TeleInstance manages an auth server and a set of proxies/nodes.
TeleInstance.Stop only stops the auth server. A bunch of tests used it
assuming it also cleans up any running nodes.
This has caused a lot of log spam from failing heartbeats and generally
wasted CPU cycles.
Rename it to Stop to StopAuth to make it's purpose more obvious. Add
TeleInstance.StopAll that cleans up everything, suitable for deferring
in tests.
Some unusual shells like [fish](https://fishshell.com/) don't support
`$(cmd)` nested command syntax.
Print window size as two separate commands separated by newline instead.
Also, scan more of the output, in case the prompt is very long.
This type uses an inner bytes.Buffer to store terminal output. Terminal
is used by concurrent goroutines as io.ReadWriter, so access to the
buffer needs to be synchronized.
`SyncBuffer` has a goroutine running `io.Copy` to read from the
underlying pipe. Close stops the pipe, but doesn't wait for the last
chunk of data to be written by `io.Copy` to the buffer.
Both `Bytes` and `String` assume that the buffer received no further
writes after `Close`.
Add explicit synchronization between `io.Copy` goroutine and `Close`.
Several tests to confirm correctness of kubeconfig update logic.
Specifically - to make sure existing configuration is not deleted.
`UpdateKubeconfig` was split into two functions because mocking
`*client.TeleportClient` was really difficult.
Fixes#3209
To execute an SSH command, Teleport re-executes itself and execs the
command from this child process:
teleport -> teleport exec -> sh -c "user command"
Both parent teleport processes could exit unexpectedly (from SIGKILL or
even connection interruption).
Make sure all child processes get cleaned up and not orphaned to PID 1:
- teleport exec via SIGQUIT to request graceful shutdown
- user command via SIGKILL because it might ignore other signals
* Add monorepo
* Add reset/passwd capability for local users (#3287)
* Add UserTokens to allow password resets
* Pass context down through ChangePasswordWithToken
* Rename UserToken to ResetPasswordToken
* Add auto formatting for proto files
* Add common Marshaller interfaces to reset password token
* Allow enterprise "tctl" reuse OSS user methods (#3344)
* Pass localAuthEnabled flag to UI (#3412)
* Added LocalAuthEnabled prop to WebConfigAuthSetting struct in webconfig.go
* Added LocalAuthEnabled state as part of webCfg in apiserver.go
* update e-refs
* Fix a regression bug after merge
* Update tctl CLI output msgs (#3442)
* Use local user client when resolving user roles
* Update webapps ref
* Add and retrieve fields from Cluster struct (#3476)
* Set Teleport versions for node, auth, proxy init heartbeat
* Add and retrieve fields NodeCount, PublicURL, AuthVersion from Clusters
* Remove debug logging to avoid log pollution when getting public_addr of proxy
* Create helper func GuessProxyHost to get the public_addr of a proxy host
* Refactor newResetPasswordToken to use GuessProxyHost and remove publicUrl func
* Remove webapps submodule
* Add webassets submodule
* Replace webapps sub-module reference with webassets
* Update webassets path in Makefile
* Update webassets
1b11b26 Simplify and clean up Makefile (#62) https://github.com/gravitational/webapps/commit/1b11b26
* Retrieve cluster details for user context (#3515)
* Let GuessProxyHost also return proxy's version
* Unit test GuessProxyHostAndVersion & GetClusterDetails
* Update webassets
4dfef4e Fix build pipeline (#66) https://github.com/gravitational/webapps/commit/4dfef4e
* Update e-ref
* Update webassets
0647568 Fix OSS redirects https://github.com/gravitational/webapps/commit/0647568
* update e-ref
* Update webassets
e0f4189 Address security audit warnings Updates "minimist" package which is used by 7y old "optimist". https://github.com/gravitational/webapps/commit/e0f4189
* Add new attr to Session struct (#3574)
* Add fields ServerHostname and ServerAddr
* Set these fields on newSession
* Ensure webassets submodule during build
* Update e-ref
* Ensure webassets before running unit-tests
* Update E-ref
Co-authored-by: Lisa Kim <lisa@gravitational.com>
Co-authored-by: Pierre Beaucamp <pierre@gravitational.com>
Co-authored-by: Jenkins <jenkins@gravitational.io>
Adding following principals:
- `localhost`
- `127.0.0.1`
- `::1`
With these, `tsh` (both `ssh` and `join`) works with a local proxy
without any SSH handshake errors.
Removed the warning from quickstart docs, but keeping `--proxy=grav-00`
since that implies to the reader that proxy is usually remote.
Fixes#2910
- consistently use "certificate" instead of "public key"
- make diagram in "local users" section match the text (user "sandra"
doesn't have access to "grav-02")
- de-duplicate docs on session streaming between auth and proxy pages
Top-level `make lint` rule that scans everything and a CI-specific rule
for Jenkins.
Currently only enable "unused", since it's reliable. The list will
expand.
Also clean up stragglers that somehow slipped through in #3552.
Updates #3551
Expanded instructions to include installing BCC within a Amazon 2 Linux. Moved some instruction steps for flow since amazon 2 linux doesn't require building the bcc tools.
Spring cleaning!
A very mechanical cleanup using several linters (unused, deadcode,
structcheck). Build and tests still pass so no behavior should be
affected.
* Correct Msft azure ad link in docs
MSFT AzureAD link wasn't properly formatted to produce a browser. fixed
* Warning tip on federation document was not in the styling format to render correctly. Fixed.
Co-authored-by: Ben Arent <ben@gravitational.com>
Selectively listing package paths is error-prone. Use `go list` to get
the complete list instead. Filter out integration tests since they are
slower.
Also, enable the race detector by default. Local `make test` runs should
not skip it.
The URL provided in the documentation for the tarball's checksum was
missing a `-`, and resulted in a 404 when actually trying to run the
`curl`. This adds the missing `-` so that the `curl` call will succeed
as expected.
Co-authored-by: Ben Arent <ben@gravitational.com>