* Upgrade mongodb to v1.11.6
Includes some minor code changes around how the mongodb topology is configured.
This drops support for MongoDB prior to version 3.6. For that reason unit tests don't currently pass.
* access_test: Update MongoDB supported wire versions
Removes support for MongoDB prior to version 3.6
* Fixes after rebase (more needed changes for auth implementation)
* Upgrade mongo to just release 1.11.7 tag
The `/docs/cloud` redirect was 404ing because
`/docs/choose-an-edition/teleport-cloud/` does not correspond to a page
within the docs. This updates the redirects for this and similar
configurations.
In order to include embeddings in the Assist conversations, we need a way to store and retrieve when needed. This PR adds vector store/search implementation based on k-d tree.
* tooling: Refactor render-tests
Refactor render-tests to simplify and group the logic prior to adding a
mode to report flaky tests. No additional functionality has been added,
but the coverage detection has been fixed as the regexp was incorrect
(presumably the output format changed).
* tooling: Rework render-tests counting
Rework the counting of pass/fail/skip events in render-test to record
these counts at the test and package level instead of a single status of
pass/fail/skip. This will allow us to accumulate results from more than
one test run to be able to test for flaky tests.
Tally and output package and test counts separately as previously it was
technically incorrect when it said "n tests passed", as that also
included package results. This may make it a little clearer just how
much is failing when a failure occurs.
* tooling: Add flakiness mode to render-tests
Add a `-report-by flakiness` mode to `render-tests` that can accumulate
multiple test runs and report the top N flaky tests. This mode is
intended to be used in a daily run of the tests for a couple of hours,
or perhaps 200 times, and to report on the tests that have failed the
most.
The output of multiple test runs should be fed into the single run of
`render-tests`. A `rerun` utility is forthcoming with which you could
do:
rerun -n 200 -t 2h go test -shuffle on -cover -json . | \
render-tests -report-by flakiness -top 10
* tooling: Have render-tests write summary to file
Add the `-summary-file` flag to have render-tests write a summary of the
test run to the specified file. This is to be used to get a flaky test
summary that can be sent on slack via CI (GitHub Actions).
* tooling: Add rerun command for multiple test runs
Add a `rerun` command that is intended to be used to run tests multiple
times for a duration. It allows `go test -json` to be run many times
with the output piped to `render-tests -report-by flakiness` to generate
a summary of flaky tests over a large number of runs.
* Revert the removal of quintush/helm-unittest
Commit 5d53c91c7a removed
quintush/helm-unittest from the buildbox. It seems we still need that
version so revert those hunks that removed it.
* tests: Fix invalid sudoers file test
Fix the invalid sudoers file test to not look for an exact string but
just a substring. The error message has changed from Ubuntu 20.04 to
22.04 and it has removed some extra wording.
After moving the Connect to a separate Docker image https://github.com/gravitational/teleport/pull/27175 we're able to use the latest ubuntu LTS on our build image. We're not using this image to produce any releases (only CI runs), so updating the image will have no effect on our releases.
Closes#25170
Since we want to keep docs on configuring Teleport's backends within the
Backend Reference, add a Notice to this reference in the DynamoDB
section.
* Move Cloud Matchers to proto
As described in RFD0125, we are going to create a new resource:
DiscoveryConfig
This new resource will contain the Cloud Matchers as spec fields:
- AWSMatcher
- AzureMatcher
- GCPMatcher
To define grpc methods that use this new resource, we must create all
the matchers types as part of the proto definition.
This PR moves those definitions into types.pb.go and removes them from
`lib/services.{AWS,Azure,GCP}Matcher`.
This should have no side effect in business logic given that we re-use
the same field names everywhere.
* remove most of gogo tags
* Revert "remove most of gogo tags"
This reverts commit 5ecf8d0cec.
* fix typos
* Converts the default Content-Security-Policy representation to a map
which makes it easier to programmatically add-to/overwrite the defaults
for special cases.
Also adds tests for the various custom CSPs.
