* Add monorepo
* Add reset/passwd capability for local users (#3287)
* Add UserTokens to allow password resets
* Pass context down through ChangePasswordWithToken
* Rename UserToken to ResetPasswordToken
* Add auto formatting for proto files
* Add common Marshaller interfaces to reset password token
* Allow enterprise "tctl" reuse OSS user methods (#3344)
* Pass localAuthEnabled flag to UI (#3412)
* Added LocalAuthEnabled prop to WebConfigAuthSetting struct in webconfig.go
* Added LocalAuthEnabled state as part of webCfg in apiserver.go
* update e-refs
* Fix a regression bug after merge
* Update tctl CLI output msgs (#3442)
* Use local user client when resolving user roles
* Update webapps ref
* Add and retrieve fields from Cluster struct (#3476)
* Set Teleport versions for node, auth, proxy init heartbeat
* Add and retrieve fields NodeCount, PublicURL, AuthVersion from Clusters
* Remove debug logging to avoid log pollution when getting public_addr of proxy
* Create helper func GuessProxyHost to get the public_addr of a proxy host
* Refactor newResetPasswordToken to use GuessProxyHost and remove publicUrl func
* Remove webapps submodule
* Add webassets submodule
* Replace webapps sub-module reference with webassets
* Update webassets path in Makefile
* Update webassets
1b11b26 Simplify and clean up Makefile (#62) https://github.com/gravitational/webapps/commit/1b11b26
* Retrieve cluster details for user context (#3515)
* Let GuessProxyHost also return proxy's version
* Unit test GuessProxyHostAndVersion & GetClusterDetails
* Update webassets
4dfef4e Fix build pipeline (#66) https://github.com/gravitational/webapps/commit/4dfef4e
* Update e-ref
* Update webassets
0647568 Fix OSS redirects https://github.com/gravitational/webapps/commit/0647568
* update e-ref
* Update webassets
e0f4189 Address security audit warnings Updates "minimist" package which is used by 7y old "optimist". https://github.com/gravitational/webapps/commit/e0f4189
* Add new attr to Session struct (#3574)
* Add fields ServerHostname and ServerAddr
* Set these fields on newSession
* Ensure webassets submodule during build
* Update e-ref
* Ensure webassets before running unit-tests
* Update E-ref
Co-authored-by: Lisa Kim <lisa@gravitational.com>
Co-authored-by: Pierre Beaucamp <pierre@gravitational.com>
Co-authored-by: Jenkins <jenkins@gravitational.io>
* Initial commit with split Helm chart for proxy/auth and node elements
* Many, many changes to add all required features
* Remove cert-manager and nginx-ingress
* Update TTL
* Add build-essential and python-dev to cloudflare-agent Docker build and set exit on error
* Add --force-upgrade flag to Tiller for potentially different Helm versions
* Enable Letsencrypt by default
* Overhaul naming to allow better multi-tenancy on k8s clusters
* Add NOTES.txt to provide cluster usage instructions
* Make the use of trusted clusters entirely optional
* Actually make the use of trusted clusters entirely optional this time
* Update .gitignore
* Update whitespace formatting in NOTES.txt
* Enable Letsencrypt by default
* Move secrets to git submodule
* Fix README typo and add secrets to .gitignore
* Update documentation
* Add some extra details to NOTES.txt
* Address PR comments plus update all references to Teleport 3.1.4 -> 3.1.7
* Make Cloudflare TTL optional (use Cloudflare's auto value when it's not provided)
* - Explicitly add admin role to clusters with use of kubernetes_groups
- Fix use of claims_to_roles so it can be specified in values.yaml
- Improve Minikube/NodePort support
- Replace use of containerPort with service port for LoadBalancer objects
* Update secrets in submodule to use Kubernetes-enabled license
* Add admin role script to containers
* Ignore all secrets files
* Update k8s RBAC to fix proxy functionality, also create 'clusteradmin' and 'admin' roles in Teleport to split permissions
* Update default version to 3.1.8
* Add k8s cluster roles and bindings to allow use of CSR APIs and limited permission scope
* Restrict admin role from seeing/updating auth_connectors
* Fix whitespace and naming bug
* Change from using k8s CSR API to impersonation API
* Update from kubectl 1.12.4 -> 1.12.5 for security fix
* Updated build scripts to use Docker cache properly, also using version tags for all containers now to keep things tidier
* Use docker build --pull rather than manual pull, also remove unused TELEPORT_VERSION arguments