self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-22 10:13:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
5643 commits 3221 branches 4173 tags 1.3 GiB
Commit graph

5643 commits

This branch
This branch
All branches
Author SHA1 Message Date
Sasha Klizhentas 4c2e221b44 Adds cloud and database preview pages 
Creates preview navigation section.
Adds cloud preview pages.
 2020-11-30 14:45:02 -08:00
Gus Luxton c59293675a
Implement DEB repo creation via Drone (#4996) 2020-11-30 17:44:48 -04:00
Gus Luxton 4dd96115b7
Update quickstart docs (#5006) 2020-11-30 16:28:55 -04:00
Gus Luxton 7936a9234b
[docs] Firestore audit_events_uri needs projectID set otherwise it fails to work (#4983) 2020-11-29 21:17:43 -08:00
Sasha Klizhentas 258c002938 Adds RBAC in OSS proposal 2020-11-28 10:03:15 -08:00
Vladimir Kochnev b911f4b551
Fix JWK kty from "rsa" to "RSA" (#4993) 
JWKS libraries expect it to be "RSA", not "rsa", example:
6cfa98f8ac/src/JwksClient.js (L79-L81)

According to RFCs, "kty" field seems to be case-sensitive, though there
cannot be names matching in a case-insensitive manner:
https://tools.ietf.org/html/rfc7518#section-7.4.1

The list of key types available in RFC 7518:
https://tools.ietf.org/html/rfc7518#section-6.1

Co-authored-by: Gus Luxton <gus@gravitational.com>
 2020-11-27 11:07:41 -04:00
a-palchikov 9b73af55ab
Fix local etcd backend tests (#4986) 
* Fix etcd backend tests to properly skip if etcd is not requested/availalable
* Address review comments
 2020-11-26 13:56:28 +01:00
jane (quin) 6eaaf3a27e
Linear benchmark generator (#4588) 
* benchmark package

* use default config if path is not specified

* progressiveBench as a config method

* implement a main.go approach to run progressive tests

* make teleport client, run specified benchmark

* function and method descriptions

* make teleport client

* testing

* change interface method signatures

* dry up bench.go code, move producer goroutines to own function

* output formatting

* remove yaml

* fix linter errors

* remove print

* PR suggested changes, moved export latency profile functionality to the benchmark package

* PR fixes

* method description

* update testing

* linter

* docs and example

* PR suggestion changes

* PR changes

* wrap errors

* move bench to benchmark & testing updates

* PR changes

* PR suggestions
 2020-11-25 15:47:39 -08:00
Gus Luxton a51596d8d7
Update metrics endpoint from 3434 to default 3000 as per docs (#4955) 2020-11-25 17:47:59 -04:00
Gus Luxton 553d632b2d
Post-release checklist for 5.0 (#4982) 2020-11-25 17:23:00 -04:00
Gus Luxton 22c4915799
[auto] Update AMI IDs for 5.0.0 (#4981) 2020-11-25 17:04:19 -04:00
Gus Luxton ff8d85b9cf
Add Slack notification on failure (#4971) 2020-11-25 16:52:29 -04:00
Andrew Lytvynov c6832ec606
Set server_addr in audit events from connection info (#4985) 
This sets a useful server IP, when no advertise_ip is set. Previously,
the address was taken from the listener, and is usually "0.0.0.0:3022"
or "[::]:3022".

Also, add some test cases in utils for IPv6 handling.
 2020-11-25 12:08:37 -08:00
Ben Arent 09928a7f2b
Cherry pick Gravitational -> GoTeleport (#4932) 2020-11-25 11:18:55 -08:00
Ben Arent 0f38826047
Readme Update (#4967) 
* Readme Update
 2020-11-25 09:45:57 -08:00
a-palchikov e75d158cc4
Trim duration suffix to avoid redundant 0 suffix (#4905) 
* Trim duration suffix to avoid 0 redundancy
* Address review comments
* Fix linter warnings
 2020-11-25 11:55:48 +01:00
Andrew Lytvynov 1159c4ba7b
Adda a helm chart for in-cluster kubernetes_service agent (#4963) 
* Add helm chart for in-cluster kubernetes_service agent

This is a simplified version of the teleport chart, intended to only run
a "stateless" `kubernetes_service` instance within a kubernetes cluster.
This instance joins an externally-managed teleport cluster, given a
proxy address and a join token. The connection is always over a reverse
tunnel, per our recommended approach.

The chart is opinionated and only lets the user modify the bare minimum.

* Apply suggestions from code review

Co-authored-by: Gus Luxton <gus@gravitational.com>

* Move join token into a secret

Secret can be more tightly restricted via RBAC, and encrypted at rest
with KMSs.

Also, a few other small tweaks for UX.

