Paul Gottschling
bb1f9899c1
Alphabetize the GUI Client page ( #25013 )
...
Closes #20018
2023-04-24 19:38:31 +00:00
Brian Joerger
40ba8f3879
Headless Login explicit username ( #24689 )
...
* Return an error if user is not explicity set for headless login.
* Add test.
* Resolve comments.
* Fix typo.
2023-04-24 19:36:32 +00:00
dependabot[bot]
e2efb22deb
Bump github.com/aws/aws-sdk-go-v2/service/rds from 1.42.3 to 1.43.1 ( #25039 )
...
Bumps [github.com/aws/aws-sdk-go-v2/service/rds](https://github.com/aws/aws-sdk-go-v2 ) from 1.42.3 to 1.43.1.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/rds/v1.42.3...service/ec2/v1.43.1 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/rds
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-24 18:10:37 +00:00
Brian Joerger
a84bab8bd2
[RFD] Proxy Templates update: cluster switching and tsh ssh
parity ( #24586 )
...
* Update proxy templates rfd to include cluster switching section and tsh ssh section.
* Resolve comments.
2023-04-24 17:52:04 +00:00
Michael Wilson
5d6b5adca4
Add login hooks. ( #24828 )
...
* Add login hooks.
Login hooks have been added to support performing arbitrary operations on
user login. This is done to support generating of an Okta assignment on
user login for the Okta service feature.
* Don't use error channel for calling hooks, test login hooks.
* Expose ResetLoginHooks for external testing.
* Provide user as part of login hook.
* Update lib/auth/methods.go
Co-authored-by: Alan Parra <alan.parra@goteleport.com>
* Improve the documentation for LoginHook, AuthenticateUser returns types.User.
* Use user.GetName() instead of username in AuthenticateSSHUser response.
* Address nits and restore comments.
---------
Co-authored-by: Alan Parra <alan.parra@goteleport.com>
2023-04-24 17:26:45 +00:00
Tiago Silva
c98cb70625
Try fixing TestGetKubeCreds
( #24964 )
...
This PR tries to fix an unknown and weirdly reported data race.
Fixes #23510
2023-04-24 17:08:04 +00:00
Forrest
edfb418cc3
fix github url formatting ( #25089 )
2023-04-24 17:03:18 +00:00
dependabot-batcher[bot]
55d132a135
Batched Dependabot updates ( #25054 )
...
* Bump github.com/alicebob/miniredis/v2 from 2.30.1 to 2.30.2
Bumps [github.com/alicebob/miniredis/v2](https://github.com/alicebob/miniredis ) from 2.30.1 to 2.30.2.
- [Release notes](https://github.com/alicebob/miniredis/releases )
- [Changelog](https://github.com/alicebob/miniredis/blob/master/CHANGELOG.md )
- [Commits](https://github.com/alicebob/miniredis/compare/v2.30.1...v2.30.2 )
---
updated-dependencies:
- dependency-name: github.com/alicebob/miniredis/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* Bump github.com/fsouza/fake-gcs-server from 1.44.1 to 1.44.2
Bumps [github.com/fsouza/fake-gcs-server](https://github.com/fsouza/fake-gcs-server ) from 1.44.1 to 1.44.2.
- [Release notes](https://github.com/fsouza/fake-gcs-server/releases )
- [Commits](https://github.com/fsouza/fake-gcs-server/compare/v1.44.1...v1.44.2 )
---
updated-dependencies:
- dependency-name: github.com/fsouza/fake-gcs-server
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* Bump github.com/aws/aws-sdk-go-v2/service/athena from 1.25.0 to 1.25.2
Bumps [github.com/aws/aws-sdk-go-v2/service/athena](https://github.com/aws/aws-sdk-go-v2 ) from 1.25.0 to 1.25.2.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.25.0...service/fsx/v1.25.2 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/athena
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.31.3 to 1.32.0
Bumps [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2 ) from 1.31.3 to 1.32.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.31.3...service/s3/v1.32.0 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Bump github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/redis/armredis/v2
Bumps [github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/redis/armredis/v2](https://github.com/Azure/azure-sdk-for-go ) from 2.2.0 to 2.2.1.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases )
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md )
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/resourcemanager/redis/armredis/v2.2.0...sdk/resourcemanager/redis/armredis/v2.2.1 )
---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/redis/armredis/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* Bump github.com/Microsoft/go-winio from 0.6.0 to 0.6.1
Bumps [github.com/Microsoft/go-winio](https://github.com/Microsoft/go-winio ) from 0.6.0 to 0.6.1.
