[pull] master from gravitational:master #475
Open
+2,218,808
−497,476
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
* netiq: add access graph protobufs This PR introduces the necessary protobuf changes to accommodate Access Graph receiving NetIQ stream of changes. Part of gravitational/access-graph#634 Signed-off-by: Tiago Silva <[email protected]> * Update netiq.proto Co-authored-by: Gabriel Corado <[email protected]> --------- Signed-off-by: Tiago Silva <[email protected]> Co-authored-by: Gabriel Corado <[email protected]>
* Update e/ reference * Enable the govet printf linter for e/
Host resolution performed because labels, fuzzy search, or predicate expressions were supplied to commands that establish connections to a single host has historically been performed client side in tsh. While that works in most cases, it can prevent correctly resolving hosts in some situations, i.e. when there are ambiguous hosts and tsh is unaware that the cluster routing strategy is set to ROUTE_TO_MOST_RECENT. To improve the experience, a new ResolveSSHTarget was added to Auth to allow host resolution to be performed server side. The resolution works in a similar manner to, and was inspired by GetSSHTargets. In the event that the new RPC is not implemented, because the client is newer than Auth, tsh has also been updated to pull the cluster networking config and address any host ambiguity if allowed. As a result tsh scp and tsh proxy ssh should be much more tolerant to, and still permit access in situations where ambiguous hosts are present for some amount of time. Prior to this the only way to connect in these situations was to find the UUID of the correct target instance and try again after seeing an ambiguous host error.
Closes #50450. This updates our custom slog text handler to take heavier inspiration from the slog.TextHandler. A variant of handleState used by the slog.TextHandler has been vendored and modified to produce the same output as our custom logrus formatter. Offloading formatting from the SlogTextHandler directly to handleState prevents the race caused in #50450. Additionally, some quality of life improvements were added by moving some code around to reduce file sizes and better define what belongs in a file. Benchmarks indicate that the changes here don't move the needle much. ``` goos: darwin goarch: arm64 pkg: github.com/gravitational/teleport/lib/utils/log cpu: Apple M2 Pro │ old.txt │ new.txt │ │ sec/op │ sec/op vs base │ Formatter/logrus/text-12 8.665µ ± 16% 8.187µ ± 9% ~ (p=0.280 n=10) Formatter/logrus/json-12 8.879µ ± 2% 8.820µ ± 1% ~ (p=0.089 n=10) Formatter/slog/default_text-12 3.936µ ± 3% 3.946µ ± 4% ~ (p=0.839 n=10) Formatter/slog/text-12 3.789µ ± 2% 3.431µ ± 1% -9.45% (p=0.000 n=10) Formatter/slog/default_json-12 3.005µ ± 4% 3.032µ ± 3% ~ (p=0.739 n=10) Formatter/slog/json-12 3.029µ ± 6% 3.022µ ± 1% ~ (p=0.381 n=10) geomean 4.675µ 4.557µ -2.52% │ old.txt │ new.txt │ │ B/op │ B/op vs base │ Formatter/logrus/text-12 5.936Ki ± 0% 5.936Ki ± 0% ~ (p=0.752 n=10) Formatter/logrus/json-12 6.212Ki ± 0% 6.211Ki ± 0% ~ (p=0.752 n=10) Formatter/slog/default_text-12 2.534Ki ± 0% 2.534Ki ± 0% ~ (p=1.000 n=10) ¹ Formatter/slog/text-12 2.144Ki ± 0% 2.167Ki ± 0% +1.09% (p=0.000 n=10) Formatter/slog/default_json-12 2.448Ki ± 0% 2.448Ki ± 0% ~ (p=1.000 n=10) ¹ Formatter/slog/json-12 2.318Ki ± 0% 2.318Ki ± 0% ~ (p=1.000 n=10) ¹ geomean 3.231Ki 3.236Ki +0.18% ¹ all samples are equal │ old.txt │ new.txt │ │ allocs/op │ allocs/op vs base │ Formatter/logrus/text-12 54.00 ± 0% 54.00 ± 0% ~ (p=1.000 n=10) ¹ Formatter/logrus/json-12 76.00 ± 0% 76.00 ± 0% ~ (p=1.000 n=10) ¹ Formatter/slog/default_text-12 41.00 ± 0% 41.00 ± 0% ~ (p=1.000 n=10) ¹ Formatter/slog/text-12 52.00 ± 0% 33.00 ± 0% -36.54% (p=0.000 n=10) Formatter/slog/default_json-12 41.00 ± 0% 41.00 ± 0% ~ (p=1.000 n=10) ¹ Formatter/slog/json-12 42.00 ± 0% 42.00 ± 0% ~ (p=1.000 n=10) ¹ geomean 49.70 46.07 -7.30% ¹ all samples are equal ```
…rovider (#50382) * First pass at trying to generate terraform provider * Wire up types * Fix generation of docs * Add godoc comments * Add tests * Tflint and add example
Co-authored-by: GitHub <[email protected]>
- Use `displayIndex` prop to seperately track step numbers to display
* Add UpsertTrustedClusterV2 rpc This supersedes UpsertTrustedCluster rpc. V2 performs resource name validation. * Replace confusing UpsertValidationTrustedCluster name * Use UpsertTrustedClusterV2 in tests * Address feedback - Remove unnecessary ping - Update error messages - Use skipNameValidation consts - Validate cluster name before establishing trust - Do not reveal cluster name in error message - Use BadParameter instead of CompareFailed * Use webclient.Find * Fix test/lint * Allow label updates * Fix test * Fix error handling * Implement CreateTrustedClusterV2 and UpdateTrustedClusterV2 * Address feedback * Minor fixes * Move V2 RPCs to the trust service * Update comment * Drop V2 suffix * Require matching revision * Fix upsert/update revision * Drop V2 from Create and Update APIs * Lint: Fix typo
…for Teleport Docs (#48512) * Prepare docs preview URLs using custom `amplify-preview` GHA * Add failure message * Update .github/workflows/docs-amplify.yaml Co-authored-by: Zac Bergquist <[email protected]> --------- Co-authored-by: Zac Bergquist <[email protected]>
* Document disabling default import rule * Update docs/pages/enroll-resources/database-access/rbac.mdx Co-authored-by: Paul Gottschling <[email protected]> * Update docs/pages/enroll-resources/database-access/rbac.mdx Co-authored-by: Paul Gottschling <[email protected]> --------- Co-authored-by: Paul Gottschling <[email protected]>
* Use local metrics registry in the diagnostic service * Test metrics are served by the diag service
* Fix test. * Expect context canceled error in test.
