PR #27018 generalized locks to other roles besides `RoleNode` by adding
a new field `server_id` that forbids the agent to connect to the cluster
independently of the roles it has associated.
This PR converts the UI lock of nodes from `node` to the new `server_id`
field.
* [Assist] Do not parse event data is there is none
If there is no session data UI should not try to parse them, otherwise it will crash as this happens currently.
* Move more code.
* Update web/packages/teleport/src/Assist/contexts/messages.tsx
Co-authored-by: Lisa Kim <lisa@goteleport.com>
---------
Co-authored-by: Lisa Kim <lisa@goteleport.com>
* Adjust Connect to light theme
* Remove `clusters/*` element
* Add terminal colors
* Remove warning about using `false` as `color`
* Add custom styling for `Toggle`
* Fix light theme for file transfer, use the same border color for the drop area as for the input
* Do not hardcode color in `CliCommand`
* Use #000 as black
* Convert rgba colors to be non-opaque
* Fix two slightly incorrect colors
* Remove react-use-websocket
* Stop large command outputs from overflowing
* Try to select a login that isn't root/ubuntu/etc
* Stop the navigation switcher from closing whilst assist tooltip is shown
* Update web/packages/teleport/src/Assist/contexts/messages.tsx
Co-authored-by: Jakub Nyckowski <jakub.nyckowski@goteleport.com>
* Sort logins alphabetically and put the root logins last
* Add a test for logins sorting
---------
Co-authored-by: Jakub Nyckowski <jakub.nyckowski@goteleport.com>
* [Assist] Allow removing assist conversations
* Display landing page after the conversion is removed
* Improve styling and add a confirmation dialog
* Change the icon opacity to copy the main navigation
* Remove unused minus icon
* Add missing trace.wrap
---------
Co-authored-by: Ryan Clark <ryan.clark@goteleport.com>
* Add onStartError to PTY process
* Add logging to frontend PtyEventsStreamHandler
* Return cleanup functions from pty process onEvent functions
* Extract DocumentReconnect from DocumentTerminal
The Reconnect component will be useful when handling startError.
* Add getPtyId to PtyProcess
This will act as the key for the Terminal component, allowing us to
make sure we mount it only once for any given PTY process.
* Capture startError and display an error state
* Terminal/ctrl: Cleanup ptyProcess onData listener
* Include command name and args in startError error message
* Remove ptyId field from PtyProcess
* Add back button for enrolling aws oidc integration
* Remove exit buttons and replace some with back buttons
The back buttons will replace the back arrow buttons
Added back button to Setup Access screen for databases
* Return os.exec.Cmd as gateway CLI command
* Remove separate Props type from DocumentTerminal
* Refactor Kind type exported from documentsService
* Export makeRuntimeSettings from MainProcess mock
* PtyProcess: Join args in logger name
* ptyHostService: Pass ptyOptions explicitly instead of using spread
I noticed that we pass both argsList and args to the PtyProcess constructor.
While TypeScript allows that, it is a bit confusing when inspecting the
actual values received in the constructor.
* Add empty DocumentGatewayCliClient
* Start terminal from DocumentGatewayCliClient
* Add waiting state for DocumentGatewayCliClient
* Remove targetSubresourceName from DocumentGatewayCliClient title
* Add aws rds fields to databases responses
* Type ApiError response field
* Add utility func for returning err msg from Error
* Implement checking for existing db servers when fetching rds dbs
* Disable selecting table row when db servers exists
* Provide a more accurate actionable steps in case of dup err
* Fix blank id on resuming discover flow
* Address code review
* Fix lint: missing license
* Remove increasing limit +5, corner case handling seems unnecessary
* Render the separator from within MenuItem
This will make it easier to show the separator in the story.
