* WebAPI: update user traits
Web API only supports updating the roles property for a given User.
This PR adds the possibility of updating User's traits
- Logins
- DB Users
- DB Names
- Kube Users
- Kube Groups
- Windows Logins
- AWS Role ARNs
It only updates if the requests contains a non-nil value for the trait's
list.
It deduplicates the trait's list before applying it.
* Start postgres without TLS when multiplexing is disabled
* Add integration test for starting postgres with --insecure-no-tls
* Fix dupe postgres listener mistake
* Log the actual address of listeners
* Remove unnecessary error checking
* Fix tracing exporter endpoints
Ensure that the endpoint provided to the trace clients
are correct even if the configuration doesn't include
the scheme. Prior to this the endpoint always attempted
to remove the scheme prefix, even when one wasn't provided.
Doing so led to the hostname to be altered which caused
some unknown host issues.
This also removes the process and process owner detector
from the tracing resource. Running within a container might
not have a username mapped to the uid which was preventing
tracing from being initialized.
Sets the `Timeout` of the http.Client used by the auth client
to 30s to prevent requests from blocking indefinitely. There
have been several failure scenarios that result in teleport being
completely stuck due to never receiving a response from an
http request. The 30s upper bound should prevent this, while
also being long enough that it shouldn't impact any requests
which may be slow.
Add a credential picker to the tsh FIDO2/WebAuthn backend.
The PR pulls a recent patch in our go-libfido2 fork that makes it correctly
return multiple assertions from the authenticator. This allows us to implement
the credential picker for FIDO2, simplify our implementation and provide the
exact same UX that browsers use (always 1-touch for bio, touch->PIN->touch
otherwise).
I've dropped concepts like "optimistic assertions" and "eager PIN prompts" in
favor of a simple, uniform implementation.
Issue #13901.
* Prompt for credentials in LoginPrompt
* Update go-libfido2
* Implement FIDO2 credential picker
* Drop optimistic assertions, only set user if explicit
* Add license to fido2_prompt_test.go
* pass and preserve a path parameter during the app access authentication process
* added missing semicolons
* more javascript formatting
* removed incorrect path redirect. replace URL with URL.Path
* added a test for HasName
* added another test for default path
* ensure path param is valid path
* build url without string concat
* Add Machine ID enterprise license enforcement
This adds two checks to Machine ID for license enforcement: one on
initial bot create, and another on join.
* Use modules.SetTestModules(); fix failing test