- [Release notes](https://github.com/Microsoft/go-winio/releases )
- [Commits](https://github.com/Microsoft/go-winio/compare/v0.6.0...v0.6.1 )
---
updated-dependencies:
- dependency-name: github.com/Microsoft/go-winio
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* Bump sigs.k8s.io/controller-tools from 0.11.3 to 0.11.4
Bumps [sigs.k8s.io/controller-tools](https://github.com/kubernetes-sigs/controller-tools ) from 0.11.3 to 0.11.4.
- [Release notes](https://github.com/kubernetes-sigs/controller-tools/releases )
- [Changelog](https://github.com/kubernetes-sigs/controller-tools/blob/master/RELEASE.md )
- [Commits](https://github.com/kubernetes-sigs/controller-tools/compare/v0.11.3...v0.11.4 )
---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-tools
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* Bump github.com/prometheus/client_golang from 1.14.0 to 1.15.0
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang ) from 1.14.0 to 1.15.0.
- [Release notes](https://github.com/prometheus/client_golang/releases )
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prometheus/client_golang/compare/v1.14.0...v1.15.0 )
---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Bump libc from 0.2.141 to 0.2.142
Bumps [libc](https://github.com/rust-lang/libc ) from 0.2.141 to 0.2.142.
- [Release notes](https://github.com/rust-lang/libc/releases )
- [Commits](https://github.com/rust-lang/libc/compare/0.2.141...0.2.142 )
---
updated-dependencies:
- dependency-name: libc
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-24 16:33:22 +00:00
Tiago Silva
12be6aaf5d
Hide tsh bench
commands ( #25078 )
...
PR #23763 introduced `tsh bench kube ls|exec` and `tsh bench ssh` but didn't correctly hide those flags from the `tsh` binary.
Co-authored-by: Steven Martin <steven@goteleport.com>
2023-04-24 16:13:04 +00:00
Marco André Dinis
a93e086bcc
Join Script: fix tarball folder for ent builds ( #25057 )
2023-04-24 15:08:18 +00:00
Alan Parra
48dd429917
Return auto-enroll status on Ping ( #24752 )
...
* Return auto-enroll status on Ping
* Verify both old and new flags
2023-04-24 14:43:29 +00:00
Michael Wilson
a611435a17
OktaAssignment and UserGroup in auth cache. ( #25015 )
...
The OktaAssignment and UserGroup read resources have been added to the auth
server's cache.
2023-04-24 13:51:22 +00:00
Michael Wilson
d115832d0e
Correct add application in test plan. ( #24979 )
...
Add Application has been changed to link directly to the documentation,
so the test plan has been updated accordingly.
2023-04-24 13:51:10 +00:00
Michael Wilson
583d0d3248
Add in group labels for role conditions. ( #24811 )
...
Group labels have been added in for role conditions that will allow
access to UserGroup objects.
2023-04-24 13:32:11 +00:00
Steven Martin
fe4b58aa9f
docs: fix spelling and remove misspelled word from spellcheck skip ( #25027 )
2023-04-24 09:31:36 +00:00
Steven Martin
16163390df
Go spell fixes ( #25033 )
2023-04-24 09:21:26 +00:00
Tiago Silva
85585290b4
Fix disconnect_expired_cert
when Kube Identity forwarding is used ( #24913 )
...
* Fix `disconnect_expired_cert` not being respected for Kube
Teleport 13 introduces the identity forwarding mechanism that allows
a proxy to forward the client's identity without re-signing a new
certificate on his behalf. Proxy uses its certificate key pair and it's
valid for a long period of time resulting in the current version not
respecting the connection termination.
This PR removes the parsing of the connection certificate and uses the
value provided by the unmapped identity - supports the new and old
forwarding methods.
Fixes #24910
* fix test
2023-04-24 09:00:16 +00:00
Anton Miniailo
cf2c7059a3
Add full IP pinning enforcement ( #24743 )
...
* Add full IP pinning enforcement
We're adding IP pinning check to `authorizer.Authorize` which is used for every call,
so now all communications with teleport should enforce IP pinning.
Also making sure we always provide login IP for user certificate creation
and correct client IP propagation everywhere.