Co-authored-by: Andrew Lytvynov <andrew@gravitational.com>
Co-authored-by: Gus Luxton <gus@gravitational.com>
 2020-11-24 20:20:00 -08:00
Gus Luxton 9e8db67df8 Update CHANGELOG.md 2020-11-24 11:26:35 -08:00
Russell Jones 5e225522d9 Updated CHANGELOG.md. 2020-11-24 11:26:35 -08:00
Ben Arent 1fdf1e6fc4 Updated CHANGELOG.md. 2020-11-24 11:26:35 -08:00
Ben Arent ea508e9f63 Make changelog more easily avabile 2020-11-24 07:44:44 -08:00
Andrew Lytvynov 835bfaa5a1
Add Kubernetes 5.0 migration guide (#4933) 
* Add Kubernetes 5.0 migration guide

This guide lists 3 common pre-5.0 setups and how to migrate them to 5.0.
 2020-11-24 00:15:42 +00:00
Andrew Lytvynov 9ccfab0e96
Use the absolute tsh path in kube exec plugin (#4973) 
Using `os.Args[0]` is unreliable - it could be a relative path (e.g.
running `./build/tsh login ...`). Use `os.Executable()` instead, which
should give an absolute path (minus resolving symlinks).
 2020-11-23 23:18:53 +00:00
Andrew Lytvynov cdf26c74e5
Change log about missing kube clusters on login to debug (#4935) 
This is a totally OK situation in clusters without k8s integration, so
it shouldn't be a warning.
 2020-11-23 18:02:35 +00:00
Ben Arent acd43f0e94
[docs] Add Meta / Desc to Database Access Page (#4962) 2020-11-20 18:40:41 -08:00
Russell Jones e3aaf86753 Updated Application Access RFD. 
Updated Application Access RFD to include a small example program that
can be used to verify a JWT.
 2020-11-20 17:19:18 -08:00
Russell Jones 687c3b7d19 Updated Application Access RFD. 
Added section on Audit Events to RFD.
 2020-11-20 17:00:44 -08:00
Russell Jones d0a202f1bc Added error checking to Application Access CLI. 
Check if both application name and URI are provided when attempting to
join an application service process to a cluster.
 2020-11-20 16:38:52 -08:00
Russell Jones b66ca14f61 Added HTTP method to app.session.request. 
Added HTTP method field to "app.session.request" events.
 2020-11-20 16:38:40 -08:00
Lisa Kim c6fded6b43
[auto] Update webassets in master (#4957) 
2d100fd Grab auth type from config for manual step flag --auth (#201) https://github.com/gravitational/webapps/commit/2d100fd

[source: -w master] [target: -t master]
 2020-11-20 17:14:57 -05:00
Lisa Kim c56df637d1
Add AuthType field for web config (#4946) 2020-11-20 11:21:07 -08:00
Brian Joerger 1439f35902
[docs] Go API Docs CA (#4777) 2020-11-20 10:17:39 -08:00
a-palchikov 673b697da8
Add stdin support to 'tctl create' (#4906) 
* Add stdin support to 'tctl create'
* Address review comments
* Close the file handle on Create if reading from a file
 2020-11-20 18:19:57 +01:00
Ben Arent ce9628dce6
Fix Demo and Application Access (#4927) 2020-11-20 08:59:50 -08:00
Gus Luxton 89feaea7d1
[docs] Update descriptions for short-lived dynamic tokens (#4952) 2020-11-20 08:44:58 -08:00
Gus Luxton e7b8cda3ee
Update Terraform to 0.13 (#4950) 2020-11-20 10:05:23 -04:00
Russell Jones 759455aef4 Updated Application Access Test Plan. 2020-11-19 17:41:39 -08:00
Gus Luxton 626624d46e
Only test internal docs links with milv via Makefile (#4830) 2020-11-19 20:21:05 -04:00
Gus Luxton 3dfc56624b
[auto] Update AMI IDs for 4.4.5 (#4868) 2020-11-19 19:13:23 -04:00
Gus Luxton a2743c1408
Adds a note about installing for MacOS via Homebrew (#4926) 2020-11-19 18:13:46 -04:00
Russell Jones 82e39fae2b Added Application Access support to test plan. 2020-11-19 10:58:41 -08:00
Ben Arent 0f4b5bea72
[docs] Fixes to make milv happy (#4925) 2020-11-19 10:22:48 -08:00
a-palchikov 09064cbc6f
Configure etcd client's message size (#4800) 
* lib/backend/etcdbk: add a configuration attribute to set the client's
send message size limit.
* Update etcd backend section w.r.t new client configuration attribute

Updates https://github.com/gravitational/teleport/issues/4786.
 2020-11-19 14:03:51 +01:00
a-palchikov ab205963f5
Fix typos (#4903) 2020-11-19 13:39:16 +01:00
Ben Arent 524cfa84d9
[docs] Fix theme switcher (#4918) 2020-11-18 20:28:17 -08:00
Ben Arent 338b480155
[docs] Teleport 5.0 Quick Start (#4795) 2020-11-18 17:59:16 -08:00
Ben Arent 5579bef2bb
[docs] Application Access (#4791) 2020-11-18 17:36:20 -08:00
Forrest Marshall 5ad1a9025c fix early watcher closure 2020-11-18 15:40:56 -08:00
Forrest Marshall 68adee36a9 fix tsh login with trusted clusters 2020-11-18 15:40:56 -08:00
Andrew Lytvynov 645ac573c5
UX improvements for kube CLI interactions (#4893) 
- 'tsh kube login' fetches the latest list of kube clusters instead of
  only using existing kubeconfig contexts.
  This makes 'tsh kube login' succeed when a kube cluster was added
  after last 'tsh login'.
- 'tsh kube ls' no longer wrongly marks selected clusters, if they
  weren't generated by tsh.
- 'tctl rm' now works with kube_service objects.
- 'tsh login' now updates kubeconfig entries when a login session is
  already active
- 'teleport.yaml' now uses 'labels' and 'commands' for RBAC labels on
  kubernetes_service; this is consistent with ssh and app services.
 2020-11-18 22:31:04 +00:00