* Replace mermaid diagram, add guided instructions, remove includes with the get context command
* Change strings to pass linter
* Update diagram text, collapse sign in steps, add Kubernetes where missing.
* Remove manual enrollment, add new next steps, modify wording around running commands
* Rename Getting Started to Enroll s Kubernetes Cluster
* Change link to registering clusters toppic
- Fix clashing reference page titles ("Teleport CLI Reference" and
"teleport CLI reference").
- Add missing redirects: The Teleport blog encountered 404s navigating
to three pages. This change adds redirects for these pages in case
other sites link to them as well.
Listing users is different from most existing list operations
because multiple resource types are stored under the users prefix.
Care was taken to ensure that these extra resources(passwords,
mfa devices, etc) do not cause lising to omit any users.
* Update Oracle DB docs and messaging
update the docs and `tctl auth sign` instructions to call out the need to have the file permissions set to the oracle user
* Update oracle-self-hosted.mdx
* Update oracle-self-hosted.mdx
* Update docs/pages/database-access/guides/oracle-self-hosted.mdx
Co-authored-by: Marek Smoliński <marek@goteleport.com>
* Update tool/tctl/common/auth_command.go
Co-authored-by: Marek Smoliński <marek@goteleport.com>
* Update auth_command.go
---------
Co-authored-by: Marek Smoliński <marek@goteleport.com>
* Wait for restoring persisted state in initUi
* DocumentsReopen: Show number of open tabs and cluster name
* Move the comment for pluralize
* Log errors in AppInitializer
* Create useLogger hook
* Rename functions which initialize the app
* Don't wait for startup modals before showing UI
#32653 refactored github connector marshaling so that enterprise
could call the oss marshaler instead of maintaining a copy of it
in two repos. However, the check on the EndpointURL was not omitted
in ent builds.
* Organize IPC messages into sent to & from renderer
This way it's more clear which messages are sent from the renderer and
which ones are sent to the renderer.
The channels have also been renamed to include the recipient in the
name.
* Signal frontend app init from renderer to main process
* Send deep links to frontend app
* signalFrontendAppReadiness → signalUserInterfaceReadiness
* Use enums for IPC channels
* Fix grammar in WindowsManager.dispose JSDoc
* Replace mentions of "deep link" in UI with just "link"
* Extract `Resources` component that doesn't use Teleport APIs
* Move shared components to the shared package
* Fix license
* Add `PinningSupport` enum and support hiding the button
* Separate resource fetching from mapping them
* Remove `WindowsDesktopService` from `UnifiedResource`
* Replace `React.JSX.Element` with `React.ReactElement`
* Pass `pinning` object to `UnifiedResources` instead of individual properties
* When pinning is hidden, do not show the tab switcher
* Hide pin tooltip when there is no content
* Fix shared lint from Cloud
We were missing a single comma which caused a linter complaint in
Cloud.
* Add prettier-ignore because the versions don't agree :(
* Also fix jest/valid-title lint
Different lint, same reason (different linter versions). This removes
a prefix eslint deemed unworthy, in a newer version than is used by
Teleport.
This change enforces limits on the response size for http requests across Teleport.
The `e` reference is also being updated as the referenced commit includes similar fixes: https://github.com/gravitational/teleport.e/pull/2479
Bumps the go group in /integrations/kube-agent-updater with 1 update: [k8s.io/api](https://github.com/kubernetes/api).
- [Commits](https://github.com/kubernetes/api/compare/v0.28.2...v0.28.3)
---
updated-dependencies:
- dependency-name: k8s.io/api
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Add hosted Access Request plugin docs
See #29979
For the most part, the documentation for the Teleport Access Request
plugins assumes that a user is self-hosting their plugins, and contains
information for installing and configuring the plugin that is not
relevant to a user of hosted plugins.
This change edits the menu page of the Access Request plugin subsection
of the docs to add instructions for enrolling hosted Access Request
plugins. It also adds a note to the top of each guide for an Access
Request plugin with a hosted counterpart that a user can enable the
hosted version of that plugin. This anticipates a separate change to add
more detailed instructions to the hosted Access Request plugin
enrollment workflow within the Web UI.
* Update docs/pages/application-access/okta/guide.mdx
Co-authored-by: Isaiah Becker-Mayer <isaiah@goteleport.com>
---------
Co-authored-by: Isaiah Becker-Mayer <isaiah@goteleport.com>
Fixes#32640
On two docs pages, `tctl tokens ls` examples use a built-time variable
to specify a preset token value. The pages space the values of the
example tables to anticipate the variable, not the variable's
replacement value, meaning that the tables appear incorrect on the
rendered docs site. This change fixes the spacing within the tables.
* User auto-provisioning support for MariaDB
* fix lint
* revoke all-in-one role on deactivation
* review comments
* MariaDB to fallback on DeleteUser
* move sql files to a folder
* Database Automatic User Provisioning support for Redshift
* capitalize sql script
* DeleteUser to fallback to deactivate.
* add TPxxx code to RAISE messages
* fix missing space in scripts
* Update manual AD configuration for desktop access
* Change wording in CA Rotation, Troubleshooting, and intro paragraph
* Remove one xref, replace hard-coded value with the variable
* Switch syntax back to powershell
* Fix Assume Roles switch back, don't delete role if access list is using it.
When switching back to the regular user permissions after assuming roles via
an access request, Teleport will now use the user login state to ensure that
access list permissions are taken into account.
Additionally, users will not be able to delete roles if they are in use by an
access list. Finally, when refreshing the user while extending a web session,
the user login state will be regenerated and used for permissions.
* Use sentinel errors.
* Trace sentinel error values.
* Use errors.New instead.
Signed-off-by: guoguangwu <guoguangwu@magic-shield.com>
Signed-off-by: Tim Ross <tim.ross@goteleport.com>
Co-authored-by: guoguangwu <guoguangwu@magic-shield.com>
Updates tctl edit and the web ui to use the new UpdateRole RPC
which uses optimistic locking to enforce that concurrent
modifications to a role are not possible.
A few small improvements were also done on the github connector tests
which the role tests were based on.
Contributes to #30416.
* Add headless mode to 'tsh proxy kube'
* Require clusters specified for headless mode
* Use cf.Stdout()
Co-authored-by: STeve (Xin) Huang <xin.huang@goteleport.com>
* Remove unneeded check.
This error will be returned from 'c.prepare()'
* Extract logic of running headless proxy into a function
* Add comment about cancel function
* Use []byte instead of strings to avoid unnecessary conversions
* Add information note for the user about shell reexec.
* Modify headless kube proxy info print out.
* Fix protos after rebase.
* Fix mismatched number of returns
---------
Co-authored-by: STeve (Xin) Huang <xin.huang@goteleport.com>