* chore: Bump google.golang.org/protobuf to v1.36.3 * Update generated protos
Updates #49509. Most of the places namespaces were already configurable were had been forcing the default namespace. This extends that by removing the ability to pass in a custom namesapce and hardcodes the default namespace at the inner most call site to reduce the surface area of namespaces. With the removal of the --namespace flag from the base tsh command, kubernetes subcommands have also been updated to use --namespaces in addition to --kube-namespace. The former should be preferred, while the later exists solely for backward compatibility.
* Add client tools auto-update docs * Add reference to index page * Fix linter prose style * Add section with tctl commands Code review changes * Reorganize sections Add documentation to navigation config Code review changes * Add `autoupdate` from command to cspell * Fix linter warning with relative link * Update docs/config.json Co-authored-by: Paul Gottschling <[email protected]> * Update docs/pages/upgrading/client-tools-autoupdate.mdx Co-authored-by: Paul Gottschling <[email protected]> --------- Co-authored-by: Paul Gottschling <[email protected]>
* Implement a fallback hook for re-use * Split v1 and v2 endpoints into separate funcs * Provide fallback for create app access * Provide fallback for join token suspender * Provide fallback for eks * Provide fallback for app * Address CRs
* Add autoupdate controller metrics * Do no panic in case of error conflict
This PR copies the teleport root module from the container build context into the build container. Signed-off-by: Tiago Silva <[email protected]>
* Show available target ports * Use buttons to show available target ports * Add zero margin to Alert
* chore: Bump terraform and event handler predicate to v1.3.2 * go mod tidy integrations/event-handler
* Edit apt-get installation instructions Closes #24564 Show using `/etc/apt/trusted.gpg.d`, a directory that `apt-get` searches automatically, for storing public keys. Edit the three locations where we showed using `/usr/share/keyrings`, including two partials. Trust only the Teleport-issued public key when validating Teleport DEB packages. * Use /etc/apt/keyrings for apt public keys Respond to marcoandredinis feedback.
This PR makes an update to our logic to the "backdoor" that would keep things hidden after making updates to show most of the features to promote discoverability. Currently, we only continued to hide them if their license specified it, but this incorrectly ignored dashboard, usage based, and team tenants as well.
Allows both modern and legacy options. Bails out on malformed options and degrades to YAML mode.
* Initial command to create the managed identity and role * Adding permissions and applying command params * Adding graph permissions to the MSI * Updating parameters * Adding some details and cleaning up comments * Fixing go.sum * Linting * License * PR feedback * Decoupling sync config with an interface for testing * Tweaks to test mocking * PR feedback * Rebase adjustments * PR feedback * Switch to empty struct maps instead of bool maps for set representation * Godocs * Adding user agent to Azure SDK requests * Linting
- Web UI source - README - lib - api Do not touch docs URLs in test case names or test data where we don't expect users to navigate to the URLs.
* Remove EICE dead code Accessing EC2 instances using EC2 Instance Connect Endpoint was developed some releases ago. However, due to strict quotas put in place by amazon, we decide to remove this feature. Since a couple of releases ago we hide this feature from the UI. This PR removes dead code: - removes the UI bits used during the Discovery flow - removes the `teleport integrationn configure eice-iam` command - removes API endpoinst that are no longer used - deprecates the unused gRPC calls The following parts were kept, to ensure we don't break existing set ups: - auto discovery of ec2 instances using the EICE method - accessing Servers which have the ec2-ice subkind - kubernetes operator and terraform provider EICE resource management We might remove those in the future, but for now, they will be kept. * add delete version notice
Closes #29905 Add a Vale style rule to catch docs pages in which there is a single instance of a Var. This ensures that Vars reuse information as intended. Also fix single-instance Vars that violate the rule. For the most part, this means either: - Instructing the user to assign the Var, meaning that there are no easy-to-miss Vars hiding in a configuration snippet - Removing unnecessary Vars, e.g., if an example command is meant to illustrate a possibility and is not mean to be copied and pasted - Fixing mistakes in Var usage, e.g., a Proxy Service address variable that has two possible names, `teleport.example.com` and `example.teleport.sh`.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )