mirror of
https://github.com/gravitational/teleport
synced 2024-10-21 09:44:51 +00:00
Create a partial for Event Handler role/user (#24279)
Fixes #22243 This way, we can include consistent instructions across the Event Handler guides, and users won't see `role not found` errors.
This commit is contained in:
parent
76ac319dfe
commit
dd0fab05f2
32
docs/pages/includes/plugins/event-handler-role-user.mdx
Normal file
32
docs/pages/includes/plugins/event-handler-role-user.mdx
Normal file
|
@ -0,0 +1,32 @@
|
|||
The `teleport-event-handler configure` command generated a file called
|
||||
`teleport-event-handler-role.yaml`. This file defines a `teleport-event-handler`
|
||||
role and a user with read-only access to the `event` API:
|
||||
|
||||
```yaml
|
||||
kind: role
|
||||
metadata:
|
||||
name: teleport-event-handler
|
||||
spec:
|
||||
allow:
|
||||
rules:
|
||||
- resources: ['event', 'session']
|
||||
verbs: ['list','read']
|
||||
version: v5
|
||||
---
|
||||
kind: user
|
||||
metadata:
|
||||
name: teleport-event-handler
|
||||
spec:
|
||||
roles: ['teleport-event-handler']
|
||||
version: v2
|
||||
```
|
||||
|
||||
Move this file to your workstation (or recreate it by pasting the snippet above)
|
||||
and use `tctl` on your workstation to create the role and the user:
|
||||
|
||||
```code
|
||||
$ tctl create -f teleport-event-handler-role.yaml
|
||||
# user "teleport-event-handler" has been created
|
||||
# role 'teleport-event-handler' has been created
|
||||
```
|
||||
|
|
@ -78,36 +78,7 @@ from Teleport's events API, and forwards them to Fluentd.
|
|||
|
||||
## Step 3/6. Create a user and role for reading audit events
|
||||
|
||||
The `configure` command generates a file called `teleport-event-handler-role.yaml`
|
||||
that defines a `teleport-event-handler` role and a user with read-only access
|
||||
to the `event` API:
|
||||
|
||||
```yaml
|
||||
kind: role
|
||||
metadata:
|
||||
name: teleport-event-handler
|
||||
spec:
|
||||
allow:
|
||||
rules:
|
||||
- resources: ['event']
|
||||
verbs: ['list','read']
|
||||
version: v5
|
||||
---
|
||||
kind: user
|
||||
metadata:
|
||||
name: teleport-event-handler
|
||||
spec:
|
||||
roles: ['teleport-event-handler']
|
||||
version: v2
|
||||
```
|
||||
|
||||
Use `tctl` to create the role and the user:
|
||||
|
||||
```code
|
||||
$ tctl create -f teleport-event-handler-role.yaml
|
||||
# user "teleport-event-handler" has been created
|
||||
# role 'teleport-event-handler' has been created
|
||||
```
|
||||
(!docs/pages/includes/plugins/event-handler-role-user.mdx!)
|
||||
|
||||
## Step 4/6. Create teleport-event-handler credentials
|
||||
|
||||
|
|
|
@ -57,36 +57,7 @@ We'll re-purpose the files generated for Fluentd in our Logstash configuration.
|
|||
|
||||
### Define RBAC resources
|
||||
|
||||
The `teleport-event-handler configure` command generated a file called
|
||||
`teleport-event-handler-role.yaml`. This file defines a `teleport-event-handler`
|
||||
role and a user with read-only access to the `event` API:
|
||||
|
||||
```yaml
|
||||
kind: role
|
||||
metadata:
|
||||
name: teleport-event-handler
|
||||
spec:
|
||||
allow:
|
||||
rules:
|
||||
- resources: ['event', 'session']
|
||||
verbs: ['list','read']
|
||||
version: v5
|
||||
---
|
||||
kind: user
|
||||
metadata:
|
||||
name: teleport-event-handler
|
||||
spec:
|
||||
roles: ['teleport-event-handler']
|
||||
version: v2
|
||||
```
|
||||
|
||||
Use `tctl` to create the role and the user:
|
||||
|
||||
```code
|
||||
$ tctl create -f teleport-event-handler-role.yaml
|
||||
# user "teleport-event-handler" has been created
|
||||
# role 'teleport-event-handler' has been created
|
||||
```
|
||||
(!docs/pages/includes/plugins/event-handler-role-user.mdx!)
|
||||
|
||||
<Details title="Using tctl on the Logstash host?">
|
||||
|
||||
|
|
|
@ -72,36 +72,7 @@ key from the same certificate authority for the Teleport Event Handler to use.
|
|||
|
||||
## Step 3/6. Create a user and role for reading audit events
|
||||
|
||||
The `configure` command generates a file called `teleport-event-handler-role.yaml`
|
||||
that defines a `teleport-event-handler` role and a user with read-only access to
|
||||
the `event` API:
|
||||
|
||||
```yaml
|
||||
kind: user
|
||||
metadata:
|
||||
name: teleport-event-handler
|
||||
spec:
|
||||
roles: ['teleport-event-handler']
|
||||
version: v2
|
||||
---
|
||||
kind: role
|
||||
metadata:
|
||||
name: teleport-event-handler
|
||||
spec:
|
||||
allow:
|
||||
rules:
|
||||
- resources: ['event']
|
||||
verbs: ['list','read']
|
||||
version: v5
|
||||
```
|
||||
|
||||
Use `tctl` to create the role and the user:
|
||||
|
||||
```code
|
||||
$ tctl create -f teleport-event-handler-role.yaml
|
||||
user 'teleport-event-handler' has been created
|
||||
role 'teleport-event-handler' has been created
|
||||
```
|
||||
(!docs/pages/includes/plugins/event-handler-role-user.mdx!)
|
||||
|
||||
## Step 4/6. Create teleport-event-handler credentials
|
||||
|
||||
|
|
|
@ -65,37 +65,7 @@ We'll re-purpose the files generated for Fluentd in our Universal Forwarder conf
|
|||
|
||||
### Define RBAC resources
|
||||
|
||||
The `teleport-event-handler configure` command generated a file called
|
||||
`teleport-event-handler-role.yaml`. This file defines a `teleport-event-handler`
|
||||
role and a user with read-only access to the `event` API:
|
||||
|
||||
```yaml
|
||||
kind: role
|
||||
metadata:
|
||||
name: teleport-event-handler
|
||||
spec:
|
||||
allow:
|
||||
rules:
|
||||
- resources: ['event', 'session']
|
||||
verbs: ['list','read']
|
||||
version: v5
|
||||
---
|
||||
kind: user
|
||||
metadata:
|
||||
name: teleport-event-handler
|
||||
spec:
|
||||
roles: ['teleport-event-handler']
|
||||
version: v2
|
||||
```
|
||||
|
||||
Move this file to your workstation (or recreate it by pasting the snippet above)
|
||||
and use `tctl` on your workstation to create the role and the user:
|
||||
|
||||
```code
|
||||
$ tctl create -f teleport-event-handler-role.yaml
|
||||
# user "teleport-event-handler" has been created
|
||||
# role 'teleport-event-handler' has been created
|
||||
```
|
||||
(!docs/pages/includes/plugins/event-handler-role-user.mdx!)
|
||||
|
||||
### Enable impersonation of the Teleport Event Handler plugin user
|
||||
|
||||
|
|
Loading…
Reference in a new issue