* Document new Okta import rule regexes.
Okta import rules now support regex matching for label application.
* Use a better word for the example regex.
* Add Assist to the access role
Per our latest conversation, we want to add Teleport Assist access to everyone with the built-in access role.
* Fixed test
* Adds info on exporting requirements for impersonated certs
* Update note on certificate
* language
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
---------
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
* Edit the docs test plan
Add an item to remove version warnings for versions we no longer
support. Currently, we remove these version warnings as we encounter
them. This change makes this task a regular, predictable step when
releasing a new major Teleport version.
* Respond to stevenGravy feedback
* RFD: auto-generate the `tctl` resource reference
* Partial response to codingllama feedback
* Partially respond to feedback
- Be more specific about expectations around struct tags
- Propose replacing struct field names in field descriptions with the
user-facing field name
- Use comments instead of separate files for example YAML
- Be more explicit about the scope of the RFD (it applies to resources
applied via `tctl`)
- Use a Go map for the generator configuration
- Indicate that this Make target will depend on `make grpc`.
- Add a second Eng reviewer
- Propose making running the generator part of our release procedure
* Propose including all Teleport resources
And excluding user-configured resources
* Give this an RFD number
* Apply suggestions from code review
Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
* Fix RFD number clash
---------
Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
This PR extends Teleport support for applying `tctl lock
--server-id=<host_id>` for other builtin roles besides `RoleNode`.
Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
* WebPublicAddr includes user specified port.
The WebPublicAddr function did not include the user specified port for public
addresses, which could potentially yield a public address that does not exist.
This was impacting the SAML identity provider, which uses this function for
determining the public address of the identity provider.
* Preserve existing behavior for KubeAddr.
* Tune the logic to minimize impact on kube address.
* Move port declaration closer to where it's used.
* Adjust Connect to light theme
* Remove `clusters/*` element
* Add terminal colors
* Remove warning about using `false` as `color`
* Add custom styling for `Toggle`
* Fix light theme for file transfer, use the same border color for the drop area as for the input
* Do not hardcode color in `CliCommand`
* Use #000 as black
* Convert rgba colors to be non-opaque
* Fix two slightly incorrect colors
* Remove react-use-websocket
* Stop large command outputs from overflowing
* Try to select a login that isn't root/ubuntu/etc
* Stop the navigation switcher from closing whilst assist tooltip is shown
* Update web/packages/teleport/src/Assist/contexts/messages.tsx
Co-authored-by: Jakub Nyckowski <jakub.nyckowski@goteleport.com>
* Sort logins alphabetically and put the root logins last
* Add a test for logins sorting
---------
Co-authored-by: Jakub Nyckowski <jakub.nyckowski@goteleport.com>
* Vendors the `pagerduty` plugin source into `teleport`
This commit vendors the PagerDuty Access Plugiun code into the `teleport`
repo (from `teleport-plugins`), with only the minimal set of changes
required to get it to compile and tests to pass.
Changes include:
- updating the package name (`main` -> `pagerduty`)
- removing `main.go`
- removing installation scripts
- minor testing tweaks to aid local debugging
* Revert test change
* `go mod tidy`
* fmt
* linter appeasement
* Use the proper check for the SAML IdP session.
KindWebSession should be used for checking SAML IdP permissions instead of
KindSAMLIdPSession.
* Add in tests.
* Fix tests.
* Make sure proxy can create sessions.
* Remove debug statement.
* Remove errant comment.
* Add IAM auth info to ElastiCache guide
* Update docs/pages/database-access/guides/redis-aws.mdx
Co-authored-by: Alex Fornuto <alex.fornuto@goteleport.com>
---------
Co-authored-by: Alex Fornuto <alex.fornuto@goteleport.com>
* Add plugin static credentials getter.
The plugins service now supports getting plugin static credentials through
gRPC. This is necessary for supporting static credentials storage and
reading in our plugins.
* Rename to Search instead of Get.
* Add explanatory comment for search.
* Add docs for database auto user provisioning
* Address feedback
* Fix
* More lint fixes
* Fix
* Apply suggestions from code review
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
---------
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
* Set the correct file permission on make grpc
https://github.com/gravitational/teleport/pull/26640 introduced the new GRPC buildbox. The new Docker image uses the default user (root) which changes the generated files owner on all generates files.
This PR sets XDG_CACHE_HOME to allow buf to run as a provided user.
Note: This is mainly Linux issue, as MacOS does not change the owner of modified files in mounted volumes.
* Use podman for GRPC generation
* Remove docker override on Linux
* Restore example ARG values
* Update build.assets/Dockerfile-grpcbox
Co-authored-by: Marco André Dinis <marco.dinis@goteleport.com>
---------
Co-authored-by: Marco André Dinis <marco.dinis@goteleport.com>
* Build change for when go caching should be used
This commit does the following:
* Updates all `setup-go` actions to use v4 (which has caching enabled by default)
* For `shared-workflow` jobs caching is left enabled due to the presumed small size
* For `teleport` jobs caching is now disabled due to the size exceeding the cache limit
This should make all of the mentioned jobs a little faster.
* Update build-api.yaml to re-enable caching
This PR adds a new gRPC service `AuditLogService` that allows clients to
request audit log events as unstructured data. Data is returned as
`structpb.Struct` representation which is convertible to JSON.
Unstructured data allows clients to receive audit events without
prior knowledge of their proto wire representation if their end goal is to
export the events as JSON to an upstream service. It allows clients
whose version is older than Auth's version to receive events that their
proto version doesn't support. Exporters can continue operating without
losing events or having to upgrade them each time Auth is upgraded.
Part of https://github.com/gravitational/teleport-plugins/pull/821
Part of https://github.com/gravitational/teleport/issues/23388
* Bump golang-ci to `v1.53.0` and upgrade `depguard` config to `v2`
* pin golangci-lint version
* Keep golangci version only in the Dockerfile
* Bump golangci-lint to v1.53.1
---------
Co-authored-by: Alan Parra <alan.parra@goteleport.com>