Alexander Klizhentas
2a7fe213b8
Move introductions to the appropriate sections ( #6456 )
2021-04-14 17:06:57 -07:00
Andrew Lytvynov
205e811c4d
Fix infinite recursion in client.Config.WebProxyHostPort
...
Also fix the very lax `utils.ParseAddr` logic for addresses without `://`.
Just noticed this during unrelated code review, it's not a known bug.
2021-04-14 23:30:35 +00:00
a-palchikov
3d459db6d3
Test flakes: use ordering tests for keep alives ( #5358 )
...
* Evaluate watcher events to decide whether keep-alives are effective
instead of relying on arbitrary TTLs (implemented as absolute time which
adds to trouble).
Fixes https://github.com/gravitational/teleport/issues/5346 .
* Replace the approximate expire timestamps comparisons with the ordering tests
* Address review comments. Move ordered keep-alive tests back to backend/test/suite
* Use an alternative implementation of FakeClock.Advance for etcd to use real time.Sleep as etcd server cannot use fakeclock
* Address review comments
* Use fake clock in firestore tests
* Add missing import
Co-authored-by: Andrew Lytvynov <andrew@goteleport.com>
2021-04-14 14:47:14 -07:00
Roman Tkachenko
8230d6e436
Capture postgres extended protocol messages in audit log ( #6303 )
2021-04-14 13:39:59 -07:00
Lisa Kim
1880147bd4
[auto] Update webassets in master ( #6436 )
...
88f2044 Type and style tweaks and add unix display date (#257 ) https://github.com/gravitational/webapps/commit/88f2044
[source: -w master] [target: -t master]
note: billing usage summary and chart
2021-04-13 15:41:50 -07:00
Steven Martin
39cafd6a1c
Added reverse tunnel port info to teleport-kube-agent readme ( #5621 )
2021-04-13 13:55:10 -07:00
Forrest Marshall
63a6955c44
RFD 0026 - Custom Approval Conditions ( #5071 )
2021-04-13 13:42:27 -07:00
Brian Joerger
11594a0418
Update docs on oidc prompt logic for 6.1+. ( #6427 )
2021-04-13 11:18:29 -07:00
Joel Wejdenstål
f17e029849
RFD 24: DynamoDB Audit Event Overflow Handling ( #6359 )
...
* added rfd 24
2021-04-12 22:39:38 +02:00
Gus Luxton
16cfe3003d
Forward-port 6.1.1 CHANGELOG ( #6417 )
2021-04-12 13:33:05 -07:00
Andrej Tokarčík
f078e54ab9
RFD 16: Reserve the origin
label for system use ( #6157 )
2021-04-12 10:57:37 -07:00
Andrew Lytvynov
6db37df515
drone: allow ARM builds in reprepro config ( #6392 )
2021-04-12 09:47:41 -07:00
Joel Wejdenstål
47fa2f98fe
Set status of RFD 18 to implemented. ( #6358 )
...
Co-authored-by: Alexander Klizhentas <klizhentas@gmail.com>
2021-04-11 08:44:00 -07:00
Alexey Ivanov
80350d70ba
Add new syntax description to the docs ( #6384 )
...
Co-authored-by: Alexander Klizhentas <klizhentas@gmail.com>
2021-04-09 20:38:48 -07:00
Alexey Ivanov
ee4038812a
Rename images to match logical pixels ( #6381 )
...
Co-authored-by: Alexander Klizhentas <klizhentas@gmail.com>
2021-04-09 20:26:13 -07:00
Ben Arent
583de2f509
Add OpenSSH Video ( #6371 )
2021-04-09 19:35:19 -07:00
Alexander Klizhentas
cfd23e9417
Documents dual authz with Mattermost ( #6400 )
...
Add Cloud SQL guide
Update preview
2021-04-09 17:45:02 -07:00
Russell Jones
0ea35df10c
Updated CHANGELOG.md. ( #6345 )
...
Co-authored-by: Roman Tkachenko <roman@gravitational.com>
2021-04-09 10:44:01 -07:00
Alexander Klizhentas
8cb3ba36b5
Update some variables and links ( #6367 )
2021-04-08 15:56:53 -07:00
Alexander Klizhentas
c4cef19dc2
Documents impersonation ( #6293 ) ( #6365 )
2021-04-08 15:17:42 -07:00
Taylor Wakefield
2d3c03feef
Added Cloud Billing FAQ ( #6363 )
2021-04-08 11:44:14 -07:00
Andrew Lytvynov
87038e1b08
docs: document per-session MFA feature ( #6285 )
...
* docs: document per-session MFA feature
Also, update general U2F configuration docs to explain server-side
configs better.
* docs: move U2F docs to dedicated guides
2021-04-08 11:24:13 -07:00
Andrew Lytvynov
d23fdcb71e
client: load all SSH certs when connecting to proxy
...
`tc.SiteName` does not necessarily point to the cluster we're connecting
to (or that we have certs for). For example `tsh login leaf` will set
`tc.SiteName` as `"leaf"` even though we're connecting to root proxy to
fetch leaf certs.
2021-04-08 16:48:03 +00:00
Gus Luxton
52a29bb63f
helm: Improve linting and add log level override ( #6330 )
2021-04-08 08:02:29 -07:00
Forrest Marshall
e118629367
improve cert rotation periodics
...
* Eliminates spurious leaf cluster CA writes.
* Adds jitters to various periodic operations.
2021-04-07 15:49:27 -07:00
Brian Joerger
5e3f2359a4
Add DialOpts and CallOpts to API client. ( #6301 )
...
* Add DialOpts to client.Config.
* Add callOpts to client and client.WithCallOptions.
* Refactor use of atomic closedFlag.