* Use spotBackground for keyboard shortcut background
* Add disabled state for additional actions
* Dim only the text and icon color when disabled
* Use text.disabled instead of buttons.textDisabled
* Upgrade electron and electron-builder
* Update the path to x64 build
* Update electron to 24.3.0
* Use the latest after-install and after-remove scripts
* Run prettier
* Use correct indentation
* Use app path in `update-alternatives --remove`
* Add rate limiting to Assist
* Only rate limit Assist in Cloud
* Add a comment to assistantLimiter
* Fixes after rebase
* Add 'rate-limited' test case to assistant_test
* Handle CHAT_MESSAGE_UI in Assist web UI
* Add godoc
* CHAT_MESSAGE_UI -> CHAT_MESSAGE_ERROR
* Run assistant test cases in parallel
* Add params to redirect URL
* Change casing of constant
* Update button to use `as="a"`
* Update tests and stories
* Use ButtonPrimary instead of Border
* Fix storybook deprecated warning
* Define required role arn rule check
* Implement editing integrations
- Create a re-usable component for rendering dialogues
based on operation type (enterprise)
* Add thumbprint validation
* Fix text color mash in light theme
* Address CR
* Assist - port WebUI changes
This PR port all WebUI changes used by Teleport Assist.
* Minor formatting changes
Remove console.log
* Update web/packages/teleport/src/Assist/Chat/Examples/ExampleList.tsx
Co-authored-by: Lisa Kim <lisa@goteleport.com>
* Address code review comments
* Code review improvements
---------
Co-authored-by: Ryan Clark <ryan.clark@goteleport.com>
Co-authored-by: Lisa Kim <lisa@goteleport.com>
* Show resource search errors in search bar when fetching a preview
* Add a comment for ActionPickerStatus
* Add NoResultsItem with no expired clusters to the story
* Destructure searchMode properties
staticConfig.ts used to match on "development" and "production" only.
In tests, jest sets NODE_ENV to "test" which required us to mock
staticConfig.ts.
Since we don't need a separate config for dev and tests, we can reuse dev
config for now.
* Fixes a SharedDirectoryAnnounce incompatibility
The SharedDirectoryAnnounce message was changed to remove an unnecessary
completionID field, however this change caused an incompatibility between
the proxy and previous versions of the wds. This commit reverts that specific
change and adds notes to the code explaining the situation.
The original change is here: https://github.com/gravitational/teleport/pull/25260/files#diff-98a4bee57beb7f007614e4810d2cf8413bddf48484c8aad6dd0756a218797c36R677-R678
* changes completionId to discard
* adds discard bit to sda.Encode to make fuzz tests happy
- Fixes the previous aws icon blending in with light theme
- Remove duplicate sources of aws icon
- Create stories for svg's icon, preferring them over
existing font icons from icomoon
* Add in Okta audit events.
Okta audit events have been added in to support the Okta Service enterprise
feature.
* Don't have separate failure events.
* UI linting.
* Add in missing icons.
* Use warning icon for Okta failures.
* Correct voicing of failure events.
* Add locked feature options
* Remove routes from items with locked parents
* Refactor to simplify features
* Add type for LockedFeatures
* Improve comment
* Fix call to isLockedAndUpdatedRouteAndNavigationItem wrong param
* Set locked features based on usage based billing
* Add back lockedRoute and list items
* Use simpler sintax
Co-authored-by: Grzegorz Zdunek <gzdunek@users.noreply.github.com>
* Simplify isParentLocked
* Improve navigation item rendering
* Remove unucessary condition from if
* Prevent adding a route if the feature is locked
* Throw error instead of logging
* Improve if condition
---------
Co-authored-by: Grzegorz Zdunek <gzdunek@users.noreply.github.com>
* ResultList: Reset active item on pick
* Extract inner item component with icon to ResultList
We want to reuse it in ParameterPicker.
