tsh shows clusters alerts for both `tsh login` and `tsh status`.
We intentionally used a short (500ms) timeout to avoid slowing down
`tsh status` which was previously an "offline" command.
As a side effect, cluster alerts would not always show on login if
they took longer than 500ms to fetch.
This change ensures that we always wait for cluster alerts to come
back for `tsh login`, but we still enforce a short timeout for the
`tsh status` command. (The timeout was increased slightly since the
context now wraps the entire command and not just the cluster alerts
call)
Fixes#25239
* Export desktop recordings to video
Add a new tsh command that will write Windows desktop recordings
to an AVI file for offline playback. Encoding is done client side
to avoid consuming server resources.
This uses the Motion JPEG codec (https://en.wikipedia.org/wiki/Motion_JPEG)
for its simplicity and ease of use. Something like ffmpeg would perform
better in nearly every aspect (run time, compression / file size, video
quality, etc), but that would complicate our build process and add extra
native dependencies. This implementation uses pure Go and works on any
platform where tsh runs today.
Also make sure `tsh recordings ls` shows Windows and SSH recordings.
* Untangle test imports
lib/events/eventstest is allowed to import lib/events
(it needs to in order to implement interfaces and use types)
This means lib/events can not import lib/events/eventstest,
which requires that we move some tests from package events
to package events_test
* tdp: break dependency on lib/srv
The lib/srv package is large and contains Unix-specific code.
Now that tsh needs to understand the TDP protocol, we need to
avoid importing lib/srv so that tsh can still build on Windows.
* Save private key policy in profile.
* Fix tsh status/logout with yubikey unplugged; fix cluster alert on tsh status with hardware_key_touch.
* Set private key policy from ping response.
* Skip cluster alerts on tsh status.
In “tsh login” show only alerts with on-login label.
In “tsh status” show only alerts with “high” severity. Which license warning should match.
In all “tctl” commands show only alerts with “high” severity.
* Propagate tctl --insecure flag
* Move ExitCodeError into common package
* Add TryRun helper func to tctl for testing
* Return error instead of exiting directly
* Add test for tctl insecure with profile
* Remove debug println
* Update want err message
* Remove unnecessary errors.Is implementation for ExitCodeError
* Update error message for cert error in test
* Fix flaky TestHandlerConnectionUpgrade
* Test that TryRun error is assignable to ExitCodeError
* gofmt
* Fix import order
Co-authored-by: STeve Huang <xin.huang@goteleport.com>