2021-04-07 14:23:34 -07:00
Brian Joerger
f7b29dd0d2
Fix tctl profile loading logic by adding WithSSHCerts certOption. ( #6336 )
2021-04-07 11:10:46 -07:00
Joel Wejdenstål
28c7163e13
Always set an AuditLog ( #6326 )
2021-04-07 11:47:02 +02:00
Brian Joerger
c396cb8a5d
Propogate user not found error from authenticater. ( #6304 )
2021-04-06 18:33:38 -07:00
Andrew Lytvynov
1e7a369b26
web: fix AccessRequest loading on user cert reissue ( #6264 )
...
Load access requests from SSH cert instead of the profile. The profile
only exists on CLI clients, but not in the proxy.
Note: theoretically, SSH cert may be missing in some cases for CLI
clients. We should eventually encode access requests in TLS certs too,
which are always present.
2021-04-06 16:20:04 -07:00
Alexey Ivanov
3bf8425876
v7.0 syntax update ( #6314 )
...
* Update syntax
# Conflicts:
# docs/pages/enterprise/sso/ssh-google-workspace.mdx
* Run lint and fix lint errors
* Fix include path
2021-04-06 12:16:28 -07:00
Lisa Kim
2b57a97b32
[auto] Update webassets in master ( #6324 )
...
cb1041a Update e-ref: Remove verb update check for access request reviews (#258 ) https://github.com/gravitational/webapps/commit/cb1041a
[source: -w master] [target: -t master]
2021-04-05 17:51:35 -07:00
Ben Arent
a04b377663
Update Google Workspace and Okta Docs ( #6267 )
...
* Update GSuite and Okta Docs
* s/suite/workspace
* Remove use of admin to use editor
2021-04-05 15:45:08 -07:00
Gus Luxton
300499e253
[auto] Update AMI IDs for 6.0.2 ( #6283 )
2021-04-02 20:32:46 -07:00
xacrimon
3d663ab2e8
add fix
2021-04-02 18:30:44 -07:00
Steven Martin
e5e899da13
Remove unused * from Roles output. This was a leftover from a old message about roles and enterprise version. ( #6258 )
2021-04-02 18:09:16 -07:00
Brian Joerger
8ecbefb122
Close leaky direct client. ( #6297 )
2021-04-02 14:04:54 -07:00
Andrew Lytvynov
6d200faecb
tsh: handle missing cluster name in profile ( #6257 )
...
Cluster name can be missing in profiles created by older tsh versions.
Trying to load the client.Key without a cluster name now causes a
failure when using WithAllCerts (because ssh/db/kube certs are
per-cluster).
Also added some output to `tsh status` when no profiles can be loaded.
2021-04-02 11:00:15 -07:00
Andrej Tokarčík
4fde837c59
Don't use OpaqueAccessDenied with CheckAccessToRule ( #6246 )
...
* Don't use OpaqueAccessDenied with CheckAccessToRule
* Fix tls_test
Co-authored-by: Andrew Lytvynov <andrew@goteleport.com>
2021-04-01 10:57:14 -07:00
Yurii Matsiuk
7569413f99
Make authToken optional if secret exists ( #6273 )
...
Co-authored-by: Gus Luxton <webvictim@gmail.com>
Signed-off-by: Yurii Matsiuk <ymatsiuk@users.noreply.github.com>
2021-04-01 14:37:01 -03:00
Gus Luxton
4c9ec23822
Revert "darwin fips builds ( #5866 )" ( #6265 )
...
* Revert "darwin fips builds (#5866 )"
This reverts commit 32ac67db06
.
* Remove GO_BINARY references
* Re-add dronegen changes for commands/image
* make dronegen
* Update e ref
* Re-add package signing/notarization for full MacOS builds
2021-04-01 10:12:53 -07:00
Andrej Tokarčík
e525c94e1c
Delete obsolete stored keys in LocalKeyAgent.AddKey ( #6251 )
...
* Delete obsolete stored keys in LocalKeyAgent.AddKey
* Don't panic when no stored key found
2021-04-01 09:53:15 -07:00
Pierre Beaucamp
1e18bcb76e
Fix regression bug for DynamoDB scaling policy names ( #6259 )
2021-04-01 07:47:19 -07:00
Alexander Klizhentas
4fbb2ba3a7
Adds encrypted token docs ( #6266 ) ( #6269 )
...
Fixes #5996
Adds section on encrypted SAML tokens. Fixes a couple of typos
and missing schema.
Because schema was missing, the connector did not work.
2021-03-31 18:55:20 -07:00
Gus Luxton
6a43a92b0b
dronegen: add buildboxes ( #6197 )
2021-03-31 13:41:51 -07:00
Gus Luxton
e85e465ebf
GitLab Instructions for SSO ( #6190 ) ( #6262 )
...
* Add GitLab link for SSO instructions
Co-authored-by: Steven Martin <steven@gravitational.com>
2021-03-31 13:25:44 -07:00
Gus Luxton
a956a0c279
Ensure webassets are present when running 'make full' on a fresh clone ( #6231 )
2021-03-31 13:11:04 -07:00
Andrew Lytvynov
7be86582de
Parse all CAs in CertPoolFromCertAuthorities
...
Returning certPool prematurely omits all but the first CA cert.
2021-03-31 17:44:48 +00:00
Brian Joerger
826ed676fa
Refactor ssh.ClientConfig used by tctl and API clients to use the first valid principal as User.
2021-03-30 17:53:29 -07:00
Mike Russell
b72c54b231
Update Architecture Overview With Link To User Roles ( #6224 )
...
- updating architecture overview with link to user roles when referring
to user roles in the context of the --roles flag
2021-03-30 17:35:58 -07:00