* Remove hardcoded icon color of ResourceSearchErrorsItem
* Handle errors when getting suggestions for ParameterPicker
* (wip) add unlock feature button to support page
* Fix typo
* (wip) add locked feature join session
* Improve session join style
* Add session join lock button
* Remove hover on locked join menu
* Update copy
* Only show `join as...` when appropriate
* (wip)
* Make ButtonLockedFeature theme sensitive
* Remove debug stuff
* Adjust feature button height
* Fix session join button on locked
* Remove unused import
* typo
* Add link to cta button
* Remove teams flag
* Add cta service
* Update snapshots
* Lock button style
* Add cta to context
* Rename cta to ctaService
* Stories and tests
* Add comments clarifying that ctas are not used currently
* add showActiveSessionsCTA to useSessions
* Licenses
* Lint license
* Remove commented out code
* Add missing types
* Replace cta service for an object with cta on context
* Fix menu hack
* small refactor in styled stuff
* Update SessionJoinBtn to use master code
* Snapshot update
* Add events to cta clicks
* rebase
* revert e ref update
* Revert e change
* Update proto message to start at 1
* Use enum from proto files instead of rewriting
* Improve comments on usageevents.proto cta enum
* Fix import
* Fix type errs
* Add comments
* Rename CtaEvents > CtaEvent
* Copy the CtaEvent enum instead of importing from proto
* Add back blank line
* Fix import order
* Update proto files
* Add TODO comment
* Use solid color for table row border to fix Safari rendering issue
* Use `emphasize` function
* Improve comment
* Add fallback value to alpha
* Clarify comment
* Remove closeAndResetInput
* Remove unnecessary input focus from `open`
As the comment in SearchBar explains, the focus wasn't actually achieving
anything. I added it only because I was testing SearchContext in separation
and depended on the input getting focused in the test.
This doesn't reflect how the input is actually used so I adjusted the test.
* Move onFocus on input, add onBlur to input
* Remove nesting from handling outside click
* SearchContext: Rename onInputValueChange to setInputValue
* Do proper type check before calling focus on previouslyActive
* Add a temp workaround for tsc issue
* Make TypeScript 4.8.4 happy
* build: Support ARM64 (cross)builds of fido2 et al
Add support for building/cross-building the fido2 libraries (cbor,
openssl and fido2), supporting ARM64 builds. This is done by adding the
appropriate flags to the library builds in `build-fido2-macos.sh` based
on the `C_ARCH` environment variable. If unset then the host
architecture is used. The `Makefile` defined `C_ARCH` based on the
`ARCH` variable, mapping it to an appropriate value for the C compiler.
Building the libraries should now be done through the new `build-fido2`
target, and getting the pkg-config path should be done with the
`print-fido2-pkg-path`. This is instead of calling the
`build-fido2-macos.sh` script directly as the `Makefile` takes care of
setting the `C_ARCH` environment variable appropriately.
* build: Add make target to install rust cross toolchain
Add the `rustup-set-target-toolchain` target to the Makefile to ensure
the right rust toolchain is installed for the version of Rust we use as
well as the target architecture we wish to generate code for, based on
the `ARCH` variable. This is intended to be used by CI jobs to ensure
they build with the correct toolchain.
* build: Support building MacOS packages for ARM64
Remove the restriction that allows only AMD64 packages to be built on
MacOS for the teleport and tsh packages. This is via the existing `-a`
flag to `build-package.sh` and a newly added `-a` flag to
`build-pkg-tsh.sh`.
This adds the architecture to the filename of the package to distinguish
the packages for different architectures.
Update the comments in the Makefile mentioning that `arch` is ignored.
build: add architecture to package names
* build: Build Teleport Connect with target architecture
When packaging Teleport Connect with electron-builder, pass an
architecture flag so that we can cross-build Teleport Connect. This will
allow us to build MacOS ARM64 binaries on the AMD64 runners.
Add the architecture to the `dmg` filename via the electron-builder
config, so that the filenames for different architectures don't clash.
* build: Copy Mac release artifacts to release directory
Copy the Mac release artifacts to a release artifact directory so that
the CI scripts do not have to. This makes it clearer what is and is not
a release artifact and puts the logic in the Makefile instead of the CI
yaml, so it can more easily be tested locally and to make it easier to
migrate to the next CI system.
This will also be useful for building universal binaries for Mac as the
CI system can put the architecture-specific binaries from a previous
workflow job into a common location.
