Closesgravitational/docs#353
One dropdown menu item within the Installation page has a label that
overflows. This change shortens the label to fix the overflow.
While another route would have been to change the CSS of the dropdown
menu, widening it would start to approach the maximum width of some
mobile devices.
In general, the Installation page is filled with interactive boxes that
make for a somewhat convoluted reading experience. A later change will
reconsider the information architecture of this page.
* This change introduces a new 'promoted' access request state. The state represents that an access request has been promoted to an access list.
Affected code was modified to adjust to the new promoted state and ensure correct system's behavior.
Added a new 'GetAccessRequest' method for internal use to retrieve access request info.
Disallowed direct promotion of access requests. Introduced 'SubmitAccessReviewAllowPromotion' for promotions.
Added 'PromoteAccessRequest' method and updated its usage to restrict direct promotions.
Refactored code for better readability and testing. Renamed some functions, simplified logic, added test helpers.
Introduced 'promoted' state for access requests to handle promotion workflow.
Added 'PromotedAccessListTitle' in 'AccessReview' to track promotion state.
* Refactor function and message names for better clarity
The function and message names related to the promotion of an access request to an access list were restructured for better readability and consistency. Names like 'PromoteAccessReqResponse' have been replaced with more descriptive names such as 'PromoteAccessRequestResponse'. This increases clarity and consistency across the project.
* Remove the hacky GRPC server implementation
* Change method names to be more descriptive
Renamed all instances of 'PromoteAccessRequest' to 'AccessRequestPromote' in multiple files. The new method name provides a more descriptive and clear understanding of the method's function, which improves code readability and maintenance. This change applies to method definitions, comments, and error messages.
* Refine error message and introduce IsPromoted method
Refined the error message in 'access_request.go' to better indicate that only promoted requests can set the promoted access list title, not just have one. This enhances clarity of error message. Additionally, introduced 'IsPromoted' method in 'access_request.go' file. This method will be useful for quickly checking if a request is in the PROMOTED state.
* Rename variable in SubmitAccessReview method
Renamed the variable "params" to "submission" in the 'SubmitAccessReview' function, in 'auth_with_roles.go' file. The name "submission" provides clearer indictation of its role in submitting access review. This enhances code readability and understandability. No logic changes were made during this update.
Also note the updated release cadence:
- We release a major version every four months.
- With our policy to support three versions, each major version is supported for
12 months.
* Change PIV metadata cert to be self signed by an ephemeral key so it can be signed without touch/pin.
* Refactor touch prompt logic.
* Prompt user before overwriting non-teleport certificates instead of just returning an error.
* Update RFD and Docs.
* Address CR.
* Export some methods and variables for use in tests.
* Address comments.
Closes#32195
Correct some issues that were confusing or wrong:
- Move "Community Edition" to the first, default tab. Since we removed
scopes from the docs, and "Teleport Team" was the first tab in this
partial, it looked like Teleport Team was the intended default
installation. This is incorrect.
- Change the Teleport Team installation instructions to show the Cloud
installation steps.
* Set revision on resources retrieved from the backend
Adds a new `MarshalOption` that ensures the resource revision is
set when unmarshalling a backend item. The new `WithRevision` option
was also applied everywhere that the legacy `WithResourceID` was
being used.
* Prevent storing resource revision in the backend item value
The revision follows the same semantics as the resource id for
marshalling. This prevents both items from showing up in the value
of the backend item, which can prevent compare and swap operations
from completing succesfully. Each backend is responsible for
persisting the revision in some manner.
The existing PreserveResourceID was reused to prevent having to
make multiple copies of a resource when clearing the id and revision.
The marshal option will be updated in a follow up when the resource
id is removed.
* Ignore revision in resource comparisons
* RDS MySQL auto user provisioning
* add UT
* let go code manage procedure version
* Add reporting.
* fix lint
* change hash and use prepare stmt
* check same Teleport user
* fix UT
* Compare user roles if active connections
* fix typos
* Update copy of Connect My Computer setup
* Fix setup stories by using ResourcesContextProvider
* Add alignSelf to Button
* Use Flex to specify gap instead defining margins on individual elements
* Prevent setup story from updating store on each render
Otherwise I was getting Immer errors about updating frozen objects after
updating the Setup component.
* Add support for Protobuf Enums into Operator CRDs
This PR marks the Teleport enum fields as integer or string values. The
integer option is to ensure we are backwards compatibile with
previously installed CRDs.
Users can now represent their roles in Kubernetes custom resources and
refer enum fields as strings while their protobuf wire type is int32.
Fixes#29686
* add tests
* fix unit test
* Test registration with unusable devices
* Count devices according to cluster settings
* Use AddMFADeviceSync in test helpers
* Use AddMFADeviceSync on lib/auth tests
* Remove AddMFADeviceRequestInit from mfaAddTestOpts
* nit: Pass testing.T to lib/web.TestTerminalRequireSessionMFA funcs
* Ignore AddMFADevice usage in interceptor tests
* Deprecate AddMFADevice and its top-level messages
* Update generated protos
* Deprecate lib/client RPC wrapper
* Deprecate AddMFADevice in lib/auth.IdentityService
* Address deprecation warnings
* Add Access Review gRPC service methods and messages.
Protobuf methods and messages for Access Reviews have been added.
* removed_users to removed_members, fix up proto comment.
* Rename body to notes.
* Allow for multiple reviewers.
This method would already update traits if ReloadUser was passed. This
was enough when adding a new SSH node through Discover. For Connect My
Computer though, we have to refresh the role list in order to get access
to a freshly added node.
* Updated packer version to fix tag builds
* Update packer version for enterprise builds as well.
---------
Co-authored-by: Reed Loden <reed@goteleport.com>
The Github connector examples in the docs were switched around.
Trying to create a Github connector with `api_endpoint_url` or `endpoint_url` set when using Teleport Community Edition results in an error:
```
[ec2-user@teleport ~]$ sudo /usr/local/bin/tctl create -f github.yaml
ERROR: this feature requires Teleport Enterprise
```
Setting both these values to empty strings causes creation to succeed.
Reported on Slack.
This repo hasn't been updated in 7 years and is not up to our current
quality or security standards. In addition, we only leveraged a single
function from it.
Updates #5685
* Add resources context
* Refresh resources after Connect My Computer setup
* Verify useServerSideResources uses the same args on refetch
* Convert ResourceFilter comments to JSDoc
* Prevent duplicate Access List owners.
Duplicate access list owners are now prevented. In the event that duplicate
access list owners are currently in the backend, this commit will deduplicate
them and choose the first owner with the same name when getting the access
list to maintain backwards compatibility.
* Use map struct, run GCI.
* Extract `ShowState` component in the setup story to minimize code duplication
* Add `ProgressBar`
* Add a sentence above the setup steps
* Automatically start setup in some stories
* Replace `wait` with Promise that never resolves
---------
Co-authored-by: Rafał Cieślak <rafal.cieslak@goteleport.com>
Previous to `gh` `v2.24.0`, GitHub auth tokens were stored in plaintext
under `~/.config/gh/hosts.yaml` but since the mentioned version, tokens
are stored in the system keyring.
- Keychain on macOS
- GNOME Keyring on Linux (Secret Service dbus interface)
- Wincred on Windows
This PR executes `gh auth token` to extract the provided token.
Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>