Cluster name can be missing in profiles created by older tsh versions.
Trying to load the client.Key without a cluster name now causes a
failure when using WithAllCerts (because ssh/db/kube certs are
per-cluster).
Also added some output to `tsh status` when no profiles can be loaded.
* Revert "darwin fips builds (#5866)"
This reverts commit 32ac67db06.
* Remove GO_BINARY references
* Re-add dronegen changes for commands/image
* make dronegen
* Update e ref
* Re-add package signing/notarization for full MacOS builds
* ssh: fix relogin with jumphosts
Several fixes to make `tsh ssh -J leaf.proxy.com` work if the root cert
is missing/expired.
* Address review feedback
Correctly parse trusted CAs on GetKey.
Move retry without jumphosts from relogin to UpdateClusterCAs.
* Remove TelpoertClient.AuthMethods override on relogin
It doesn't seem to break anything.
* Open Sources Access Controls Docs (#6188)
Moves RBAC to a separate access controls section,
adds a couple of guides and prepares
the structure for more content.
* Fix href links
```diff
~/.tsh/
└── keys
├── one.example.com --> Proxy hostname
│ ├── certs.pem --> TLS CA certs for the Teleport CA
│ ├── foo --> RSA Private Key for user "foo"
│ ├── foo.pub --> Public Key
- │ ├── foo-cert.pub --> SSH certificate for proxies and nodes
│ ├── foo-x509.pem --> TLS client certificate for Auth Server
+ │ ├── foo-ssh --> SSH certs for user "foo"
+ │ │ ├── root-cert.pub --> SSH cert for Teleport cluster "root"
+ │ │ └── leaf-cert.pub --> SSH cert for Teleport cluster "leaf"
```
When `-J` is provided, this also loads/reissues the SSH cert for the cluster associated with the jumphost's certificate. Fixes#5637.
* Switch to go1.16. Use embed package to embed webassets instead of ad-hoc attaching to binary
* Fix pipeline duplicate step error
* Resolve duplicate pipeline step name error. Explicitly define platform for 'exec' pipelines. Remove the uid/gid environment from 'exec' pipelines as redundant.
* Set proper dependencies when building darwin package fips pipelines. Use enterprise build directory for tsh
* Address review comments
Username is the teleport username (either from SSO or for local user).
SSH login name is one of the OS logins allowed for the user.
In a user cert request, Username means the former, not the latter.
* Update Go runtime to 1.16.2 and bump the boringcrypto version correspondingly for linux FIPS builds
* Address review comments
* Don't fail if buildbox image is not present
* Update other go1.15.5 references not yet handled by dronegen
* Build from source on CentOS 6
Co-authored-by: Gus Luxton <gus@goteleport.com>
* fix race in filelog
* Fixed data race in Audit Log.
Fixed data race in Audit Log where Close and EmitAuditEvent race during
tests. Use a RWMutex to protect the local log to prevent race.
Co-authored-by: Forrest Marshall <forrest@gravitational.com>