This repository was archived by the owner on Aug 24, 2023. It is now read-only.
Merge upstream #6
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Co-authored-by: Marco André Dinis <[email protected]>
Signed-off-by: Roman Tkachenko <[email protected]> Co-authored-by: Victor Sokolov <[email protected]>
Use of https to make sure that certificate validation is performed before the resource is loaded. This is to address this CodeQL finding: https://github.com/gravitational/teleport-plugins/security/code-scanning/5
Old link was broken, new link is not
* terraform: add test showing IAM provision token support * terraform: fmt the provider fixtures
This action is documented on shared-workflows here: https://github.com/gravitational/shared-workflows/blob/de06c07914b7b42452bd99ef6691325abd2d1c45/.github/workflows/dependency-review.yaml#L1-L9
The API module for Teleport 11.2 requires Go 1.19. Also update the version of golangci-lint in Drone and GCB to match that of the GitHub Actions workflow. (The current version of the linter used in GCB does not support Go 1.19)
Missed this in 98c2bed
* Extract slack package * Rename types according to lints
Add `addlicense` tool for linting and automatically fix missing license headers.
) * Add token rotation provider * Fixup after renames * Use redirectURI per invocation Allows reusing Authorizer for multiple tenants * Factor out Slack REST client creation * Add basic doc comments * Factor out API URL setting into makeSlackClient * Plug AccessTokenProvider into test * Add tests for Authorizer * Avoid refreshing if credentials are fresh enough In a HA scenario, we might have two independent instances. This is an "optimistic" check, we do not implement true synchronization between instances, double refreshes may still happen, Does not seem to be a problem for Slack: refresh token is not strictly one-time-use. * Rename token.go to token_provider.go * Remove an unused struct * Add RotatedAccessTokenProviderConfig * Rename fields * Add clockwork.Clock to token provider * Fix edge case when deciding whether to refresh * Minimize OAuth interface used by token provider * Add docstrings * Use Info log level Will be useful to debug issues in Cloud. Messages are not very frequent. * Add unit tests for RotatedAccessTokenProvider * More renamings * Increase default retry interval * Improve log message * Remove FileState (unused) * Port token_provider_test to vanilla testing package * Token provider test: test init failure * Port oauth_test to vanilla testing package * Move context to individual methods of provider * Prevent setting both Token and AccessTokenProvider * Document clientID and clientSecret * Group constants Co-authored-by: Brian Joerger <[email protected]> * Elaborate on the optimistic check * gofmt oauth_test.go * Fold init() into constructor * Rename State to Storage Reduce confusion with "state" as defined by OAuth * Rename package "state" to "storage" * Rename source file to match the package * Document types in storage * Rename: Storage -> Store Less stuttery, less conflicts with e.g. package name `storage` when naming a variable/parameter `store` vs. `storage`. * Add license headers Co-authored-by: Brian Joerger <[email protected]>
Co-authored-by: Roman Tkachenko <[email protected]>
* Factor out teleport client interface Enables us to plug in the auth server directly, sans-gRPC * Add license header to client.go * Remove GetTeleportConfig (not used externally) * Add godoc to Client
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.1 to 3.0.3. - [Release notes](https://github.com/go-jose/go-jose/releases) - [Changelog](https://github.com/go-jose/go-jose/blob/v3.0.3/CHANGELOG.md) - [Commits](go-jose/go-jose@v3.0.1...v3.0.3) --- updated-dependencies: - dependency-name: github.com/go-jose/go-jose/v3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [jose](https://github.com/panva/jose) from 4.11.2 to 4.15.5. - [Release notes](https://github.com/panva/jose/releases) - [Changelog](https://github.com/panva/jose/blob/v4.15.5/CHANGELOG.md) - [Commits](panva/jose@v4.11.2...v4.15.5) --- updated-dependencies: - dependency-name: jose dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.5.1 to 5.5.4. - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](jackc/pgx@v5.5.1...v5.5.4) --- updated-dependencies: - dependency-name: github.com/jackc/pgx/v5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.7+incompatible to 24.0.9+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v24.0.7...v24.0.9) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* add terraform support for Teleport servers * address feedback: list order * address feedback: consistent types in tests * address feedback: fix validator typo * address feedback: add more tests * lint * Add support and test for dynamic name for OpensSSH servers * Update terraform/test/server_test.go Co-authored-by: Marco André Dinis <[email protected]> * address feedback * re-render reference * Update terraform/example/server.tf.example Co-authored-by: Marco André Dinis <[email protected]> --------- Co-authored-by: Marco André Dinis <[email protected]>
* Relax Terraform provider version re-creation condition * skip test intentionally broken
This new version of teleport has the following relevant changes: * Teleport process logging uses `log/slog` For terraform tests we start a teleport binary and parse its output to understand when the Auth/Proxy service started and what ports are they listening on. We used a regex for that, but teleport migrated to `log/slog` and the regex no longer works. Migration PR: gravitational/teleport#38551 We had to fix the regex for integration tests in teleport: gravitational/teleport#39315 Terraform Tests also use that library, so after the regex changed, we must upgrade Teleport CI version to get the new log format. * Teleport API: `GetClusterNetworkingConfig` and `GetSessionRecordingConfig` never return a nil When developing the `ClusterMaitenanceConfig` we had to include a nil check, because if it was never configured, `GetClusterMaintenanceConfig` would return a nil object. This nil check was added to all SingleResource resources. For `ClusterNetworkingConfig` and `SessionRecordingConfig`, the `Get` operation never returns a nil resource and `staticcheck` linter was yelling about it. So, we had to create a new flag to ensure we only nil-checked the resources that can actually return a nil value. * Teleport Resource Metadata It is no longer recommended to use the `<Resource>.Metadata.ID` to check for cached responses. We are now using the revision field. During this change we also detected a miss-usage of an `error` variable and fixed that (could lead to a panic). LoginRules didn't have the `Revision` field, so we added it here: gravitational/teleport.e#3821 Unfortunately, that PR didn't merge in time for 15.2.0. However, that's ok because LoginRules are not cached. So, instead of waiting for a new release (15.2.1), we just removed the cache check.
* use the new bot API while keeping a similar behaviour * lint
* use vendored email * lint
* use vendored msteams * lint
This PR removes a temporary error masking that causes troubles if the auth server returns a `trace.BadParameter` error if any parameter is incorrect. This error is no longer required because both server and event-handler already support the new unstructured events endpoints. Signed-off-by: Tiago Silva <[email protected]>
* Release 15.3.1 * access/email: Embed example TOML file The teleport repo changed to remove the exported `email.ExampleConfig` variable, but we depend on it here. Add the example config as a file and embed it in main. This plugin is on its last days as it gets migrated to the teleport repo, so duplicating this example config here for a short time will not become a maintenance issue.
* Backport provision token booltype fix * backport review comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Merge upstream