
The above sequence should result in three PEM encoded files being generated: auth.crt, auth.key, and auth.cas (certificate, private key, and CA certs respectively). We'll reference the auth.crt, auth.key, and auth.cas files later when [configuring the plugins](#configuring-mattermost-bot).
!!! note "Certificate Lifetime"
By default, [`tctl auth sign`](https://gravitational.com/teleport/docs/cli-docs/#tctl-auth-sign) produces certificates with a relatively short lifetime. For production deployments, the `--ttl` flag can be used to ensure a more practical certificate lifetime. `--ttl=8760h` exports a 1 year token

2
docs/4.3/enterprise/workflow/ssh_approval_pagerduty.md
View file

@ -56,7 +56,7 @@ $ tctl auth sign --format=tls --user=access-plugin-pagerduty --out=auth --ttl=87
# ...
```
The above sequence should result in three PEM encoded files being generated: auth.crt, auth.key, and auth.cas (certificate, private key, and CA certs respectively). We'll reference these later when [configuring Teleport-Plugins](#editing-the-config-file).
The above sequence should result in three PEM encoded files being generated: auth.crt, auth.key, and auth.cas (certificate, private key, and CA certs respectively). We'll reference the auth.crt, auth.key, and auth.cas files later when [configuring the plugins](#editing-the-config-file).
!!! note "Certificate Lifetime"
By default, [`tctl auth sign`](https://gravitational.com/teleport/docs/cli-docs/#tctl-auth-sign) produces certificates with a relatively short lifetime. For production deployments, the `--ttl` flag can be used to ensure a more practical certificate lifetime. `--ttl=8760h` exports a 1 year token

17
docs/4.3/enterprise/workflow/ssh_approval_slack.md
View file

@ -67,7 +67,9 @@ Teleport Plugin use the `access-plugin-slack` role and user to perform the appro
$ tctl auth sign --format=tls --user=access-plugin-slack --out=auth --ttl=8760h
# ...
```
The above sequence should result in three PEM encoded files being generated: auth.crt, auth.key, and auth.cas (certificate, private key, and CA certs respectively). We'll reference these later when [configuring Teleport-Plugins](#configuring-teleport-slack).
The above sequence should result in three PEM encoded files being generated: auth.crt, auth.key, and auth.cas (certificate, private key, and CA certs respectively). We'll reference the auth.crt, auth.key, and auth.cas files later when [configuring the plugins](#configuring-teleport-slack).
!!! note "Certificate Lifetime"
By default, [`tctl auth sign`](https://gravitational.com/teleport/docs/cli-docs/#tctl-auth-sign) produces certificates with a relatively short lifetime. For production deployments, the `--ttl` flag can be used to ensure a more practical certificate lifetime. `--ttl=8760h` exports a 1 year token
@ -88,9 +90,8 @@ You'll need to:
Visit [https://api.slack.com/apps](https://api.slack.com/apps) to create a new Slack App.
**App Name:** Teleport<br>
**Development Slack Workspace:** Pick the workspace you'd like the requests to show up in.
<a href="/img/enterprise/plugins/teleport_bot@2x.png" download>Download Teleport Bot Icon</a>
**Development Slack Workspace:** Pick the workspace you'd like the requests to show up in. </br>
**App Icon:** <a href="https://gravitational.com/teleport/docs/img/enterprise/plugins/teleport_bot@2x.png" download>Download Teleport Bot Icon</a>
![Create Slack App](../../img/enterprise/plugins/slack/Create-a-Slack-App.png)
@ -107,8 +108,6 @@ On the App screen, go to “OAuth and Permissions” under Features in the sideb
![API Scopes](../../img/enterprise/plugins/slack/api-scopes.png)
#### Obtain OAuth Token
![OAuth Tokens](../../img/enterprise/plugins/slack/OAuth.png)
@ -196,7 +195,7 @@ You can create a test permissions request with `tctl` and check if the plugin wo
#### Create a test permissions request behalf of a user.
```bash
# Replace USERNAME with a local user, and TARGET_ROLE with a Teleport Role
# Replace USERNAME with a Teleport local user, and TARGET_ROLE with a Teleport Role
$ tctl request create USERNAME --roles=TARGET_ROLE
```
A user can also try using `--request-roles` flag.
@ -205,10 +204,6 @@ A user can also try using `--request-roles` flag.
$ tsh login --request-roles=dba
```
#### Check that you see a request message on Slack
It should look like this: TODO
#### Approve or deny the request on Slack
The messages should automatically get updated to reflect the action you just clicked. You can also check the request status with `tctl`: