self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-19 16:53:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
11424 commits 3225 branches 4169 tags 1.3 GiB
Commit graph

200 commits

Author SHA1 Message Date
rosstimothy 4cc1c76e4d
Batched dependabot updates (#20624) 
* Update rsa requirement in /lib/srv/desktop/rdp/rdpclient

Updates the requirements on [rsa](https://github.com/RustCrypto/RSA) to permit the latest version.
- [Release notes](https://github.com/RustCrypto/RSA/releases)
- [Changelog](https://github.com/RustCrypto/RSA/blob/master/CHANGELOG.md)
- [Commits](https://github.com/RustCrypto/RSA/compare/v0.7.2...v0.8.1)

---
updated-dependencies:
- dependency-name: rsa
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump rsa from 0.7.2 to 0.8.1

Bumps [rsa](https://github.com/RustCrypto/RSA) from 0.7.2 to 0.8.1.
- [Release notes](https://github.com/RustCrypto/RSA/releases)
- [Changelog](https://github.com/RustCrypto/RSA/blob/master/CHANGELOG.md)
- [Commits](https://github.com/RustCrypto/RSA/compare/v0.7.2...v0.8.1)

---
updated-dependencies:
- dependency-name: rsa
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/gravitational/trace from 1.2.0 to 1.2.1 in /api

Bumps [github.com/gravitational/trace](https://github.com/gravitational/trace) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/gravitational/trace/releases)
- [Commits](https://github.com/gravitational/trace/compare/v1.2.0...v1.2.1)

---
updated-dependencies:
- dependency-name: github.com/gravitational/trace
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/aws/aws-sdk-go from 1.44.180 to 1.44.184

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.180 to 1.44.184.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.180...v1.44.184)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/coreos/go-semver from 0.3.0 to 0.3.1

Bumps [github.com/coreos/go-semver](https://github.com/coreos/go-semver) from 0.3.0 to 0.3.1.
- [Release notes](https://github.com/coreos/go-semver/releases)
- [Commits](https://github.com/coreos/go-semver/compare/v0.3.0...v0.3.1)

---
updated-dependencies:
- dependency-name: github.com/coreos/go-semver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump k8s.io/apimachinery from 0.26.0 to 0.26.1

Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.26.0 to 0.26.1.
- [Release notes](https://github.com/kubernetes/apimachinery/releases)
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.26.0...v0.26.1)

---
updated-dependencies:
- dependency-name: k8s.io/apimachinery
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.78.0 to 1.80.0

Bumps [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2) from 1.78.0 to 1.80.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ec2/v1.78.0...service/ec2/v1.80.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ec2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump k8s.io/api from 0.26.0 to 0.26.1

Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.26.0 to 0.26.1.
- [Release notes](https://github.com/kubernetes/api/releases)
- [Commits](https://github.com/kubernetes/api/compare/v0.26.0...v0.26.1)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump cloud.google.com/go/storage from 1.28.1 to 1.29.0

Bumps [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) from 1.28.1 to 1.29.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/storage/v1.28.1...spanner/v1.29.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump k8s.io/cli-runtime from 0.26.0 to 0.26.1

Bumps [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) from 0.26.0 to 0.26.1.
- [Release notes](https://github.com/kubernetes/cli-runtime/releases)
- [Commits](https://github.com/kubernetes/cli-runtime/compare/v0.26.0...v0.26.1)

---
updated-dependencies:
- dependency-name: k8s.io/cli-runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* revert firestore to v1.6.0

* Bump k8s.io/kubectl from 0.26.0 to 0.26.1

Bumps [k8s.io/kubectl](https://github.com/kubernetes/kubectl) from 0.26.0 to 0.26.1.
- [Release notes](https://github.com/kubernetes/kubectl/releases)
- [Commits](https://github.com/kubernetes/kubectl/compare/v0.26.0...v0.26.1)

---
updated-dependencies:
- dependency-name: k8s.io/kubectl
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump k8s.io/client-go from 0.26.0 to 0.26.1

Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.26.0 to 0.26.1.
- [Release notes](https://github.com/kubernetes/client-go/releases)
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.26.0...v0.26.1)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump k8s.io/apiserver from 0.26.0 to 0.26.1

Bumps [k8s.io/apiserver](https://github.com/kubernetes/apiserver) from 0.26.0 to 0.26.1.
- [Release notes](https://github.com/kubernetes/apiserver/releases)
- [Commits](https://github.com/kubernetes/apiserver/compare/v0.26.0...v0.26.1)

---
updated-dependencies:
- dependency-name: k8s.io/apiserver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* use firestore v1.6.1

* go mod tidy

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot-batcher[bot] <122306277+dependabot-batcher[bot]@users.noreply.github.com>
 2023-01-25 00:25:59 +00:00
Tiago Silva 605a7d00f4
Adds tsh kubectl support (#20031) 
This PR implements a `kubectl` wrapper inside `tsh` that creates resource access requests, waits for their approval and retries the command when it detects that access to a pod was denied due to missing role or Kubernetes RBAC principals permissions.


Part of #18434
Updates #19573
 2023-01-23 14:34:40 +00:00
Vitor Enes c9be1f8e71
Bump gravitational/trace to v1.2.1 (#20335) 
This commit bumps `gravitational/trace` to `v1.2.1`. This version
includes https://github.com/gravitational/trace/pull/86, and thus
fixes #17885.
 2023-01-18 19:08:48 +00:00
Marco André Dinis 15f034f40c
remove direct dependency of gobuffalo/flect (#20297) 2023-01-17 20:03:12 +01:00
Alan Parra 885d7397ab
chore: Bump Go dependencies (#20264) 
Keep up with current releases.

