* Reword Troubleshooting section in Connect docs
* Point readers towards Open Logs Directory button
* Mention specific manifestations of partially unusable UI
* Update commands for removing tsh and app_state.json
* Reduce instances of "just"
* agent lifecycle -> the lifecycle of the agent
* proxy version -> Teleport Proxy Service version
* Simplify sentence about local user requirement
* Add screenshots of Connect My Computer
* Update screenshots of Connect UI
* Minor typos
* Update docs/pages/architecture/proxy.mdx
* fix capitalization and hyphenation and make features more parallel
* fix identity typo
---------
Co-authored-by: Gabriel Petrovay <gabipetrovay@gmail.com>
* Header `Connection: close` causes `kubectl` to fail exec
The header `Connection: close` causes failure in kubetl when it upgrades
the connection to SPDY.
The `ReadTimeout` and `WriteTimeout` are known to cause problems to
Kubernetes watch streams.
Fixes#33020
Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>
* add unit tests
---------
Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>
* Add Docker to the access request plugin partial and Discord section
* Update another partial for Docker
* Restore variable to teleport.plugin.version
* Update docs/pages/includes/plugins/install-access-request.mdx
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
---------
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
* Start migrating services.Identity to use context and return users
Adds new variants of existing methods that are going to be updated
to support propagating context and return users from create, update
and upsert. This is an unfortunate step required because e utilizes
the interface for various functionality. In order to prevent breaking
builds, the temporary methods were added so that e can be converted
to them first, then oss can be updated to the new version of the
interface. Once that is done e will be converted and then the temp
methods will be removed.
* fix typos in comment
Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>
* fix: don't set metadata on existing item in CAS
Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>
* fix: gci
* fix: set resource id on update
---------
Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>
As per https://support.apple.com/en-in/HT210176:
> TLS server certificates must contain an ExtendedKeyUsage (EKU)
extension containing the id-kp-serverAuth OID.
We were not specifying this EKU.
Validated by checking with the old self-signed certs:
$ security verify-cert -c webproxy_cert.pem -p ssl -r webproxy_cert.pem
Cert Verify Result: Invalid Extended Key Usage for policy
And then repeating the process after this change:
$ security verify-cert -c webproxy_cert.pem -p ssl -r webproxy_cert.pem
...certificate verification successful.
Closes#32531
* Bump the go group in /integrations/kube-agent-updater with 2 updates
Bumps the go group in /integrations/kube-agent-updater with 2 updates: [github.com/docker/distribution](https://github.com/docker/distribution) and [golang.org/x/mod](https://github.com/golang/mod).
Updates `github.com/docker/distribution` from 2.8.2+incompatible to 2.8.3+incompatible
- [Release notes](https://github.com/docker/distribution/releases)
- [Commits](https://github.com/docker/distribution/compare/v2.8.2...v2.8.3)
Updates `golang.org/x/mod` from 0.12.0 to 0.13.0
- [Commits](https://github.com/golang/mod/compare/v0.12.0...v0.13.0)
---
updated-dependencies:
- dependency-name: github.com/docker/distribution
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
...
Signed-off-by: dependabot[bot] <support@github.com>
* Replaced deprecated import
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alan Parra <alan.parra@goteleport.com>
Bumps the go group in /assets/backport with 1 update: [golang.org/x/oauth2](https://github.com/golang/oauth2).
- [Commits](https://github.com/golang/oauth2/compare/v0.12.0...v0.13.0)
---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the go group in /build.assets/tooling with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/oauth2](https://github.com/golang/oauth2).
Updates `golang.org/x/mod` from 0.12.0 to 0.13.0
- [Commits](https://github.com/golang/mod/compare/v0.12.0...v0.13.0)
Updates `golang.org/x/oauth2` from 0.12.0 to 0.13.0
- [Commits](https://github.com/golang/oauth2/compare/v0.12.0...v0.13.0)
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Adds new RPCs which return the modified connector from write
operations. Server side and interface changes will be don in follow
up PRs to prevent breaking e. This is the first step in enforcing
optimistic locking for auth connectors.
Contributes to #30416.
* Add docs for Connect My Computer
* Update Troubleshooting Connect My Computer header
This way it doesn't conflict with the general Troubleshooting header.
* Add troubleshooting section about expired token
* Expand section on agent not being visible in cluster
* Mention that logout removes the agent
* OneOff Script: use ent build if cluster is Enterprise
We were always using the OSS version of teleport in the one-off scripts.
This PR changes that to pick the correct version depending on the
running version in the Proxy.
* use gzip bestspeed for compressing files
* Remove check that enforces slack oauthProviders are set
* Remove test that checks for an error when hosted plugins is true
* Set hosted plugins to always be true
* Update tests that check hosted plugins is disabled
* Add comment explaining hosted being set to true at all times
When user starts a session, we do not report the initial command used
which causes visibility problems to moderators when they need to figure
out if they join or not the session.
This PR exposes the intial command for SSH and Kubernetes so moderators
can decide if they want to join the session or not based on the initial
command.
Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>
When checking GHA logs of OS Compatibility build, I notice info log
```
The repository will be downloaded using the GitHub REST API
To create a local Git repository instead, add Git 2.18 or higher to the PATH
```
suggesting that our self-compiled git is not being used. For some reason out git binary was installed in /usr/local/usr/local/bin/git. I removed the additional /usr/local prefix to install the binary in the correct directory. I also updated git to the latest version.
* docs: Add WinSCP to PuTTY client instructions
* Restore validity section
* Restore validity section
* Formatting tweaks
* Merge lists
* Change title
* Fix docs link title to match page
* Bump tsh version for WinSCP support
* Whitelist WinSCP in spellcheck
* putty.mdx -> putty-winscp.mdx
The Vercel preview workflow currently inserts the head branch of a pull
request into the edge version of the Teleport docs. This makes it
difficult to post a link to the correct version, since we need to
include the version number in the path.
This change edits the Vercel preview workflow to include only one
version of the docs--the user's version--in the preview site. This makes
it easier to find the user's changes.
* log message improvements
* fix etcd cleanup
* re-enable TestHSMDualAuthRotation
* retry client connection tests
* fixes based on code review
* make fix-imports
* fix: use EventuallyWithT
* set short polling period
* fix leaf SSH sessions not getting recorded
* add integration test
* address feedback, overhaul integration test
* make each test case use fresh clusters to fix failing case
* address feedback
* Apply suggestions from code review
Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
* fix integration test failures
---------
Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
* Deflake `TestInteractiveSessionsNoAuth` test
For this test, the LockWatcher is marked as stalled. When in stalled
mode, the watcher bypasses cache and hits auth server directly.
During the test, the auth rate limit is exceeded which causes the
watcher to fail and report unexpected errors.
This PR bumps the auth server limits to prevent these cases.
Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>
* add comment
---------
Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>