We should look at copying all release artifacts for the other builds
(Linux tarballs and packages, etc) into this directory too. It may help
with unifying the GitHub Actions release workflows.
* build: Add MacOS universal builds
Add support for ARCH=universal on Darwin to produce universal (fat)
binaries from pre-built arm64 and amd64 binaries.
Packages (pkg) and disk images (dmg) for containing universal binaries
are named without an architecture in the filename, as that is the
current naming for the current AMD64-only releases. These universal ones
will replace those AMD64-only ones providing a single release artifact
working across architectures.
Co-authored-by: Grzegorz Zdunek <grzegorz.zdunek@goteleport.com>
* build: Do not clean before release-darwin
Remove the `clean` prerequisite from the `release-darwin-unsigned`
target as it is not needed when building on GitHub Actions, as it starts
with a fresh slate each run. We do not make releases manually so we
don't need to ensure a clean working directory there either.
Not doing a clean makes it easier to build a MacOS universal release as
it depends on the architecture-specific tarballs from a previous release
build. We would need to manually save the tarballs from the first
architecture release build as they would get deleted by the `clean` from
the second. So just stop cleaning as it is not needed.
---------
Co-authored-by: Grzegorz Zdunek <grzegorz.zdunek@goteleport.com>
* Add IsUsageBased to features and send to web UI
* Update flag name
* Improve comment
* Add comments and improve field name
* Remove duplicated property
* Make pagination icons a little more visible
* Use different color for `tr` border
* Use `opacity: 1` for placeholders
* Include `borderRadius` in `StyledPanel` to fix rounded corners in Connect custom tables
* Use `colors.text.primary` for items in `MenuLogin`
* Adjust Connect theme to the updated dark theme
* Remove unused component
* Update snapshots
* Remove `surfaceSecondary` and `sunkenSecondary` colors
* Remove unneeded `inherit`
* Do not hardcode bg color in `TextArea`
* Expand comment
* Simplify the look of top bar elements
* Remove unused component
* Remove `text.contrast`
* Use the same dark theme for WebUI and Connect
* Revert "Make pagination icons a little more visible"
This reverts commit 1fe1d7baec.
* Add shadow for the tabs
* Post-merge fixes
* Do not use Arial on custom buttons
* Revert snapshot changes
* Fix colors in `ActionPicker`
* Apply hover styles directly on `SearchBar` input
* Use white color for "Database Connection" header
* Add shadow directly to `StyledTabs`
* Run prettier
* Update e
* Add some top padding to the terminal
* Review fixes
* Move SearchBar hover to the Flex element
* Table-related improvements (#25333)
* Use a better icon for the reverse tunnel cell
* Use `ButtonIcon` for pagination icons
* Fix rendering table border on Safari
* Manually add a visual separator between the table and the element below it
* Add bottom padding to resource tables in Connect
* Update snapshots
* Update snapshots
* Revert e
* Remove unnecessary useEffect
* Remove offline cluster handling on reconnect
We used to have to handle this manually, but nowadays it's handled by
retryWithRelogin that's used in createGateway.
* Create a gateway only once on mount
* Fix and refactor DocumentGateway story
* Add missing user groups entry to getEmptyResource state.
UserGroups will be requestable, so the UI needs to include user_group in the
empty resource state.
* Update test for object change.
* Add missing references to user_group.
* Support UI methods for user groups, label match user groups in API.
UI methods have been added to User Groups to support the enterprise Okta
service. This will allow groups to be queried and displayed on the new
access request page appropriately.
Additionally, after adding group labels to roles, the access checking was
not added to the appropriate user groups endpoints in auth_with_roles.
This has been added to ensure that users can only see the user groups they're
supposed to see when requesting access.
* UI lint issues.