Supersedes the following dependabot PRs:

* dustin/go-humanize - https://github.com/gravitational/teleport/pull/20255
* gobuffalo/flect - https://github.com/gravitational/teleport/pull/20249
* pavlo-v-chernykh/keystore-go/v4 -
  https://github.com/gravitational/teleport/pull/20254
* aws/aws-sdk-go - https://github.com/gravitational/teleport/pull/20253
* aws/aws-sdk-go-v2/service/ec2 -
  https://github.com/gravitational/teleport/pull/20248
* Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v2
  - https://github.com/gravitational/teleport/pull/20250
* elastic/go-elasticsearch/v8 -
  https://github.com/gravitational/teleport/pull/20252
 2023-01-16 17:38:53 +00:00
rosstimothy 9bbc1dd17c
Dependency updates (#19995) 
* Bump github.com/aws/aws-sdk-go-v2/config from 1.18.7 to 1.18.8

Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.18.7 to 1.18.8.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.7...config/v1.18.8)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/aws/aws-sdk-go-v2/service/sts from 1.17.7 to 1.18.0

Bumps [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) from 1.17.7 to 1.18.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.17.7...config/v1.18.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/alicebob/miniredis/v2 from 2.23.1 to 2.30.0

Bumps [github.com/alicebob/miniredis/v2](https://github.com/alicebob/miniredis) from 2.23.1 to 2.30.0.
- [Release notes](https://github.com/alicebob/miniredis/releases)
- [Changelog](https://github.com/alicebob/miniredis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/alicebob/miniredis/compare/v2.23.1...v2.30.0)

---
updated-dependencies:
- dependency-name: github.com/alicebob/miniredis/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/aws/aws-sdk-go from 1.44.173 to 1.44.175

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.173 to 1.44.175.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.173...v1.44.175)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump cloud.google.com/go/container from 1.9.0 to 1.10.0

Bumps [cloud.google.com/go/container](https://github.com/googleapis/google-cloud-go) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/dlp/v1.9.0...asset/v1.10.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/container
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/aws/aws-sdk-go-v2/credentials from 1.13.7 to 1.13.8

Bumps [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) from 1.13.7 to 1.13.8.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/mq/v1.13.7...service/mq/v1.13.8)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.2.0 to 1.3.0

Bumps [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/v1.2...sdk/azcore/v1.3.0)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/schollz/progressbar/v3 from 3.12.2 to 3.13.0

Bumps [github.com/schollz/progressbar/v3](https://github.com/schollz/progressbar) from 3.12.2 to 3.13.0.
- [Release notes](https://github.com/schollz/progressbar/releases)
- [Commits](https://github.com/schollz/progressbar/compare/v3.12.2...v3.13.0)

---
updated-dependencies:
- dependency-name: github.com/schollz/progressbar/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* go mod tidy

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-09 19:46:01 +00:00
Gavin Frazar ef43b4cef9
azure mysql and postgresql flex server discovery (#19759) 
* Move GCP cloud clients into a separate interface
* Add azure mysql/postgresql flex server support
* Add teleport db configure create support for azure postgres/mysql flex servers
* discover both single and flexi server with 'mysql' and 'postgres' db types.
* go doc gcp interface
* Add is_flexi_server to database Azure config
 2023-01-09 18:48:08 +00:00
rosstimothy 347db018d5
Dependency updates (#19859) 
* Bump golang.org/x/text from 0.5.0 to 0.6.0

Bumps [golang.org/x/text](https://github.com/golang/text) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.5.0...v0.6.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump golang.org/x/sys from 0.3.0 to 0.4.0

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/golang/sys/releases)
- [Commits](https://github.com/golang/sys/compare/v0.3.0...v0.4.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/aws/aws-sdk-go from 1.44.171 to 1.44.172

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.171 to 1.44.172.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.171...v1.44.172)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* go mod tidy

* Bump golang.org/x/term from 0.3.0 to 0.4.0

Bumps [golang.org/x/term](https://github.com/golang/term) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/golang/term/releases)
- [Commits](https://github.com/golang/term/compare/v0.3.0...v0.4.0)

---
updated-dependencies:
- dependency-name: golang.org/x/term
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump golang.org/x/tools from 0.4.0 to 0.5.0

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-04 22:12:40 +00:00
Jakub Nyckowski d68cb9377b
Switch golang.org/x/crypto to gravitational fork (#19579) 
* Switch golang.org/x/crypto to gravitational fork

* Update golden files

* Add comment to go.mod

* Update api module to use crypto fork.

* Move x/crypto to replaced section in dependabot.yml
 2023-01-04 19:30:58 +00:00
rosstimothy d3cb592304
Dependency Updates (#19814) 
* Bump github.com/aws/aws-sdk-go-v2/config from 1.18.6 to 1.18.7

Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.18.6 to 1.18.7.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.6...config/v1.18.7)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/aws/aws-sdk-go from 1.44.163 to 1.44.171

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.163 to 1.44.171.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.163...v1.44.171)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alan Parra <alan.parra@goteleport.com>
 2023-01-04 15:03:24 +00:00
Tiago Silva c3fe7c092f
Update Kubernetes Dependencies (#19695) 
This PR replaces the following PRs opened by dependabot:
- #19678 
- #19677 

It also bumps:

- Bump k8s.io/api from v0.25.4 to v0.26.0
- Bump k8s.io/apiextensions-apiserver from v0.25.4 to v0.26.0
- Bump k8s.io/apimachinery from v0.25.4 to v0.26.0
- Bump k8s.io/apiserver from v0.25.4 to v0.26.0
- Bump k8s.io/cli-runtime from v0.25.4 to v0.26.0
- Bump k8s.io/kubectl from v0.25.4 to v0.26.0
- Bump k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed to v0.0.0-20221128185143-99ec85e7a448
- Bump sigs.k8s.io/controller-runtime from v0.13.1 to v0.14.1
 2022-12-29 22:49:22 +00:00
rosstimothy d27f63a49b
Dependency updates (#19686) 
* Bump libc from 0.2.138 to 0.2.139

Bumps [libc](https://github.com/rust-lang/libc) from 0.2.138 to 0.2.139.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.138...0.2.139)

---
updated-dependencies:
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/aws/aws-sdk-go-v2/credentials from 1.13.6 to 1.13.7

Bumps [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) from 1.13.6 to 1.13.7.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/mq/v1.13.6...service/mq/v1.13.7)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump cloud.google.com/go/container from 1.8.0 to 1.9.0

Bumps [cloud.google.com/go/container](https://github.com/googleapis/google-cloud-go) from 1.8.0 to 1.9.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/dlp/v1.8.0...asset/v1.9.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/container
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/bufbuild/connect-go from 1.3.2 to 1.4.1

Bumps [github.com/bufbuild/connect-go](https://github.com/bufbuild/connect-go) from 1.3.2 to 1.4.1.
- [Release notes](https://github.com/bufbuild/connect-go/releases)
- [Commits](https://github.com/bufbuild/connect-go/compare/v1.3.2...v1.4.1)

---
updated-dependencies:
- dependency-name: github.com/bufbuild/connect-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/go-webauthn/webauthn from 0.5.0 to 0.6.0

Bumps [github.com/go-webauthn/webauthn](https://github.com/go-webauthn/webauthn) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/go-webauthn/webauthn/releases)
- [Commits](https://github.com/go-webauthn/webauthn/compare/v0.5.0...v0.6.0)

---
updated-dependencies:
- dependency-name: github.com/go-webauthn/webauthn
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/mdlayher/netlink from 1.7.0 to 1.7.1

Bumps [github.com/mdlayher/netlink](https://github.com/mdlayher/netlink) from 1.7.0 to 1.7.1.
- [Release notes](https://github.com/mdlayher/netlink/releases)
- [Changelog](https://github.com/mdlayher/netlink/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mdlayher/netlink/compare/v1.7.0...v1.7.1)

---
updated-dependencies:
- dependency-name: github.com/mdlayher/netlink
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump cloud.google.com/go/iam from 0.8.0 to 0.9.0

Bumps [cloud.google.com/go/iam](https://github.com/googleapis/google-cloud-go) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/v0.8.0...v0.9.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/iam
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.76.1 to 1.77.0

Bumps [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2) from 1.76.1 to 1.77.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ec2/v1.76.1...service/ec2/v1.77.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ec2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/gocql/gocql from 1.3.0 to 1.3.1

Bumps [github.com/gocql/gocql](https://github.com/gocql/gocql) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/gocql/gocql/releases)
- [Changelog](https://github.com/gocql/gocql/blob/master/CHANGELOG.md)
- [Commits](https://github.com/gocql/gocql/compare/v1.3.0...v1.3.1)

---
updated-dependencies:
- dependency-name: github.com/gocql/gocql
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/pquerna/otp from 1.3.0 to 1.4.0

Bumps [github.com/pquerna/otp](https://github.com/pquerna/otp) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/pquerna/otp/releases)
- [Commits](https://github.com/pquerna/otp/compare/v1.3.0...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/pquerna/otp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* revert cloud.google.com/go/iam update

* revert github.com/go-webauthn/webauthn update

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-29 20:12:50 +00:00
Krzysztof Skrzętnicki f8fa2b9be2
Bump gravitational/trace package version (#19390) 2022-12-21 22:02:25 +00:00
Alan Parra 5e3f5f4ec5
chore: Bump Go dependencies (#19528) 
Keep up with latest releases.

Supersedes the following Dependabot PRs. See originals for detailed release
notes.

* https://github.com/gravitational/teleport/pull/19455
* https://github.com/gravitational/teleport/pull/19456
* https://github.com/gravitational/teleport/pull/19457
* https://github.com/gravitational/teleport/pull/19458
* https://github.com/gravitational/teleport/pull/19461
* https://github.com/gravitational/teleport/pull/19462
* https://github.com/gravitational/teleport/pull/19493
 2022-12-21 15:00:23 +00:00
Tobiasz Heller f6f6ebb005
Bring back coreos/pkg indirect (#19491) 2022-12-19 20:46:28 +01:00
Tobiasz Heller 77e10d6ff0
Replace deprecated duo-labs/webauthn with go-webauthn/webauthn (#19476) 2022-12-19 18:07:30 +00:00
rosstimothy 3f52d028fb
Dependency updates (#19329) 
* Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp

Bumps [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) from 0.36.4 to 0.37.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.36.4...zpages/v0.37.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump k8s.io/apiserver from 0.25.4 to 0.26.0

Bumps [k8s.io/apiserver](https://github.com/kubernetes/apiserver) from 0.25.4 to 0.26.0.
- [Release notes](https://github.com/kubernetes/apiserver/releases)
- [Commits](https://github.com/kubernetes/apiserver/compare/v0.25.4...v0.26.0)

---
updated-dependencies:
- dependency-name: k8s.io/apiserver
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump cloud.google.com/go/storage from 1.28.0 to 1.28.1

