* Improve and unify cache logging
Re-init the cache errors now provide the error via `WithError` instead
of passing the stringify error into the log message. This allows for
the stack trace of the log to show up in the logs to help determine
which resource caused the error.
Logging in the various collection resources was all converted to
follow the same pattern to ensure consistency.
The `Logger` field of the cache was also moved to a named field instead
of being an embedded field.
Updating our predicate fork to get support for object methods and binary
expressions within function arguments. These will be useful for
implementing login rules (RFD 78).
* Drop usage events after too many retries
This change adds a retry counter to individual events (5) and drops
them after too many failures. If an event is malformed and can never
be submitted, or if the backend is down for an extended period of
time, events are dropped instead of generating excessive log spam.
Additionally, only failed events are resubmitted rather than entire
batches as some events may have submitted successfully.
Also, a few log messages are revised.
* Remove `dropped` since we can calculate all the info we need
* Fix lints
This PR fixes a bug introduced in the kubernetes join method.
EKS is not formatting version.Minor as an integer, (e.g. `23+`). It is not possible to reliably parse this field and this blocks nodes from joining.
Co-authored-by: Noah Stride <noah.stride@goteleport.com>
Co-authored-by: Nic Klaassen <nic@goteleport.com>
* Add a glossary of Teleport terms
Closes#16121Closes#13363
- Create a Core Concepts page based on the Architecture Overview page.
The Overview page is an outline of core concepts, so I thought it
would make a good starting point for the glossary.
- Add the Core Concepts page to the Home section to make it more
prominent for users who are visiting the docs homepage. This should
give it more traffic than leaving it in the Architecture section.
- Move definitions out of the "Definitions" table. Since this table
repeats content from the body sections and comes after them, it makes
sense to condense all content into brief body sections.
- Alphabetize sections
- Bold the first instance of each keyword within a given section. Not
adding links since these are all to the same page. It might get a bit
confusing to click a link and not see a change in view, since the
target section would already be on the page.
- Remove the intro paragraph of the old Overview page, since it's not
strictly related to core concepts.
* Respond to PR feedback and add further edits
- Group definitions into H3-level sections organized into H2s, improving
readability by presenting the more central components first.
- Group "Machine ID" with "Teleport Services" to simplify the glossary.
- Call instances of a Teleport Service an "agent". This is consistent
with our source and informal language about Teleport. This also
removes the "Node" terminology, which is prone to misuse (does it mean
"a Service instance"? An "SSH Service instance"? Both are present in
the docs) and easily confused with the lowercase "node" (i.e., a
host).
- For simplicity, remove the term "Teleport Process" and simply explain
that multiple Teleport Services can run via the same binary.
- Add a section on Teleport's editions, including the terms "Community
Edition", "Enterprise", and "Enterprise Cloud".
- Remove the mention of Teleport Discover, which isn't documented yet.
- Minor wording/readability changes.
* Respond to PR feedback
* Respond to zmb3 feedback
This PR extends the Kubernetes Service to support the WebSocket
protocol in Kubernetes Porforward calls.
The Websocket protocol is required so that Kubernetes clients
like C#, Python, and Javascript can create portforward requests
to Kubernetes PODs. Although Teleport supports clients using WebSocket
protocol, it still uses SPDY protocol when connecting to upstreams -
Teleport Services or Kubernetes API.
Contrary to requests through SPDY, WebSocket requests do not support any
concurrency or multiplexing. This is a protocol limitation since
it only creates a single stream pair per port. When using it
concurrently, the requests will be mixed and fail.
Fixes#18783
This commit reduces the number of `log.Debug`s in the trait loop evaluation in case of a mismatch.
This commit also optimizes the trait eval loop ensuring that each regexp is compiled at-most once, and only if strictly needed.
The TestTCPCertExpiration test may have a race condition where the connection
made to the test application immediately after the cert expiry may succeed.
Due to the wonky nature of using the fake clock in this test, I'm introducing
a requires.Eventually here to hopefully mitigate this race.
Handle a few common macOS errors, as well as gRPC unimplemented errors, and
return more user-friendly messages in their place.
gravitational/teleport.e#514
One link to the Teleport Downloads page in the Connect your Client
section introduction was being redirected multiple times. This change
fixes the link.
Implement native macOS methods required by device enrollment, namely methods to
Create/Get the device key, Sign challenges with it, and to collect device data
(aka serial number).
The implementation is rather similar to lib/auth/touchid, but simpler in a few
aspects:
1. Device keys don't require user interaction (as in they don't cause a touch ID
prompt); and
2. There exists, at most, a single device key at all times.
I've added a tiny refactor to reuse Apple public key parsing from touchid, plus
some changes so touchid doesn't break in the face of unexpected keys (which the
device key didn't cause, per se, but my experiments getting to it did).
gravitational/teleport.e#514
While working on integration tests, I noticed that testOptions.leafConfig
is simply ignored because after we set up the leaf cluster config, we call
testOptions.rootConfig instead.
This change brings back setting alpha to 100% (fully opaque) before sending bitmap data to TDP in Desktop Access.
This fixes problem with using Desktop Access with Windows 10.