* Let count be 0 (it will be zero on error)
* Put back IamPolicy screen with updated links
* Fix typo
* Remove port for 443 from very beginning of AWS integration flow
in addition fix inconsistent animation JSON policy
* Remove hard coded colors and remove unnecessary border
* (wip) add unlock feature button to support page
* Fix typo
* (wip) add locked feature join session
* Improve session join style
* Add session join lock button
* Remove hover on locked join menu
* Update copy
* Only show `join as...` when appropriate
* (wip)
* Make ButtonLockedFeature theme sensitive
* Remove debug stuff
* Adjust feature button height
* Fix session join button on locked
* Remove unused import
* typo
* Add link to cta button
* Remove teams flag
* Add cta service
* Update snapshots
* Lock button style
* Add cta to context
* Rename cta to ctaService
* Stories and tests
* Add comments clarifying that ctas are not used currently
* add showActiveSessionsCTA to useSessions
* Licenses
* Lint license
* Remove commented out code
* Add missing types
* Replace cta service for an object with cta on context
* Fix menu hack
* small refactor in styled stuff
* Update SessionJoinBtn to use master code
* Snapshot update
* Minor stuff
Switch to using the newer `notarytool` to notarize MacOS binaries
instead of the older `altool`, as `altool` is deprecated and will no
longer work come Fall 2023. This also makes for a quieter build as
altool's output was quite verbose, and anecdotally, it seems to be more
reliable - I haven't had a single notarization failure this way as
opposed to the many we see in CI with `altool`.
We used to use `gon` as part of our notarizing tool. `gon` still has an
open issue to upgrade to `notarytool`, so we've switched away from it
and used the Apple CLI tools instead to do the notarization. This is
available now that we have moved to GitHub Actions for builds as it has
a newer Xcode that contains notarytool.
Update the Teleport Connect notarization, which was quite a bit simpler,
although we do need an extra `$TEAMID` input, so handle it when that is
not supplied and document in the README that it is needed.
* Add isModeratedSession flag to web ssh session
* Fix lint
* Change to snakecase
* Change to moderated
* Ensures every Session has a valid Kind field.
Also cleans up the client code to distinguish between
terminalSessionPath and activeAndPendingSessionsPath.
* Entirely removes siteSessionGet which was not being used
* removes siteSessionGenerate which was not being used
* removes test testing webapi/sites/<cluster-name>/sessions post call, which is no longer used by the frontend
* removing unused struct
---------
Co-authored-by: Michael Myers <michael.myers@goteleport.com>
* Fix logout sequence
* Adjust `useLoggedInUser` documentation
* Mark clusters as disconnected after logging out
* Refactor `ClusterLogout` to not use the hook/container pattern
* Run prettier
* Fix test
* Use `routing.belongsToProfile`
* Render ExtraTopComponent based on computed action picker status
* Fix formatting
* Use named args for getActionPickerStatus
* Use const for nonRetryableResourceSearchErrors
* Fix logic behind determining remaining filters
* Adjust copy of db action
* Use retryWithRelogin when getting db usernames
* useAsync: Remove unnecessary useCallback
The state setter coming from useState is always stable.
https://legacy.reactjs.org/docs/hooks-reference.html#usestate
* useAsync: Expand docs with `run` return value example
* useSearch: Rename `restrictions` to `filters`
* useSearch: Remove unnecessary useState calls
* Refactor lockOpen into pauseUserInteraction
lockOpen worked great when we were concerned only about user interaction
with a modal closing the search bar as well. However, in the next commit
I'm going to add a login modal that's shown if the search fails with a
retryable error.
In that scenario, pressing Enter in the modal wouldn't work, as it would
be captured by the window listener that ResultList adds.
To work around this problem, I refactored lockOpen into pauseUserInteraction.
It still works pretty much the same way. But then instead of having checking
isLockedOpen in the close function, we have a new addWindowEventListener
function.
addWindowEventListener automatically removes the listener after
pauseUserInteraction is called. This solves both the problem of closing
the modal and the problem of using the enter key in the modal.
* Relogin & retry resource search if current workspace cert has expired
* addWindowEventListener: Name the cleanup function
* Make addWindowEventListener a prop of ResultList