Bumps [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) from 1.28.0 to 1.28.1.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.28.0...storage/v1.28.1)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/schollz/progressbar/v3 from 3.12.1 to 3.12.2

Bumps [github.com/schollz/progressbar/v3](https://github.com/schollz/progressbar) from 3.12.1 to 3.12.2.
- [Release notes](https://github.com/schollz/progressbar/releases)
- [Commits](https://github.com/schollz/progressbar/compare/v3.12.1...v3.12.2)

---
updated-dependencies:
- dependency-name: github.com/schollz/progressbar/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump cloud.google.com/go/iam from 0.7.0 to 0.8.0

Bumps [cloud.google.com/go/iam](https://github.com/googleapis/google-cloud-go) from 0.7.0 to 0.8.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/v0.7.0...v0.8.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/iam
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump golang.org/x/text from 0.4.0 to 0.5.0

Bumps [golang.org/x/text](https://github.com/golang/text) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tiago Silva <tiago.silva@goteleport.com>
 2022-12-16 21:53:25 +00:00
STeve (Xin) Huang 72d27ec899
Fix an issue tsh throws assertion error on REDIS_REPLY_STATUS for Redis 7 (#19364) 2022-12-15 14:26:02 +00:00
Nic Klaassen 3845dd7ab5
deps: update gravitational/predicate to v1.3.0 (#19213) 
Updating our predicate fork to get support for object methods and binary
expressions within function arguments. These will be useful for
implementing login rules (RFD 78).
 2022-12-09 17:00:42 +00:00
Alan Parra 0ed766bbb8
Tidy Go modules (#19158) 
Should fix some of the CI breakages we are observing.
 2022-12-07 19:27:29 +00:00
Tobiasz Heller d0646d2cdd
Dependency updates (#19139) 
* Bump github.com/bufbuild/connect-go from 1.1.0 to 1.3.2

Bumps [github.com/bufbuild/connect-go](https://github.com/bufbuild/connect-go) from 1.1.0 to 1.3.2.
- [Release notes](https://github.com/bufbuild/connect-go/releases)
- [Commits](https://github.com/bufbuild/connect-go/compare/v1.1.0...v1.3.2)

---
updated-dependencies:
- dependency-name: github.com/bufbuild/connect-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump golang.org/x/sys from 0.2.0 to 0.3.0

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.2.0 to 0.3.0.
- [Release notes](https://github.com/golang/sys/releases)
- [Commits](https://github.com/golang/sys/compare/v0.2.0...v0.3.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump go.opentelemetry.io/otel/sdk from 1.11.1 to 1.11.2

Bumps [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) from 1.11.1 to 1.11.2.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.11.1...v1.11.2)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/aws/aws-sdk-go-v2 from 1.17.1 to 1.17.2

Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.17.1 to 1.17.2.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.17.1...v1.17.2)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump libc from 0.2.137 to 0.2.138

Bumps [libc](https://github.com/rust-lang/libc) from 0.2.137 to 0.2.138.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.137...0.2.138)

---
updated-dependencies:
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace

Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go) from 1.11.1 to 1.11.2.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.11.1...v1.11.2)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump go.opentelemetry.io/otel from 1.11.1 to 1.11.2

Bumps [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) from 1.11.1 to 1.11.2.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.11.1...v1.11.2)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.74.0 to 1.75.0

Bumps [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2) from 1.74.0 to 1.75.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ec2/v1.74.0...service/ec2/v1.75.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ec2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/aws/aws-sdk-go-v2/service/sts from 1.17.5 to 1.17.6

Bumps [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) from 1.17.5 to 1.17.6.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.17.5...config/v1.17.6)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp

Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) from 1.11.1 to 1.11.2.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.11.1...v1.11.2)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/aws/aws-sdk-go-v2/feature/ec2/imds

Bumps [github.com/aws/aws-sdk-go-v2/feature/ec2/imds](https://github.com/aws/aws-sdk-go-v2) from 1.12.19 to 1.12.20.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/credentials/v1.12.19...credentials/v1.12.20)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/feature/ec2/imds
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace in /api

Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go) from 1.11.1 to 1.11.2.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.11.1...v1.11.2)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* go mod tidy

* Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-07 17:27:07 +01:00
Tim Buckley fba02d9f9d
Add a new usage reporter (#18142) 
* [draft] Add a new usage reporter

This adds a new usage reporter service to the auth server. It's
disabled by default in OSS and can only be turned on via startup hook
in Cloud / Enterprise. In OSS, the audit log wrapper is never
configured and any usage events are sent to a no-op discard reporter.

Usage events are defined in prehog and can be sent to the new
UsageReporter Service on the auth server. An audit event wrapper is
used to capture certain events that are otherwise difficult to hook.
Events are anonymized before submission, then held in a non-blocking
queue for batching and submission purposes.

* Remove dead code

* Add SubmitUsageEvent RPC to Auth.

This adds a new SubmitUsageEvent RPC to the Auth API that external
clients (e.g. the UI) can use to submit usage events externally.

* Slight refactor for unit testing

* Add Prometheus metrics and add initial working prehog submitter

* Add more metrics, tweak prehog client, and add unit tests

* Further tweak http transport settings based on Teleport defaults

* Add missing metrics

* Fix goimports

* Add new UI usage events

* Update e ref

* Add prehog directly for now. Improve logging.

* update prehog

* Add new prehog events; use username from request identity

* add HTTP server for user events

* Add username back to pre-onboard events

* unauthenticated user events

* Fix userevent build error

* Use event-provided username where appropriate

* Move barebones prehog reqs to lib/prehog and generate here.

