* Update ClusterClient to use GenerateUserCerts
* Refactor performMFACeremony into a plain func
* Move IssueUserCertsWithMFA to performMFACeremony
* Address linter issues, handle errors
* Add agent updates follow the cluster upgrade to the FAQ
* Revise maintenance window start time topic
* Edit the upgrade topics
* Modify auto update information for cluster services and agents
* Fix link to agent update enrollment
* Revise cluster and agent Upgrade > Update FAQs
* Fix update typo
* Get revision for moderated sessions into the 15.x directory
* Add backticks and < > around mode
* Add keywords
* Fix typo
* remove extraneous line
* Update connect your client with changes related to moderated sessions
* updates from Zac's review
* fix typo
* fix typo
* You can only require session moderation using Enterprise editions
* Clarify the Teleport Enterprise requirement
* Add paragraph about role mapping and moderated sessions
* updates from Paul's review
* updates from Paul's review-2
* Replace caveat about join_sessions/deny rules
* Add notification bell to top bar
Also fixes topbar.test act warnings (even though tests passed)
* Add attention dot to navigation switcher
* Add attention dot to navigation item
* Create store notification and enable it
* Address review
- Made store notification type more generic
- Drop opactiy styling for top bar drop downs
- Use assertUnreachable in switch cases
* Address CR
* Fix import path and rename file
* Leave a TODO comment
* Prevent double registration of Kubernetes GVK for older Kube clusters
Older Kubernetes clusters might have types that live outside of default
Kubernetes types but are registered using different APIs. When Teleport
starts, it tries to pull the resources from the cluster and panics
because a certain type is already registered.
This PR adds a check that prevents double registration.
Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>
* add unit test to check for panic
---------
Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>
Access requests are now able to use the user login state as opposed to just
the static user definition. This will allow access lists to influence who can
review access requests.
The access lists and members have been removed from the cache. There's not
a lot of value having them in there and they create some uncomfortable
questions since members are dependent on access lists and the cache isn't
designed for dependent operations like this. By removing them we avoid a
lot of pain here.
Our methods for emitting audit events take 10 arguments already,
and we need to add more as part of the work in #30417. To make
this more manageable, create an auditor struct that will hold on
to state that is shared for all audit events in a session (ID,
user identity, the desktop we're connecting to, etc.)
As a result, the "audit cache" for directory sharing events is
also simplified - we now create one of these per-session rather
than maintaining one large cache for all sessions.
This commit updates all the Docker images from ghcr.io/gravitational/teleport-buildbox:teleport14 to ghcr.io/gravitational/teleport-buildbox:teleport15 in multiple workflow files.
* DiscoveryConfig: init service and add it to `tctl`
This PR starts the DiscoveryConfig service in gRPC server and allows
`tctl` to interact with those records.
It also adds access to the `editor` role.
Users should be able to RW any DiscoveryConfig.
DiscoveryService should be able to watch those resources, so that it can
act upon any changes.
* add revision
* add upsert method
* improve tctl -f command
Today, our AD support largely assumes there is a single active directory
domain. The certificates that we generate are for users in this domain,
the computers we discover via LDAP come from this domain, and the PKI
set up we perform targets this domain.
In more complicated AD configurations, PKI is often configured in a root
domain, while users, servers, and discovery should be done against a
child domain.
The new pki_domain configuration field will allow you to override the
default domain specified in the ldap section with a root domain that is
used for configuring the NTAuth store and publishing the CRL. Teleport
continues to do discovery and issue certificates for the domain
specified in the ldap section of the config.
* utils.RecursiveChown: Harden against user access race conditions
Prior to this change a user could exploit Teleports privileged access to `chown` arbitrary files on the system.
This is due to the directory being changed first, allowing a small time window where a user can remove or rename the still `root` owned files with a symlink. The added tests help show this issue in a more controlled way.
A switch to `os.Lchown` avoids the risk in following symlinks to files. In addition, in order to remove the risk for hardlinks (notably on OSX with reduced hardlink protections), as well as risks with directory symlinks, the folder structure is inspected before any `chown` operation. And then the files are updated before their parent directories.
* Update other instances of `os.Chown` to `os.Lchown`
None of these cases should expect a symlink that would need to be followed.