* AWS OIDC Integration: Deploy DB Service in a single click
This PR adds a new AWS OIDC Integration action: deploy database service
This uses Amazon ECS to deploy a Database and a Discovery Service in a
single click.
Please read `lib/integrations/awsoidc.DeployDBService` for more
information.
* set discovery group to uuid
* add agent matcher labels
* add tags to indicate ownership
* create deployment mode
* allow for dot named clusters
* rename service and taskdefinition to include deployment mode
* add ECS service dashboard url to the response
* change ownership tags
* remove delete service api call
* fix json indent in comment and iam token name
* Add rough docs for Windows TPM device trust
* Add EKCert to cspell
* Add minimum version requirements
* `specialist` -> `dedicated`
Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
* Use more precise language where possible
Co-authored-by: Alan Parra <alan.parra@goteleport.com>
* Use `tctle dit cluster_auth_preference`
* SPAG & Clarity suggestions from docs team
Co-authored-by: lsgunn-teleport <136391445+lsgunn-teleport@users.noreply.github.com>
* More SPAG adjustments from review
Co-authored-by: lsgunn-teleport <136391445+lsgunn-teleport@users.noreply.github.com>
* Reflow some lines after PR review changes
---------
Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
Co-authored-by: Alan Parra <alan.parra@goteleport.com>
Co-authored-by: lsgunn-teleport <136391445+lsgunn-teleport@users.noreply.github.com>
* Add bottom shadow for inactive tabs and inset for the active one
* Add shadow for new tab item by using common styling
* Adjust `KeyboardShortcutsPanel` to the light theme
* Center Servers/Databases/Kubes navbar vertically between tabs and table by using the same margin values (8px)
* Set title on the element that is dragged
* Update Electron to 25.1, TypeScript to 5.1
* Use the same focusing mechanism on all platforms
* Use `role: about` in the app menu as Linux supports it
* Bump Electron to 25.1.1
* Compile binaries for access plugin tests
* Fix PD test asserts for newer Teleport versions
* Unpin role from V6 in access plugin tests
* Remove license from OSS plugins tests
We now run tests against OSS Teleport in the OSS repo,
and against Enterprise Teleport in the E repo.
So the assumption that CI always needs an enterprise license
is incorrect.
* Only compile the required binaries
In the `docs/pages/includes/tls-certificate-setup.mdx` partial, one code
snippet includes an escape character after a pipe in order to render a
shell command across two lines. For users who copy the command manually,
this can lead to unexpected results. This change removes the escape
character and renders the command on one line.
This change also makes the use of `Var` components in code snippets more
explicit so users aren't tempted to paste the example command into, say,
a browser address bar in order to change the placeholder values. (This
is what led to issues with the escape character to begin with.)
* docs: include tsh install in connect your client tsh page
* fix links
* Updates install and uninstall language
* version number
* match windows install
* Update docs/pages/connect-your-client/tsh.mdx
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
* Lint fix
* Lint fix
* verbiage update
Co-authored-by: Alex Fornuto <alex.fornuto@goteleport.com>
* fix windows install reference
---------
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Co-authored-by: Alex Fornuto <alex.fornuto@goteleport.com>
* Add mapping between user groups and applications.
Within Okta, user groups can assign permission to many applications and
applications can belong to many user groups. This commit establishes that
mapping so that the Okta service can perform more user friendly access
requests by adding all applications from a user group to the access request
and additionally allowing application access requests to request associated
user groups as well.
* Adjust NewUserGroup to take a spec.