Also, use prod tunable values.

* Fix license lints

* De-flake tests by adding unfortunate amounts of synchronization.

* Add missing license header

* Misc PR cleanup for review

* Update lib/events/usageevents/usageevents.go

Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>

* Address a batch of review comments

Adds `anonymizer.AnonymizeString` and parent loggers

* Update e ref

* Clean up comments

* Remove onboard prefix from recovery code event

* Address another batch of feedback

* Use defaults.HTTPClient()

* Remove a noisy log message

* Demote noisy log message to debug

* Temporarily revert e ref for merge

Co-authored-by: Michelle Bergquist <michelle.bergquist@goteleport.com>
Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>
 2022-12-05 17:13:54 +00:00
Nic Klaassen 149bbdb684
bump github.com/hashicorp/golang-lru to v0.6.0 (#18930) 2022-11-30 23:17:41 +00:00
Nic Klaassen fc82612725
Dependency updates (#18933) 
* Bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.4.3

Bumps [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt) from 4.4.2 to 4.4.3.
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md)
- [Commits](https://github.com/golang-jwt/jwt/compare/v4.4.2...v4.4.3)

---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/aws/aws-sdk-go from 1.44.146 to 1.44.149

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.146 to 1.44.149.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.146...v1.44.149)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/fsouza/fake-gcs-server from 1.40.2 to 1.42.2

Bumps [github.com/fsouza/fake-gcs-server](https://github.com/fsouza/fake-gcs-server) from 1.40.2 to 1.42.2.
- [Release notes](https://github.com/fsouza/fake-gcs-server/releases)
- [Commits](https://github.com/fsouza/fake-gcs-server/compare/v1.40.2...v1.42.2)

---
updated-dependencies:
- dependency-name: github.com/fsouza/fake-gcs-server
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/gocql/gocql from 1.2.1 to 1.3.0

Bumps [github.com/gocql/gocql](https://github.com/gocql/gocql) from 1.2.1 to 1.3.0.
- [Release notes](https://github.com/gocql/gocql/releases)
- [Changelog](https://github.com/gocql/gocql/blob/master/CHANGELOG.md)
- [Commits](https://github.com/gocql/gocql/compare/v1.2.1...v1.3.0)

---
updated-dependencies:
- dependency-name: github.com/gocql/gocql
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.72.1 to 1.74.0

Bumps [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2) from 1.72.1 to 1.74.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ec2/v1.72.1...service/ec2/v1.74.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ec2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* go mod tidy

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-11-30 14:07:02 -05:00
Alan Parra 118c91f4c2
Bump Go dependencies (#18819) 
Manually bump Go dependency versions, directs only.

A few release logs for bumps that caught the eye:

* https://github.com/grpc/grpc-go/releases/tag/v1.51.0
* https://github.com/elastic/go-elasticsearch/blob/main/CHANGELOG.md
* https://github.com/go-redis/redis/blob/master/CHANGELOG.md
* https://github.com/moby/term/commits/master
 2022-11-29 13:31:58 +00:00
Gabriel Corado fa15a7c4c4
Azure SQL Server auto discovery (#17745) 2022-11-28 15:02:49 +00:00
Forrest Marshall 37c1539387 bump etcd client 2022-11-22 14:24:18 -08:00
Alan Parra c09792fd4a
Add warning about /x/crypto v0.3.0+ updates (#18570) 
[A recent /x/crypto commit][1] breaks compatibility with OpenSSH <=7.6, so we
are adding a warning to avoid bumping crypto until that is solved.

As a last resort we have https://github.com/gravitational/crypto, but we are not
using it yet.

[1]: 6fad3dfc18
 2022-11-17 19:56:32 +00:00
Alan Parra 2a25c3eeda
Bump Go dependencies (#18531) 
Update minor/patch versions of direct dependencies.

Changelogs (minor bumps):

* https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md
* https://github.com/aws/aws-sdk-go-v2/blob/main/config/CHANGELOG.md
* https://github.com/aws/aws-sdk-go-v2/blob/main/credentials/CHANGELOG.md
* https://github.com/googleapis/gax-go/blob/main/v2/CHANGES.md
* https://github.com/mdlayher/netlink/blob/main/CHANGELOG.md
 2022-11-17 17:46:51 +00:00
Zac Bergquist da7680ad0b
Use x/exp/slices instead of home grown utilities (#18524) 
We were inconsistent throughout the codebase and would sometimes
use the slices package and other times use our own equivalents
in api/.

This removes our versions in favor of the golang.org/x package that
does the same, which has the added benefit of reducing the surface
area of the public API module.

Note: despite existing uses of the slices package, for some reason
it didn't show up in go.mod or go.sum. Fixed that too.
 2022-11-17 15:25:46 +00:00
Tiago Silva e868d2e9e8
Adds GCP GKE auto-discovery (#17831) 
This PR presents a watcher for automatic `kube_cluster` discovery for GCP GKE clusters. Given an identity with access to the GCP cloud, the auto-discovery service will scan the cloud and register all clusters available in Kubernetes Engine.

Once the discovery service creates a `kube_cluster` on the Auth Server, the Kubernetes Service will start serving it. The credentials used to access the cluster are short-lived and generated through Google OAuth2 associated with the GCP Service Account configured for the Kubernetes Service.

