Russell Jones
6a1c045fa6
Fix issue where users would get locked out when using OTP tokens.
2017-10-11 22:56:55 +00:00
Alexey Kontsevoy
e86fffd28f
(web) adding CSRF protection to OIDC and SAML callbacks
2017-10-06 16:19:05 -04:00
Russell Jones
a0777239b1
By default, no rules.
2017-09-14 13:25:28 -07:00
Russell Jones
0354833211
Additional cleanup (added error messages).
2017-09-14 10:59:25 -07:00
Russell Jones
ff63e664de
Refactored Trusted Cluster creation/update.
2017-09-12 18:44:49 -07:00
Russell Jones
028eb12aae
Remove VerbConnect.
2017-09-12 15:18:45 -07:00
Ev Kontsevoy
3533903c0e
Lots of documentation edits.
...
Minor code changes too (only comments)
2017-09-11 20:27:42 -07:00
Ev Kontsevoy
5f62b88109
OSS handling of trusted clusters
2017-09-10 15:55:24 -07:00
Russell Jones
1438e40de0
Always include second factor in authentication settings for fallback
...
login and only call CheckAndSetDefaults on the metadata when
unmarshaling a SAML connector.
2017-09-08 23:58:08 +00:00
Russell Jones
f9ad90f705
Add root to the list of logins for an Enterprise role.
2017-09-07 17:56:11 -07:00
Russell Jones
294f835a9e
Added VerbReadNoSecrets.
2017-09-07 17:00:36 -07:00
Alexey Kontsevoy
88b363ebdd
addressing CR comments
2017-09-07 12:24:04 -04:00
Alexey Kontsevoy
f6b30ca666
Merge branch 'master' of github.com:gravitational/teleport into features
2017-09-07 11:08:07 -04:00
Alexey Kontsevoy
9fa799aa70
add default namespace value to V3 role spec deny section
2017-09-07 11:08:00 -04:00
Russell Jones
f89f18fbf7
Remove allowed logins and labels from implicit role.
2017-09-06 19:57:20 +00:00
Ev Kontsevoy
259af1ae34
Better error message and structured RBAC logging
...
RBAC log messages (internal Teleport log) are now prefixed with [RBAC]
2017-09-05 21:02:06 -07:00
Russell Jones
e9ae5a1e27
Renamed default role to admin role.
2017-09-05 12:23:07 -07:00
Russell Jones
c1f92ba3a7
Remove ReadSecrets and replace with ReadUpdate.
2017-09-05 11:34:55 -07:00
Ev Kontsevoy
a7db6d7ca6
tctl changes (polish for 2.3)
...
This commit refs #1137
- tctl get user/joe now works (as reported in #1247 )
- tctl create/rm roles changes
- added synonyms for various resources
- made YAML the default output for tctl get
- added better help + examples for tctl get
- edited error messages
- minor refactoring
- added the system of "command plugins" which allows enterprise version
of tctl to introduce different behavior to OSS commands
2017-09-03 19:23:57 -07:00
Sasha Klizhentas
dbd3fd85c3
update comment
2017-08-31 18:03:12 -07:00
Sasha Klizhentas
8137ef75d4
add raw object setter
2017-08-31 18:00:32 -07:00
Sasha Klizhentas
48f49aaa26
interface refactoring
2017-08-31 15:08:06 -07:00
Russell Jones
64d1fc9a9d
Updated SetClusterName to call CreateVal on the backend instead of
...
UpsertVal. This way the ClusterName can only be set once.
2017-08-31 11:24:55 -07:00
Russell Jones
55a9553a22
Added KindAuthConnector resource that gives access to KindOIDC and
...
KindSAML.
2017-08-30 20:23:03 +00:00
Russell Jones
c543067001
Removed namespaces and expires from user interface.
2017-08-30 18:11:13 +00:00
Sasha Klizhentas
d182d1bcc8
switch from client-go to apimachinery release-1.7
2017-08-28 18:25:39 -07:00
Sasha Klizhentas
1537fa2254
Merge branch 'master' into sasha/where2
2017-08-27 13:14:27 -07:00
Russell Jones
444d62ef8c
Session access controls.
2017-08-26 00:55:20 +00:00
Sasha Klizhentas
699d1ada3d
fix error message
2017-08-25 12:51:33 -07:00
Sasha Klizhentas
2a60416bf0
tweak log action
2017-08-25 11:29:33 -07:00
Sasha Klizhentas
1be9f01452
interface updates
2017-08-25 11:06:01 -07:00
Sasha Klizhentas
d7e5f7f4f6
add tests
2017-08-25 10:51:49 -07:00
Sasha Klizhentas
1fded0886a
scaffolding for rules matchers
2017-08-24 20:24:47 -07:00
Sasha Klizhentas
0c77c5c0e9
refactor internal rule representation
2017-08-23 19:08:56 -07:00
Sasha Klizhentas
8b81a0c384
Migrate to golang/dep for dependency management
...
Update following packages:
* Replace Sirupsen/log with sirupsen/log everywhere
* Update etcd client to 3.2.4
* Update docker/term to moby/term
* Update kr/pty to v1.0.0 release
* Update K8s client to 2.0
2017-08-22 15:30:30 -07:00
Russell Jones
8838a419af
Added support for role rules.
2017-08-21 10:53:50 -07:00
Russell Jones
4719c4bdfa
Allow enable or disable of a TrustedCluster without performing the
...
exchange again.
2017-08-18 20:14:42 +00:00
Russell Jones
865000d6fe
Reintroduced --auth flag to tsh.
2017-08-09 17:24:54 -07:00
Russell Jones
b4c805fe23
Re-factored cluster configuration.
2017-08-07 17:20:16 -07:00
Russell Jones
64d743fc5d
Added support for default roles.
2017-08-01 00:54:05 +00:00
Russell Jones
b324616208
Added support for role variables.
2017-07-24 22:06:07 +00:00
Russell Jones
a77d560064
Updated logs and checked rule names.
2017-07-18 11:24:59 -07:00
Russell Jones
926456628d
Added more test coverage for RoleV3.
2017-07-18 11:20:49 -07:00
Russell Jones
f5787ca40f
Minor RoleV3 cleanup.
2017-07-18 11:20:49 -07:00
Russell Jones
8a6d8d5d33
Added RoleV2 -> RoleV3 migration.
2017-07-18 11:20:49 -07:00
Russell Jones
1e76d20fa3
Updated RoleV3 format to support resources to enable backward compatibility
...
with RoleV2.
2017-07-18 11:20:49 -07:00
Russell Jones
9348490be2
Code review comments on RoleV3.
2017-07-18 11:20:49 -07:00
Russell Jones
226405fba6
Moved MaxSessionTTL into RoleOptions.
2017-07-18 11:20:49 -07:00
Russell Jones
6299d349c1
Introduced and migrated to RoleV3.
2017-07-18 11:20:48 -07:00
Russell Jones
2286c6593d
Remote clusters should only send their own CAs.
2017-06-27 11:55:59 -07:00