self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-21 17:53:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
4855 commits 3226 branches 4171 tags 1.3 GiB
Commit graph

4855 commits

This branch
This branch
All branches
Author SHA1 Message Date
Steven Martin 09b1a22d32
Merge branch 'master' into stevenGravy-oidc-debugoutput-patch-2 2020-04-06 14:02:47 -04:00
Steven Martin a02519cda3
Microsoft Azure Active Directory SSO Instructions (#3514) 2020-04-06 14:55:40 -03:00
Gus Luxton d34948b9fc
Add warning about table_name vs audit_events_uri (#3511) 
As per #2542
 2020-04-06 10:59:52 -03:00
Steven Martin c276f0e10b
Correct misspelling in output 2020-04-02 14:54:43 -04:00
Steven Martin 8ca47def00
Correct spelling in oidc debugging 2020-04-02 14:51:06 -04:00
Gus Luxton 9c2f0f89ae
Add mention of node tunnelling to port 3024 (#3509) 
Also remove redundant # from port numbers
 2020-04-02 09:56:57 -03:00
Forrest Marshall 924fb9cd00 synchronize bpf watch map reads 2020-04-01 11:41:44 -07:00
Russell Jones 8443f7c445
Update CHANGELOG.md 2020-04-01 11:04:05 -07:00
Jonathon Canada 5481491160
[docs] Added instructions for license.pem (#3504) 
* Added instructions for license.pem
Co-authored-by: Ben Arent <ben@gravitational.com>
 2020-03-31 10:02:39 -07:00
Gus Luxton 2105c8764c Fix tests and remove panic 2020-03-30 18:35:33 -07:00
Gus Luxton 3094b537c8 Generate random tokens 2020-03-30 18:35:33 -07:00
Gus Luxton 1be5cec183 Update sample config file header 2020-03-30 18:35:33 -07:00
Gus Luxton 432afff424 Remove comment 2020-03-30 18:35:33 -07:00
Gus Luxton 05d9720cff Extra changes 2020-03-30 18:35:33 -07:00
Gus Luxton f09e96b4d2 Fixes to make 'teleport configure' output tidier 2020-03-30 18:35:33 -07:00
Dmitry Sharshakov cf3760159b Ask for auth in 'tsh clusters' if certificate has expired 
Signed-off-by: Dmitry Sharshakov <d3dx12.xx@gmail.com>
 2020-03-30 17:44:09 -07:00
Gus Luxton 3245a65687 Also set TELEPORT_PROXY_SERVER_LB for tunnel configs 2020-03-30 17:27:28 -07:00
Gus Luxton 7880e67ea3 Reflect auth server AMI changes in Cloudformation 2020-03-30 17:27:28 -07:00
Russell Jones 43eabd9989 Update get-kubeconfig.sh 2020-03-30 17:26:30 -07:00
Matthew Adams 304b1031d8 also make user configurable 2020-03-30 17:26:30 -07:00
Matthew Adams 208d8142b4 Make CN configurable 2020-03-30 17:26:30 -07:00
Ben Arent 59a652522f Fix formatting issues on Trusted Cluster and GSuite 2020-03-30 17:21:50 -07:00
Steven Martin 0cab6e5847 bump teleport version up 2020-03-30 16:58:38 -07:00
Steven Martin 5dbcc4dae7 Bump teleport version up 2020-03-30 16:58:38 -07:00
Ben Arent 080f43f883
Update to include testing SSO Providers / Partners (#3501) 
* Update to include testing SSO Providers / Partners

* Update testplan.md
 2020-03-30 13:25:21 -07:00
Steven Martin d28cefa85d
Update gsuite instructions for service account (#3498) 
* Updating gsuite ssh instructions

showing using the client id

* Changed display to match api scopes

* Update gsuite api images

* Updated gsuite instructions

Update to use the client id instead of the email of the service account for Gsuite api permissions
 2020-03-30 08:32:27 -07:00
Ev Kontsevoy 85d1cba589 Updated README to reflect Teleport's scale 
It's not just for small companies.
 2020-03-27 17:30:52 -07:00
Alexander Klizhentas 5607ac21e9
This commit improves log messages for kubeconfig. (#3482) 
In cases when kubernetes config path does not contain
properly encoded certificates, teleport was not
showing any error messages in the logs. This commit
makes sure error message are shown and are meaningful.
 2020-03-27 14:13:57 -07:00
Gus Luxton 244c57fbc9
Update confusing Kubernetes wording in admin guide (#3486) 
It's not obvious from the current wording that you are **either** running `tsh ssh` or `kubectl` - it makes it look like you first need to SSH to a node, _then_ run `kubectl`. Trying to clear that up.

