Steven Martin
09b1a22d32
Merge branch 'master' into stevenGravy-oidc-debugoutput-patch-2
2020-04-06 14:02:47 -04:00
Steven Martin
a02519cda3
Microsoft Azure Active Directory SSO Instructions ( #3514 )
2020-04-06 14:55:40 -03:00
Gus Luxton
d34948b9fc
Add warning about table_name vs audit_events_uri ( #3511 )
...
As per #2542
2020-04-06 10:59:52 -03:00
Steven Martin
c276f0e10b
Correct misspelling in output
2020-04-02 14:54:43 -04:00
Steven Martin
8ca47def00
Correct spelling in oidc debugging
2020-04-02 14:51:06 -04:00
Gus Luxton
9c2f0f89ae
Add mention of node tunnelling to port 3024 ( #3509 )
...
Also remove redundant # from port numbers
2020-04-02 09:56:57 -03:00
Forrest Marshall
924fb9cd00
synchronize bpf watch map reads
2020-04-01 11:41:44 -07:00
Russell Jones
8443f7c445
Update CHANGELOG.md
2020-04-01 11:04:05 -07:00
Jonathon Canada
5481491160
[docs] Added instructions for license.pem ( #3504 )
...
* Added instructions for license.pem
Co-authored-by: Ben Arent <ben@gravitational.com>
2020-03-31 10:02:39 -07:00
Gus Luxton
2105c8764c
Fix tests and remove panic
2020-03-30 18:35:33 -07:00
Gus Luxton
3094b537c8
Generate random tokens
2020-03-30 18:35:33 -07:00
Gus Luxton
1be5cec183
Update sample config file header
2020-03-30 18:35:33 -07:00
Gus Luxton
432afff424
Remove comment
2020-03-30 18:35:33 -07:00
Gus Luxton
05d9720cff
Extra changes
2020-03-30 18:35:33 -07:00
Gus Luxton
f09e96b4d2
Fixes to make 'teleport configure' output tidier
2020-03-30 18:35:33 -07:00
Dmitry Sharshakov
cf3760159b
Ask for auth in 'tsh clusters' if certificate has expired
...
Signed-off-by: Dmitry Sharshakov <d3dx12.xx@gmail.com>
2020-03-30 17:44:09 -07:00
Gus Luxton
3245a65687
Also set TELEPORT_PROXY_SERVER_LB for tunnel configs
2020-03-30 17:27:28 -07:00
Gus Luxton
7880e67ea3
Reflect auth server AMI changes in Cloudformation
2020-03-30 17:27:28 -07:00
Russell Jones
43eabd9989
Update get-kubeconfig.sh
2020-03-30 17:26:30 -07:00
Matthew Adams
304b1031d8
also make user configurable
2020-03-30 17:26:30 -07:00
Matthew Adams
208d8142b4
Make CN configurable
2020-03-30 17:26:30 -07:00
Ben Arent
59a652522f
Fix formatting issues on Trusted Cluster and GSuite
2020-03-30 17:21:50 -07:00
Steven Martin
0cab6e5847
bump teleport version up
2020-03-30 16:58:38 -07:00
Steven Martin
5dbcc4dae7
Bump teleport version up
2020-03-30 16:58:38 -07:00
Ben Arent
080f43f883
Update to include testing SSO Providers / Partners ( #3501 )
...
* Update to include testing SSO Providers / Partners
* Update testplan.md
2020-03-30 13:25:21 -07:00
Steven Martin
d28cefa85d
Update gsuite instructions for service account ( #3498 )
...
* Updating gsuite ssh instructions
showing using the client id
* Changed display to match api scopes
* Update gsuite api images
* Updated gsuite instructions
Update to use the client id instead of the email of the service account for Gsuite api permissions
2020-03-30 08:32:27 -07:00
Ev Kontsevoy
85d1cba589
Updated README to reflect Teleport's scale
...
It's not just for small companies.
2020-03-27 17:30:52 -07:00
Alexander Klizhentas
5607ac21e9
This commit improves log messages for kubeconfig. ( #3482 )
...
In cases when kubernetes config path does not contain
properly encoded certificates, teleport was not
showing any error messages in the logs. This commit
makes sure error message are shown and are meaningful.
2020-03-27 14:13:57 -07:00
Gus Luxton
244c57fbc9
Update confusing Kubernetes wording in admin guide ( #3486 )
...
It's not obvious from the current wording that you are **either** running `tsh ssh` or `kubectl` - it makes it look like you first need to SSH to a node, _then_ run `kubectl`. Trying to clear that up.