* Start fleshing out UAC elevation
* Use `runas` and ShellExecuteW to open a child process with elevated privileges
* Add tsh command to re-execute
* Add method to be called in the elevated child process
* Ugly, but working, credential activation in UAC dialogued child
* Add TODO
* Add some further notes/explanation on windows.ShellExecute
* Change error message to match function name
Co-authored-by: Alan Parra <alan.parra@goteleport.com>
* Improve comment
Co-authored-by: Alan Parra <alan.parra@goteleport.com>
* Use `trace.BadParameter` instead of `Errorf`
Co-authored-by: Alan Parra <alan.parra@goteleport.com>
* Use `tpm-activate-credential` instead of `activate-credential`
Co-authored-by: Alan Parra <alan.parra@goteleport.com>
* Remove spurious newline
Co-authored-by: Alan Parra <alan.parra@goteleport.com>
* Move towards more production ready elevated process
* Add stubs for darwin/other
* Use path in state dir for cred activation results
* Fix stub return values
* Fix test missing context.Context pass
* Add additional message when cred activation completes
* Use ShellExecuteExW to get handle to process to wait on
* Improve comment in windowsexec
* Minor stylistic changes from review
Co-authored-by: Alan Parra <alan.parra@goteleport.com>
* Minor adjustments to error handling and logging
* Use `windows` over `syscall`
* Leverage `mkwinsyscall`'s error handling
* Missing param in test
* Always show error, not just when `-d` is provided
* Remove unnecessary trace.Wrap(err)
* Restore cf.Debug check
* Explicitly ignore return values from `FPrintln`
Co-authored-by: Alan Parra <alan.parra@goteleport.com>
* Simplify code
* Add null check to `info.hProcess`
* Minor format changes from review
Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
---------
Co-authored-by: Alan Parra <alan.parra@goteleport.com>
Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
* Add prompt to machine id page when using `tctl auth sign` for a user credential
* Use FPrintf with stderr instead of `log.Info`
* Move newline
* Remove emoji from message in case it breaks terminals
* Add a config item for the theme and adjust Electron's `nativeTheme` based on that
* Listen to theme changes and update the app accordingly
* React to theme changes in teleterm stories
* Rename channel
* Return boolean from handlers
* Do not mock the whole app context in storybook
* Fix linting issue
* Fix typo
Label expressions went out in v13.1.1, this commit corrects the
`minSupportedLabelExpressionVersion` constant to match.
This is necessary for label expressions to work when nodes on versions
between 13.1.1 and 13.2.0 connect to auth servers on versions
>=14.0.0-alpha.
This doesn't affect any released versions, we just want this to be right
before we ship v14.
This was expected, so testcases already use
`minSupportedLabelExpressionVersion` and are automatically up to date.
* feat: adds motd to the ui
* address review suggestions:
- update MOTD to Motd
- moved motd state to useLogin
- added behaviour tests
* add motd test to apiserver_test.go webconfig. update snapshot test to address motd warning
* git mv to update MOTD to Motd
* multiple fix:
- add unmount test
- remove motd title
- group states together in useLogin
- update arrow func to classic js func
* remove unused waitForElementToBeRemoved
* Make use of keepAliveInterval in terminal handler
Looks like keepAliveInternal is being ignored in the web terminal handler. This change sets the keep alive interval from the request if provided or uses the cluster value as a backup. As a side effect, TestTerminalPing runs < 1s instead of ~ 10s.
* Set the minimal ping time to one second
* Update lib/web/apiserver.go
Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
---------
Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
* Use the one-liner in install-linux.mdx
Closes#25505
We now have a one-line installation command for Teleport Community
Edition. Since the script the command runs already checks the user's OS
and attempts to use the appropriate package manager, there is no need
for the tabbed installation instructions in the Community Edition tab of
`install-linux.mdx`.
* Linter fix
At a minimum, the GitHub app that Teleport uses must have the
read:org scope so that we can identify which users are members
of which teams.
Closes#14825
* make dynamic edit first
* expand scope...
So that dynamic resource is still the default option for all scopes
* add local auth tip...
Since we're telling the reader to switch to SAML before it's configured, we should provide a way to log in again using local auth.
* provide full path to key...
Since updated docs using <code>tctl sso configure</code> won't always include the key for easy reference in its output.
* update okta guide to use tctl sso configure
* Specify enterprise/cloud tctl downloads...
Because <code>tctl sso configure saml</code> is only available in the enterprise tctl versions. This makes this PR dependent on #26124
* strongly encourage testing
* use preset flag
FIPS is only built on amd64, and only on our centos:7 buildboxes. These
other dockerfiles and targets are vestigial. Furthermore, the buildbox
is a security risk, as ubuntu:18.04 is not supported after 2023-05-31.
If/when we want to support FIPS on ARM, we can build off the centos:7
infrastructure, or its successor.
* docs: document label expressions
This commit adds documentation for the label expressions feature
described in RFD 116.
* Apply suggestions from code review
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
* use v6 role
Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
* explain setting both <kind>_labels and <kind>_labels_expression
---------
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