Co-authored-by: Ben Arent <ben@gravitational.com>
 2020-03-27 14:00:35 -07:00
Lisa Kim 3d3e96b0ae
Add how to remove node from cluster in admin-guide.md (#3478) 
* Fix broken link to quickstart in architecture overview.md
* Add link to on how to use a cluster join token in trustedclusters.md
 2020-03-27 11:09:21 -07:00
Lisa Kim ed72863ccb
Add temporary check for mismatch proxy/auth version (#3462) 
* Add temp. check for mismatch proxy/auth version

* Follow standard for making code temporary

* Rename confusing variable names

* Add rolling version and modify message
 2020-03-27 08:53:04 -07:00
Lars Lehtonen 4aa06fdfe7 lib/web: WebSuite.TestSAMLSuccess() fix dropped test errors 2020-03-26 16:52:26 -07:00
Lars Lehtonen 86ed0c90ca lib/web: WebSuite.TestResizeTerminal() fix dropped test error 2020-03-26 16:52:26 -07:00
Lars Lehtonen fa98a909fe lib/web: WebSuite.client() fix dropped test error 2020-03-26 16:52:26 -07:00
aelkugia 5ec1a3db7a Update quotations around logins + k8s groups 2020-03-26 16:16:42 -07:00
aelkugia e7a65f73b8 Address PR comments - minor updates, k8s groups, typos 2020-03-26 16:16:42 -07:00
aelkugia 05ac217b59 Updated section to use root and leaf definitions. 2020-03-26 16:16:42 -07:00
aelkugia 9c11761aa2 Extend Trusted Clusters doc to show how to share groups 
This example details how to share kubernetes groups between trusted clusters. Same concept for SAML attributes.

Resolves: #3457
 2020-03-26 16:16:42 -07:00
Gus Luxton 7c47e802e1
Remove extra mention of jump hosts in user manual (#3461) 
Co-authored-by: Ben Arent <ben@gravitational.com>
 2020-03-26 13:56:56 -07:00
Ben Arent ff23663e2e
Bumps Quickstart Version. (#3477) 
* Bumps Teleport Version

* Fix RBAC Table
 2020-03-26 08:57:02 -07:00
Steven Martin fc14b8a29c
Fix auth_service token (#3475) 
The example teleport yaml has a extra auth_service that will cause the static tokens to be ignored
 2020-03-25 13:12:20 -07:00
Gus Luxton 7fd96f440c
Improve trusted cluster guide with specifics (#3466) 
Adding trusted clusters is different when using Letsencrypt vs ACM. This adds clarification.
 2020-03-24 15:54:33 -03:00
Alexander Klizhentas 924dd8fdb0 Adds support for custom OIDC prompts (#3409) 
This commit adds support for custom OIDC prompt values.

Read about possible prompt values here:

https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest

Three cases are possible:

* Prompt value is not set, this defaults to
OIDC prompt value to select_account value to preserve backwards
compatibility.

```yaml
kind: oidc
version: v2
metadata:
  name: connector
spec:
  prompt: 'login consent'
```

* Prompt value is set to empty string, it will be omitted
from the auth request.

```yaml
kind: oidc
version: v2
metadata:
  name: connector
spec:
  prompt: ''
```

* Prompt value is set to non empty string, it will be included
in the auth request as is.

```yaml
kind: oidc
version: v2
metadata:
  name: connector
spec:
  prompt: 'login consent'
```

Tested with Auth0 OIDC connector on teleport 4.2 enterprise.
 2020-03-20 17:57:05 -07:00
Lars Lehtonen 235a146a89 lib/srv/regular: remove redundant ssh.Dial() from TestAllowedUsers() 2020-03-20 17:41:35 -07:00
Lars Lehtonen 6646c3181c lib/srv/regular: remove unused fields and variables 2020-03-20 17:41:35 -07:00
Lars Lehtonen 76428137f5 lib/srv/regular: remove unused removeNL() 2020-03-20 17:41:35 -07:00
Lars Lehtonen 1bda294692 lib/srv/regular: fix dropped error in SrvSuite.SetUpTest() 2020-03-20 17:41:35 -07:00
Lars Lehtonen 4e5808cdf9 lib/srv/regular: fix dropped error in SrvSuite.TestProxyReverseTunnel() 2020-03-20 17:41:35 -07:00
Andrea Scarpino e0fda3b7d5 Add missing initialization for SessionRecording 2020-03-20 17:28:18 -07:00
Russell Jones b90545dba8 Added ability for RequestSubsystem to cancelled. 
Added wrapper function for RequestSubsystem which supports a cancelation
context.
 2020-03-20 13:01:13 -07:00