* Add integration test for App IP pinning.
* Fix wording
Co-authored-by: Tiago Silva <tiago.silva@goteleport.com>
* Wrap error
Co-authored-by: Tiago Silva <tiago.silva@goteleport.com>
* Add godocs
* Clone TLS config
* Improve proxyHeaderSigner usage
* Wider use proxyHeaderDialer and remove adhoc writing of singed header
* Add helper function TLSDial
* Use proxyHeader dialer in authConnect
* Simplify tlsConfig manipulation
Co-authored-by: Przemko Robakowski <przemko.robakowski@goteleport.com>
* Remove redundant channels processing in TLSDial
* Reduce nesting
* Update generated protobufs
* Remove ignoring of bad IP on signed PROXY header generation
* Provide logger to CheckIPPinning function
---------
Co-authored-by: Tiago Silva <tiago.silva@goteleport.com>
Co-authored-by: Przemko Robakowski <przemko.robakowski@goteleport.com>
2023-04-23 17:09:49 +00:00
Andrew LeFevre
00bb19661e
ensure forwarded SSH agent is always closed ( #24947 )
...
Previously when handling an SSH agent forward request from a SSH
connection to a registered SSH node, the forwarding SSH server would
open a SSH channel for the SSH agent but never close it. tsh wasn't
affected by this and would exit cleanly when the SSH session was closed.
OpenSSH ssh would hang waiting for the open SSH agent channel to close,
which would never happen.
2023-04-21 22:58:20 +00:00
rosstimothy
b6b57bcfe8
Unify errors returned from ProxyClient when targets are ambiguous ( #25004 )
...
Ensures that SSH and gRPC connections via `tsh` return the same
error when dialing a host fails.
Closes #24943
2023-04-21 20:36:47 +00:00
Edoardo Spadolini
091b1db314
Update e ref ( #24893 )
2023-04-21 19:39:24 +00:00
Edoardo Spadolini
fe92efdb17
Pass the auth.Server itself to inventory.NewController ( #24976 )
2023-04-21 19:24:43 +00:00
Steven Martin
989d6ee73c
docs: Adds common Teleport configure,start and helm charts for non-iam db access guides ( #23878 )
...
* Adds common Teleport configure,start and helm charts for db access
* Add helm install and standard configure, start for non-IAM DBs
* Correct teleport version used in helm install
* Correct helm reference
* Change helm install styles
Co-authored-by: Alex Fornuto <alex.fornuto@goteleport.com>
* rm extra space
* elevate and expand multi-service warning
* Add oracle for helm option
* language update
* specify database name for db configure and helm
* spell fix
* lint fix
---------
Co-authored-by: Alex Fornuto <alex.fornuto@goteleport.com>
2023-04-21 17:53:59 +00:00
Michelle Bergquist
2e9ed857da
Adds dependencies for teleport/e #1135 ( #24574 )
...
- Adds helper methods for formatting dates
- Adds stripe dependencies to yarn lock
2023-04-21 17:16:58 +00:00
Steven Martin
e68d304531
docs: fix directory instruction for docs contributing ( #24980 )
2023-04-21 16:48:49 +00:00
Gus Luxton
2a76b2fb8d
docs: Change listen_addr
to web_listen_addr
in custom Helm deployment guide ( #24933 )
...
* docs: Change `listen_addr` to `web_listen_addr` in custom deployment guide
`listen_addr` is the address for the SSH proxy. `web_listen_addr` is the correct value for the TLS/web listener.
* Update custom.mdx
Update other reference
2023-04-21 14:16:34 +00:00
Andrew LeFevre
3cf48120af
don't rely on info in SSH user cert when connecting to agentless nodes ( #24935 )
...
After finding now 2 very similar bugs today related to trying to pull
connection information out of SSH certificates instead of just passing
it directly, opt to pass the information directly to prevent future bugs.
2023-04-21 13:44:17 +00:00
Anton Miniailo
702efde420
Add IP Pinning section to testplan ( #24870 )
2023-04-21 13:40:17 +00:00
Tobiasz Heller
941b7350d3
update go.mod and golangci to go1.20 ( #24969 )
2023-04-21 12:20:58 +00:00
STeve (Xin) Huang
9b749ce8a1
fix reverse tunnel cannot connect if proxy address contains https ( #24871 )
...