GCP's Service Account must have the following role def attached:

```yaml
description: 'GKE Auto-Discovery'
includedPermissions:
- container.clusters.impersonate
- container.clusters.get
- container.clusters.list
- container.pods.get
- container.selfSubjectAccessReviews.create
- container.selfSubjectRulesReviews.create
name: projects/{projectID}/roles/GKEKubernetesAutoDisc
stage: GA
title: GKEKubernetesAutoDisc
```

Part of #16135, #13376
Related to  #12048, #16276, #16281, #16633, #14991
 2022-11-11 18:10:29 +00:00
Nic Klaassen bfbb71734d
feat: add GCP KMS support for Teleport CA key material (#17933) 
* feat: add GCP KMS support for Teleport CA key material

This commit implements support for GCP KMS as a backend for CA
operations in Teleport.

This is able to take advantage of much of the infrastucture that we have
already created for HSM support, and simply appears as a new backend for
the private key material.

The necessary configuration parameters include only the name of the KMS
keyring to use, and the protection level (which can be HSM or SOFTWARE).
These are configured in the teleport.yaml directly, in a new section
under the existing `ca_key_params` used for HSM configuration.

The GCP credentials are expected to be provided to the Teleport auth
server via the
[Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc).
This means that it "just works" if the auth server is running on a GCP
compute instance with the correct attached role, and you can run tests
locally by authenticating with `gcloud auth login`.

This does not support Teleport Cloud, as our current HSM support does
not, because the Auth server needs the configuration and the access to
the GCP account. That would be a larger effort probably requiring a new
Teleport service.
 2022-11-11 00:03:49 +00:00
STeve (Xin) Huang e2f0b3a39f
attempt to fix TestProxyProtocolRedis flakiness (#18273) 2022-11-09 19:53:44 +00:00
Alan Parra 2ad0c04542
Bump Go dependencies (#18267) 
Pull in dependency updates from the past few weeks.

Done using `go get -u ./...`, with some manual cherry-picking to avoid
[problematic/forked modules][1].

google-cloud-go proto migration guide:
https://github.com/googleapis/google-cloud-go/blob/main/migration.md.

[1]: https://github.com/gravitational/teleport/blob/master/.github/dependabot.yml#L7
 2022-11-08 20:31:08 +00:00
Michael Wilson 31ca8f3e22
Bump oxy version to address double question mark issue. (#17931) 
When URLs are terminated with a question mark, Teleport no longer adds two
question marks to the end.
 2022-10-31 15:46:29 +00:00
Tobiasz Heller 58a0601ed7
Dependency updates (#17788) 
* Bump libc from 0.2.135 to 0.2.136
* Bump k8s.io/apiserver from 0.25.2 to 0.25.3
* Bump github.com/aws/aws-sdk-go-v2/feature/ec2/imds
* Bump github.com/aws/aws-sdk-go-v2/service/sts from 1.16.19 to 1.17.1
* Bump github.com/golang-jwt/jwt/v4 from 4.2.0 to 4.4.2
* Bump go.opentelemetry.io/otel/sdk from 1.11.0 to 1.11.1
* Bump github.com/aws/aws-sdk-go-v2/credentials from 1.12.21 to 1.12.23
* Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.63.1 to 1.63.3
* Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
* Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 in /api
* Bump go.opentelemetry.io/otel/sdk from 1.11.0 to 1.11.1 in /api
* Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
* Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
* Bump github.com/aws/aws-sdk-go from 1.44.117 to 1.44.123
 2022-10-26 16:02:25 +02:00
STeve (Xin) Huang f88d76a3f3
Fix an issue Redis access fails when connecting to Redis 7.0 in cluster mode (#17673) 2022-10-25 20:13:27 +00:00
Gabriel Corado 65c022893d
Add Azure AD user managed identity authentication for SQL server (#17142) 2022-10-21 15:06:51 +00:00
Nic Klaassen 09773205f7
Dependency updates (#17605) 
* Bump k8s.io/api from 0.25.2 to 0.25.3

Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.25.2 to 0.25.3.
- [Release notes](https://github.com/kubernetes/api/releases)
- [Commits](https://github.com/kubernetes/api/compare/v0.25.2...v0.25.3)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/aws/aws-sdk-go from 1.44.114 to 1.44.117

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.114 to 1.44.117.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.114...v1.44.117)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump k8s.io/client-go from 0.25.2 to 0.25.3

Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.25.2 to 0.25.3.
- [Release notes](https://github.com/kubernetes/client-go/releases)
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.25.2...v0.25.3)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc

Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.10.0...v1.11.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump k8s.io/kubectl from 0.25.2 to 0.25.3

Bumps [k8s.io/kubectl](https://github.com/kubernetes/kubectl) from 0.25.2 to 0.25.3.
- [Release notes](https://github.com/kubernetes/kubectl/releases)
- [Commits](https://github.com/kubernetes/kubectl/compare/v0.25.2...v0.25.3)

---
updated-dependencies:
- dependency-name: k8s.io/kubectl
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp

Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.10.0...v1.11.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump golang.org/x/text from 0.3.7 to 0.4.0

Bumps [golang.org/x/text](https://github.com/golang/text) from 0.3.7 to 0.4.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.3.7...v0.4.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump go.opentelemetry.io/otel/sdk from 1.10.0 to 1.11.0

Bumps [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.10.0...v1.11.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump google.golang.org/grpc from 1.50.0 to 1.50.1

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.50.0 to 1.50.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.50.0...v1.50.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace

Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.10.0...v1.11.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp

Bumps [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) from 0.36.1 to 0.36.3.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.36.1...zpages/v0.36.3)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc

Bumps [go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc](https://github.com/open-telemetry/opentelemetry-go-contrib) from 0.36.1 to 0.36.3.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.36.1...zpages/v0.36.3)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump go.opentelemetry.io/otel/sdk from 1.10.0 to 1.11.0 in /api

Bumps [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.10.0...v1.11.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace in /api

Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.10.0...v1.11.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump google.golang.org/grpc from 1.50.0 to 1.50.1 in /api

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.50.0 to 1.50.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.50.0...v1.50.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc

Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.10.0...v1.11.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump go.opentelemetry.io/otel/trace from 1.10.0 to 1.11.0 in /api

Bumps [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.10.0...v1.11.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump go.opentelemetry.io/otel from 1.10.0 to 1.11.0 in /api

Bumps [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.10.0...v1.11.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* go mod tidy

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-20 15:27:25 +00:00
Alan Parra 6d0b1c3119
Bump AWS SDK dependencies (#17279) 
Bumps:

* github.com/aws/aws-sdk-go to v1.44.114
* github.com/aws/aws-sdk-go-v2/service/ec2 to v1.63.1
 2022-10-13 15:14:03 +00:00
Michael Wilson 756eb91ede
Add X-Forwarded-SSL and X-Forwarded-Port to appaccess. (#16965) 
* Add X-Forwarded-SSL and X-Forwarded-Port to appaccess.

Application Access now adds in X-Forwarded-Ssl and X-Forwarded-Port headers.
Tests have been added and adjusted to look for these new headers as well.

* Update lib/srv/app/header_rewriter.go

Co-authored-by: Ryan Clark <ryan.clark@goteleport.com>

* Update integration/appaccess/fixtures.go

Co-authored-by: Roman Tkachenko <roman@goteleport.com>

* Remove common.XForwardedPort

* Change order of websocket delegates.

* Make ReservedHeaders more future-proofed.
 2022-10-12 16:54:53 +00:00
Tiago Silva 249a4c5595
Adds Azure AKS auto-discovery (#16633) 
This PR presents a watcher for automatic  `kube_cluster` discovery for Azure AKS clusters. Given a user with access to the Azure cloud, the auto-discovery service will scan the cloud and register all clusters available in AKS .

Once the discovery service creates a `kube_cluster` in Auth Server, the Kubernetes Service will start serving it. The credentials used to access the cluster depend on the different AKS clusters configurations:

# Authentication 
## Local Accounts

If the AKS cluster auth is based on local accounts created during the provisioning phase of the cluster, the agent will use the [`aks:ListClusterUserCredentials`](https://learn.microsoft.com/en-us/rest/api/aks/managed-clusters/list-cluster-user-credentials?tabs=HTTP) endpoint. 

This endpoint returns a `kubeconfig` fully populated with user credentials that Teleport can use to access the cluster.

## AZ Active Directory

When AZ active directory integration is enabled, Azure allows login with AD users. Azure forces the login to happen with dynamic short-lived user tokens. These tokens are generated by calling `credentials.GetToken` with a fixed Scope: `6dae42f8-4368-4678-94ff-3960e28e3630` and with the cluster's `tenant_id`. The token contains the user details as well as `group_ids` to match with authorization rules.

```go
// getAzureToken generates an authentication token for clusters with AD enabled.
func (a *aKSClient) getAzureToken(ctx context.Context, tentantID string, clientCfg *rest.Config) (time.Time, error) {
	const (
		azureManagedClusterScope = "6dae42f8-4368-4678-94ff-3960e28e3630"
	)
	cred, err := a.azIdentity(&azidentity.DefaultAzureCredentialOptions{
		TenantID: tentantID,
	})
	if err != nil {
		return time.Time{}, trace.Wrap(ConvertResponseError(err))
	}

	cliAccessToken, err := cred.GetToken(ctx, policy.TokenRequestOptions{
		// azureManagedClusterScope is a fixed scope that identifies azure AKS managed clusters.
		Scopes: []string{azureManagedClusterScope},
	},
	)
	if err != nil {
		return time.Time{}, trace.Wrap(ConvertResponseError(err))
	}
	// reset the old exec provider credentials
	clientCfg.ExecProvider = nil
	clientCfg.BearerToken = cliAccessToken.Token

	return cliAccessToken.ExpiresOn, nil
}
```

# Authorization

## Local Accounts
The [`aks:ListClusterUserCredentials`](https://learn.microsoft.com/en-us/rest/api/aks/managed-clusters/list-cluster-user-credentials?tabs=HTTP) endpoint returns credentials with enough permissions for Teleport to enroll the cluster.

## AZ AD 

### Azure RBAC

When Azure RBAC mode is enabled, the cluster authorization is based on rules specified in the Azure Identity permissions. 

The AZ group associated with the AZ identity the Teleport Process is running has to define the following permissions:

```json
{
    "Name": "AKS Teleport Discovery Permissions",
    "Description": "Required permissions for Teleport auto-discovery.",
    "Actions": [],
    "NotActions": [],
    "DataActions": [
      "Microsoft.ContainerService/managedClusters/pods/read",
      "Microsoft.ContainerService/managedClusters/users/impersonate/action",
      "Microsoft.ContainerService/managedClusters/groups/impersonate/action",
      "Microsoft.ContainerService/managedClusters/serviceaccounts/impersonate/action",
      "Microsoft.ContainerService/managedClusters/authorization.k8s.io/selfsubjectaccessreviews/write",
      "Microsoft.ContainerService/managedClusters/authorization.k8s.io/selfsubjectrulesreviews/write",
    ],
    "NotDataActions": [],
    "assignableScopes": [
        "/subscriptions/{subscription_id}"
    ]
}
```

If correctly specified, the Azure authentication service automatically grants access to any cluster within  `subscription_id` 
 without any other definition. On the other hand, if it's incorrectly configured, an error is triggered but Teleport cannot gain access to the cluster.