* Alphabetize CSP directives for ease of testing/debugging in the future
* makes maps more easily composable
* making string concatenation more efficient
* code review tweaks
* plain require.Contains
* feat: device resource in tctl get all
* check for device resource but ignore in favour of enterprise resource migration
* add firstStart indicator in auth service config. Tests
* remove device bootstrap from this PR
* multiple updates:
- remove resource marshaler, this will be added to e repo instead
- remove device resource checks in oss (not needed as resource marshaler now added to e). tests removed
* move device marshalers to service package
* run fix-imports, fix test
* remove device case from itemsFromResource
* Trim yum release version in install-linux.mdx
Fixes#20978
The `$VERSION_ID` variable we tell users to use when adding our yum repo
is incorrect, since it does not include a minor version. This
quick-and-dirty fix instructs users to trim `$VERSION_ID` to include
only the major version before adding the repo.
* lint fixes
---------
Co-authored-by: Steven Martin <steven@goteleport.com>
* docs(db): add section on how to configure mongo atlas aws iam auth
* Apply suggestions from code review
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
* docs(mongodb-atlas): code review changes
---------
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
* include changelog for docs tests
* correct capitalization for file type
Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
* include CHANGELOG.md as ignored in bypass
---------
Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
* Docs: improve Postgres in GCP
Add `auth_token` in `teleport.yaml` example.
Show how to set the `GOOGLE_APPLICATION_CREDENTIALS` in a `systemd` env.
* suggest the usage of EnvironmentFile
* Move Connect build to a new Docker container
* Update comments
* Update comments
Remove unused packages and unused arguments
* Always use UID=1000 for building teleterm.
* feat: support authenticating with AWS IAM for MongoDB Atlas
* chore(lint): fix errors
* test(tsh): add missing database field
* refactor(mongodb): check for error on each authenticator branch
* refactor(mongodb): update log messages and atlas check
* refactor(auth): use IsRoleARN helper instead of IsARN
* chore(db): remove unused line
* chore(mongodb): split authenticator func
* refactor(db): rename get atlas token function
* tests(db): reuse already existent auth property
* chore(mongodb): add docs reference
* refactor(db): support role chaining
* feat(types): "require" iam role for atlas users
* refactor(db): use external id only on the first session
* refactor(services): add new database matcher for regular users and aws
* chore(db): rename functions to be more assertive
* chore(types): fix lint
* test(db): remove duplicated test
The test being removed here is covered by `TestMongoDBAtlas`
(lib/srv/db/auth_test.go).
* Start breaking apart bot renewal loops
* Refactor initial bot identity fetching
* Tidy up some log messages
* Add renewal loop for bot identity
* Tidy up logging
* Add channel broadcaster so multiple can listen
* Fix compilation
* Ensure template instructions include join-method
* Fail harder for template failure to render
* More graceful failure to describe identity
* support partial renewals of bot identity
* Move methods to helper functions to avoid potential state confusion
* Simplify how template renderers access the bot
* Simplify bot mock in tbot/config tests
* Add integration test for whole bot
* Further tidying of test
* Fix operator sidecar bot invocations
* Fix anonymous telemetry testing
* Ensure we always return the unlock
* Nicer error message
* Use better naming for provider/organise impersonated_identity file
* Ensure impersonated client closed on failure
* Close testclient after initialize complete
* Fix tests in main package
* Missing license header
* Allow join method to be omitted for `tbot init`
* Use correct limit in log messages for bot identity renewal
* Propagate new identity before persisting it to disk
* Move warning about renewal interval
* document unsubscribe
* Support SIGHUP again
* * Refactor tool/tsh to enable tsh e2e tests outside of the tsh package.
* Add tool/teleport/testenv to enable easier e2e tests from outside
packages.
* Skip all flaky test checks when * is provided.
* [Assist] Do not parse event data is there is none
If there is no session data UI should not try to parse them, otherwise it will crash as this happens currently.
* Move more code.
* Update web/packages/teleport/src/Assist/contexts/messages.tsx
Co-authored-by: Lisa Kim <lisa@goteleport.com>
---------
Co-authored-by: Lisa Kim <lisa@goteleport.com>
* Document new Okta import rule regexes.
Okta import rules now support regex matching for label application.
* Use a better word for the example regex.