Co-authored-by: Ben Arent <ben@gravitational.com>
2020-03-27 14:00:35 -07:00
Lisa Kim
3d3e96b0ae
Add how to remove node from cluster in admin-guide.md ( #3478 )
...
* Fix broken link to quickstart in architecture overview.md
* Add link to on how to use a cluster join token in trustedclusters.md
2020-03-27 11:09:21 -07:00
Lisa Kim
ed72863ccb
Add temporary check for mismatch proxy/auth version ( #3462 )
...
* Add temp. check for mismatch proxy/auth version
* Follow standard for making code temporary
* Rename confusing variable names
* Add rolling version and modify message
2020-03-27 08:53:04 -07:00
Lars Lehtonen
4aa06fdfe7
lib/web: WebSuite.TestSAMLSuccess() fix dropped test errors
2020-03-26 16:52:26 -07:00
Lars Lehtonen
86ed0c90ca
lib/web: WebSuite.TestResizeTerminal() fix dropped test error
2020-03-26 16:52:26 -07:00
Lars Lehtonen
fa98a909fe
lib/web: WebSuite.client() fix dropped test error
2020-03-26 16:52:26 -07:00
aelkugia
5ec1a3db7a
Update quotations around logins + k8s groups
2020-03-26 16:16:42 -07:00
aelkugia
e7a65f73b8
Address PR comments - minor updates, k8s groups, typos
2020-03-26 16:16:42 -07:00
aelkugia
05ac217b59
Updated section to use root
and leaf definitions.
2020-03-26 16:16:42 -07:00
aelkugia
9c11761aa2
Extend Trusted Clusters doc to show how to share groups
...
This example details how to share kubernetes groups between trusted clusters. Same concept for SAML attributes.
Resolves : #3457
2020-03-26 16:16:42 -07:00
Gus Luxton
7c47e802e1
Remove extra mention of jump hosts in user manual ( #3461 )
...
Co-authored-by: Ben Arent <ben@gravitational.com>
2020-03-26 13:56:56 -07:00
Ben Arent
ff23663e2e
Bumps Quickstart Version. ( #3477 )
...
* Bumps Teleport Version
* Fix RBAC Table
2020-03-26 08:57:02 -07:00
Steven Martin
fc14b8a29c
Fix auth_service token ( #3475 )
...
The example teleport yaml has a extra auth_service that will cause the static tokens to be ignored
2020-03-25 13:12:20 -07:00
Gus Luxton
7fd96f440c
Improve trusted cluster guide with specifics ( #3466 )
...
Adding trusted clusters is different when using Letsencrypt vs ACM. This adds clarification.
2020-03-24 15:54:33 -03:00
Alexander Klizhentas
924dd8fdb0
Adds support for custom OIDC prompts ( #3409 )
...
This commit adds support for custom OIDC prompt values.
Read about possible prompt values here:
https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
Three cases are possible:
* Prompt value is not set, this defaults to
OIDC prompt value to select_account value to preserve backwards
compatibility.
```yaml
kind: oidc
version: v2
metadata:
name: connector
spec:
prompt: 'login consent'
```
* Prompt value is set to empty string, it will be omitted
from the auth request.
```yaml
kind: oidc
version: v2
metadata:
name: connector
spec:
prompt: ''
```
* Prompt value is set to non empty string, it will be included
in the auth request as is.
```yaml
kind: oidc
version: v2
metadata:
name: connector
spec:
prompt: 'login consent'
```
Tested with Auth0 OIDC connector on teleport 4.2 enterprise.
2020-03-20 17:57:05 -07:00
Lars Lehtonen
235a146a89
lib/srv/regular: remove redundant ssh.Dial() from TestAllowedUsers()
2020-03-20 17:41:35 -07:00
Lars Lehtonen
6646c3181c
lib/srv/regular: remove unused fields and variables
2020-03-20 17:41:35 -07:00
Lars Lehtonen
76428137f5
lib/srv/regular: remove unused removeNL()
2020-03-20 17:41:35 -07:00
Lars Lehtonen
1bda294692
lib/srv/regular: fix dropped error in SrvSuite.SetUpTest()
2020-03-20 17:41:35 -07:00
Lars Lehtonen
4e5808cdf9
lib/srv/regular: fix dropped error in SrvSuite.TestProxyReverseTunnel()
2020-03-20 17:41:35 -07:00
Andrea Scarpino
e0fda3b7d5
Add missing initialization for SessionRecording
2020-03-20 17:28:18 -07:00
Russell Jones
b90545dba8
Added ability for RequestSubsystem to cancelled.
...
Added wrapper function for RequestSubsystem which supports a cancelation
context.
2020-03-20 13:01:13 -07:00