### Kubernetes RBAC

If AZ RBAC integration is disabled, the authorization to the cluster is processed by Kubernetes RBAC. This is done by matching the Az Identity principals (`group_ids`) with `Role`, `ClusterRole` objects that live in the AKS cluster.  This mode requires that the `ClusterRole` and `ClusterRoleBinding` must exist and must be well configured for each cluster to enroll.

```yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: teleport-role
rules:
- apiGroups:
  - ""
  resources:
  - users
  - groups
  - serviceaccounts
  verbs:
  - impersonate
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - get
- apiGroups:
  - "authorization.k8s.io"
  resources:
  - selfsubjectaccessreviews
  - selfsubjectrulesreviews
  verbs:
  - create
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: teleport-role-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: teleport-role
subjects:
- kind: Group
  name: {group_name}
  apiGroup: rbac.authorization.k8s.io
```

#### `ClusterRole` and `ClusterRoleBinding` configured

If cluster operators or previous Teleport run has configured access to the cluster, no further action is required since Teleport already has access to the cluster.

#### Cluster `aks:ListClusterAdminCredentials` returns valid credentials

If the Teleport process has access to [`aks:ListClusterAdminCredentials`](https://learn.microsoft.com/en-us/rest/api/aks/managed-clusters/list-cluster-admin-credentials?tabs=HTTP) and the endpoint returns valid cluster admin credentials, Teleport will automatically create the  `ClusterRole` and `ClusterRoleBinding` objects in the cluster configured to the `group_id` that is listed in the access token. In order to extract the `group_id` from the token, Teleport parses the JWT claims and extracts the first element.

If the object creation was successful, Teleport can access it, otherwise, it will use the `aks:BeginRunCommand` method to try to configure access to itself.

#### Cluster `aks:BeginRunCommand` returns valid credentials

When we reach this mode, Teleport tries to run a `kubectl` command against the cluster to configure the `ClusterRole` and `ClusterRoleBinding`. `aks:BeginRunCommand` allows any user with access to that endpoint to run arbitrary commands in the cluster (commands cannot be validated). Teleport will use it as the last resource to configure the access to itself.

If the command failed, Teleport cannot grant access to the cluster and an error is returned.

# UX

Currently, to discover AKS  resources created and to have them dynamically served by the `kubernetes_service`one can define the following configuration.

```yaml
discovery_service:
   enabled: true
  azure:
  - subscriptions: ["*"]
    types: ["aks"]
    regions: ["*"]
    tags:
      '*': '*'

kubernetes_service:
   enabled: true

   resources:
       labels:
           '*': '*'
```

# Future work
- Support AWS dynamic authentication

Part of #16135, #13376  
Related to  #12048, #16276, #16281
 2022-10-11 21:37:50 +00:00
dependabot[bot] 38a07a6400
Bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.1.3 to 1.1.4 (#17251) 
Bumps [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go) from 1.1.3 to 1.1.4.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.1.3...sdk/azcore/v1.1.4)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-11 17:17:42 +00:00
dependabot[bot] 277f50311a
Bump go.mongodb.org/mongo-driver from 1.10.2 to 1.10.3 (#17249) 
Bumps [go.mongodb.org/mongo-driver](https://github.com/mongodb/mongo-go-driver) from 1.10.2 to 1.10.3.
- [Release notes](https://github.com/mongodb/mongo-go-driver/releases)
- [Commits](https://github.com/mongodb/mongo-go-driver/compare/v1.10.2...v1.10.3)

---
updated-dependencies:
- dependency-name: go.mongodb.org/mongo-driver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-11 16:49:59 +00:00
Alan Parra f9f0ca339e
Bump grpc-related dependencies (#17265) 
Bumps:

* protoc to v3.20.3
* protoc-gen-go to v1.5.2 (github.com/google/protobuf version, Teleterm only)
* google.golang.org/grpc to v1.50.0
* google.golang.org/grpc/examples
 2022-10-11 14:29:01 +00:00
Marek Smoliński 7aa224e430
Add Cassandra/Scylla database support (#15895) 2022-10-10 12:37:51 +02:00
Edoardo Spadolini 4feb7d1506
Remove azsessions (#17055) 2022-10-07 09:24:30 +00:00
Alan Parra dbcf17f7cd
Tidy Go modules (#17089) 
Dependabot wrongly removes e/ imports when tidying, as it doesn't have access to
it. Add a file to capture such imports and tidy again.
 2022-10-05 20:34:23 +00:00
dependabot[bot] b17604ee83
Bump github.com/fsouza/fake-gcs-server from 1.19.5 to 1.40.2 (#16972) 
Bumps [github.com/fsouza/fake-gcs-server](https://github.com/fsouza/fake-gcs-server) from 1.19.5 to 1.40.2.
- [Release notes](https://github.com/fsouza/fake-gcs-server/releases)
- [Commits](https://github.com/fsouza/fake-gcs-server/compare/v1.19.5...v1.40.2)

---
updated-dependencies:
- dependency-name: github.com/fsouza/fake-gcs-server
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-05 18:08:10 +00:00
Alan Parra 4d83ec85f7
Bump github.com/aws/ dependencies (#17021) 
Combines the following Dependabot PRs:

* https://github.com/gravitational/teleport/pull/17008
* https://github.com/gravitational/teleport/pull/17009
 2022-10-05 17:57:44 +00:00