* fix reverse tunnel cannot connect if proxy address contains https
* move check to process.singleProcessMode
2023-04-21 10:44:05 +00:00
Ryan Clark
bdc3db931e
Add the favicon back ( #24904 )
2023-04-20 23:02:26 +00:00
Alex Fornuto
95b30cc51a
replace 'machine' with 'host' or 'workstation' ( #24932 )
2023-04-20 22:22:46 +00:00
Alex Fornuto
5b07934e9d
clarify tctl command location and secret destination ( #24931 )
2023-04-20 22:21:56 +00:00
Steven Martin
efba92ae64
docs: make adopters table markdown for cleaner look ( #24939 )
2023-04-20 22:20:47 +00:00
Roman Tkachenko
e62745eda8
Add RFD for fetching EC2 tags via API ( #22033 )
2023-04-20 20:06:03 +00:00
Alan Parra
de8c4af08f
Remove U2F migration testplan instructions ( #24923 )
2023-04-20 19:52:46 +00:00
Andrew LeFevre
4160f8e438
use correct certificate extension when getting cluster of agentless node ( #24909 )
...
lib/utils.CertTeleportClusterName is set by the SSH user key auth
handlers, so it should always be set.
2023-04-20 19:22:48 +00:00
Alan Parra
dd20892fa7
Add auto-enroll toggle to device trust config ( #24747 )
...
* Add auto-enroll toggle to DeviceTrust proto
* Update generated protos
* Add auto-enroll toggle to fileconf
* Document Mode caveat on AutoEnroll
* Add a minimal config test
2023-04-20 19:21:48 +00:00
Isaiah Becker-Mayer
61e4301b9b
Makes the Per Role
per session mfa example accurate ( #24863 )
...
* simplifies and edits example to make it accurate
* as login jerry
2023-04-20 18:27:30 +00:00
Brian Joerger
3883084766
Add key attestation to generate user certs to catch non-login flows. ( #24867 )
2023-04-20 17:28:01 +00:00
Steven Martin
73a941c1f3
docs: remove unneeded sudo for removing user data dirs ( #24901 )
2023-04-20 17:18:38 +00:00
teleport-post-release-automation[bot]
0f183f9398
[auto] Update AMI IDs for 12.2.4 ( #24903 )
...
Co-authored-by: GitHub <noreply@github.com>
2023-04-20 16:54:41 +00:00
Steven Martin
8f80db470a
docs: remove duplicate content in oracle guide ( #24882 )
...
* docs: remove duplicate content in oracle guide
* fix headers
* correct header numbers
2023-04-20 15:43:59 +00:00
Michael Wilson
1f02e4807e
Update crewjam/saml dependency. ( #24884 )
...
Update the crewjam/saml dependency to pull in HSM support from
https://github.com/crewjam/saml/pull/503 .
2023-04-20 14:16:46 +00:00
Paul Schisa
04f1fe8c3c
Update Cloud FAQ doc to remove latency note ( #24886 )
...
With the rollout of all proxies to all prod tenants, this is no longer an opt-in functionality
2023-04-20 14:12:54 +00:00
Alan Parra
8dd586b985
Log informative messages for device authn failures ( #24849 )
2023-04-20 13:50:44 +00:00
Hugo Shaka
68bf10d3d1
Fixes for teleport-kube-agent-updater ( #24746 )
...
* integrations/updater: disable CGO to ensure static builds
* helm: fix updater selectors in `teleport-kube-agent`
* helm: fix updater flags
* helm: make the updater able to watch secrets, create events and acquire leases
* integrations/updater: add dummy healthz route
* integrations/updater: fix typo in DEBUG instructions
* helm: update test snapshots
2023-04-20 13:17:03 +00:00
Marco André Dinis
ec6085e949
Web TestPlan: add Discover wizard ( #24808 )
2023-04-20 09:07:33 +00:00
Marco André Dinis
d53e422998
Use apt.releases to fetch pub key ( #24813 )
2023-04-20 07:56:16 +00:00
Andrew LeFevre
a76e411a44
refactor how 'tsh scp' destinations are parsed ( #24441 )
...
A complex regex was previously used to parse 'tsh scp'
destinations, which was hard to understand and even harder
to maintain for those not intimately familiar with regex,
despite it being heavily commented. Instead parse destinations
directly and add more test cases and a fuzz test to ensure
parsing won't panic and the new parse function doesn't
have any regressions.
2023-04-19 22:17:47 +00:00