* Move tshd test helpers to a better location
* Support passing no props to tshd test helpers
* Refactor ResourcesService getServerByHostname tests
* Move pluralize to shared package
* SearchContext: Rename `opened` to `isOpen`
* ActionPicker story: Show auxiliary items in a separate column
* ActionPicker: Split getClusterName into two functions
getClusterName used to not return the name of the cluster if there's only
a single cluster present. Some places needed to get the cluster name
no matter what, such as the modal with resource errors that will be added
to ActionPicker.
* Refactor resource search to use Promise.allSettled
* useSearchAttempts has been renamed to useActionAttempts
* useActionAttempts returns resourceSearchAttempt in order to supply errors
from ResourcesService.searchResources to ActionPicker.
* SearchContext: Implement lockOpen
We'll want to display error details in a modal. While the user interacts
with the modal, we don't want to close the search bar and reset the results.
So instead, we are going to force the search bar to stay open until the
user closes the modal. This will use the lockOpen function from this commit.
* Add modal for showing resource search errors
* Refactor mockedSearchContext to not be a top-level mutable var
* Show an item in search bar with resource search errors
* ResourceSearchError: Add instanceof check to tests, include clusterUri in message
* Make isLockedOpen into a ref
* Use table tests for lockOpen tests
* Revert "Make isLockedOpen into a ref"
This reverts commit 07f4206cc2.
* Move capitalization to ResourceSearchError.messageWithClusterName
* ResourceSearchError: Use `public` in constructor
* Connect: Improve focus management in search bar (#24665)
Somehow this `helm3-unittest` "submodule" got committed but without the
corresponding `.gitmodules` change, so git gets rather confused about
it. Just remove it.
This speeds up the amount of time it takes to determine which cloud
environment Teleport is running on, and properly propagates a context
as an argument instead of stashing it in a config struct.
* Add building Windows Authentication Package to Drone
* Add building Windows Authentication Package to Drone
* Set test build version
* Test trigger
* Trigger + version update
* fix path
* path + version
* trigger?
* fix windres
* fix windres
* fix windres
* fix windres
* fix windres
* handle windows windres
* handle windows windres
* update e
* gocache
* gocache
* gocache
* update e
* go version
* go version
* go version
* tes
* tes
* test
* bump e
* bump e
* dronegen
* concurrent
* tag trigger
* bump version
* trigger
* trigger
* trigger
* bump e
* bump e, cleanup build
* fix signing
* fix signing
* rename
* fix signing
* restore trigger
* restore trigger
* bump version
* relcli update
* bump version
* bump version
* restore version
* restore e
* dronegen
* dronegen
* bump e
* dronegen
* dronegen
* dronegen
* Added SSL Certificate install
* Update examples/teleport-usage/Dockerfile
Co-authored-by: Russell Jones <russjones@users.noreply.github.com>
* Update examples/teleport-usage/Dockerfile
Co-authored-by: Russell Jones <russjones@users.noreply.github.com>
---------
Co-authored-by: Russell Jones <russjones@users.noreply.github.com>
* Deleted OPRT from this repo
* Migrated dronegen to call gha workflow
* Removed dead pipelines
* Removed unused function to appease linter
* Accounted for private repo promotions
* Updated to use package name filter
* Accounted for teleport-ent-updater publishing
* ALPN connect test improvements
* fix typos
* remove extra period
* simplify error check
* moving things over
* tsh dials
* reverse tunnel
* fix auth connect
* move ping
* add ssh support
* add HTTP client support
* Move ALPN dialer, ALPN conn upgrade, Ping conn to api
* beatify
* add test
* beautify round 2
* fix timeout
* Implement alpn-ping upgrade for reversetunnel and ssh
* clean up
* fix proxy test
* minor refactor
* remove WebProxyAddr
* require IsALPNConnUpgradeRequiredFunc
* add tlsRoutingWithConnUpgradeConnect
* fix lint
* simplify
* remove debug log and change unknown upgrade type to 404
* Force new proxy client to use web proxy when TLS routing is enabled
To date clients attempting to access a resource first have to call
`proto.AuthService/IsMFARequired` to determine if an mfa ceremony
is needed for access to a resource. In an effort to reduce an
extra round trip to the Auth server this can can be bundled into
`proto.AuthService/GenerateUserSingleUseCerts`.
In order for RBAC to determine if mfa is required for SSH sessions
the OS login of the session must be known. To accomodate this a
new `SSHLogin` field was added to `proto.UserCertsRequest`.
The response to the initial request of the stream now contains a
`proto.MFARequired` enum which indicates whether mfa is required,
not required, or it's unknown if mfa is required. The last variant
should only be returned when the `SSHLogin` field is unset in the
initial request.
The `(auth.Server) isMFARequired` check was also modified for nodes
to make use of `ListResources`. Instead of retrieving **all** nodes
into memory and finding the matching ones, a request is made to
`ListResources` with the `SearchKeywords` populated with the target
from `proto.IsMFARequiredRequest_Node.Node.Node`. Care was taken
to filter out any matches from labels to preserve the original
matching behavior.
Previously a Teleport client using SFTP would resolve remote host user
home directories by making a subsystem request to a Teleport server
which would return the home directory. The problem was the subsystem
request counted as an open session, which could make the SFTP file
transfer fail. This was frustrating and didn't make much sense, but
after reading the SFTP specification again I realized that SFTP servers
are to handle relative paths by assuming they start at the user's home
directory. So let the server figure out the correct path and remove any
tilde prefixes from remote paths.
TestSSHOnMultipleNodes and TestSSHWithMFA are too slow to complete
within the 10m required by the flaky test detector. Bypassing them
so that changes to them can be merged.
* updated OpenSSH docs with agentless information
Going forward, agentless nodes are the preferred way to manage OpenSSH
nodes, so update the documentation to describe how to add them to a
cluster.
* add 'uuidgen' to cspell list of ignored words
* Renders user auth types to match expected capitalization for GitHub, SAML and OIDC
* Update test to use cap OIDC
* Update SAML and GitHub auth type test compare
* UI lint fix
* Applied comments for function location and import
* lint fix
* lint fix
* fix typecheck
* Do not hide any filters if the search term limits the list of clusters to just one cluster
* Rename `ExtraComponent` -> `ExtraTopComponent`
* Use `active` prop only for `InteractiveItem`
* Add protos for TPM enrollment ceremony
* Add modifications to Device object for TPM support
* Add new fields to the resource type
* Add "Der" prefix to tpm_attestation_key field for consistency
* Add test for conversion code
* Fix incorrect field number for proto message
* Allow empty string in resource for unspecified
Co-authored-by: Alan Parra <alan.parra@goteleport.com>
* Rename DeviceAttestationType
* Clarify ActivateCredential process
* Finish renaming to DeviceAttestationType
* Use unspecified
---------
Co-authored-by: Alan Parra <alan.parra@goteleport.com>
* Add cleanup time and last transition time to OktaAssignment.
The OktaAssignment now has a cleanup time that will be specified on creation
and each action has a LastTransition time. The cleanup time specifies when
the Okta service should clean up the Okta assignment, and the last transition
time will be used to show when the action last transitioned.
It should be noted that cleanup time is maintained separately from the notion
of expiry as we want Okta assignments to stick around until they're cleaned
up, otherwise we have no record of what Teleport has done via the Okta API.
LastTransition time can be used to timeout actions that have been stuck
processing for too long.
* Ensure Okta timestamps are UTC.