Skip to content

Commit

Permalink
adding note about terraform mappings for create_host_user_mode to hos…
Browse files Browse the repository at this point in the history
…t user creation guide (#47518)
  • Loading branch information
eriktate authored Oct 15, 2024
1 parent ee98bcb commit 71bf5fe
Show file tree
Hide file tree
Showing 18 changed files with 22 additions and 25 deletions.
2 changes: 1 addition & 1 deletion api/proto/teleport/legacy/types/types.proto
Original file line number Diff line number Diff line change
Expand Up @@ -2933,7 +2933,7 @@ message RoleOptions {
(gogoproto.customtype) = "BoolOption"
];

// CreateHostUser allows users to be automatically created on a host
// Deprecated: use CreateHostUserMode instead.
BoolValue CreateHostUser = 20 [
(gogoproto.nullable) = true,
(gogoproto.jsontag) = "create_host_user,omitempty",
Expand Down
2 changes: 1 addition & 1 deletion api/types/types.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions docs/cspell.json
Original file line number Diff line number Diff line change
Expand Up @@ -863,6 +863,7 @@
"snowsql",
"spacectl",
"spacelift",
"specoptions",
"spfile",
"spiffe",
"splunkd",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -410,3 +410,5 @@ them to the `teleport-keep` group directly on the hosts you wish to migrate.

- Configure automatic user provisioning for [Database Access](../../database-access/auto-user-provisioning.mdx).
- Configure automatic user provisioning for [desktop access](../../../reference/agent-services/desktop-access-reference/user-creation.mdx).
- Configure automatic user provisioning with [Terraform](../../../reference/terraform-provider/resources/role.mdx).
Note when using the terraform provider that some values may be different than described in this guide.
Original file line number Diff line number Diff line change
Expand Up @@ -340,7 +340,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator.
|create_db_user|boolean|CreateDatabaseUser enabled automatic database user creation.|
|create_db_user_mode|string or integer|CreateDatabaseUserMode allows users to be automatically created on a database when not set to off. 0 is "unspecified", 1 is "off", 2 is "keep", 3 is "best_effort_drop". Can be either the string or the integer representation of each option.|
|create_desktop_user|boolean|CreateDesktopUser allows users to be automatically created on a Windows desktop|
|create_host_user|boolean|CreateHostUser allows users to be automatically created on a host|
|create_host_user|boolean|Deprecated: use CreateHostUserMode instead.|
|create_host_user_default_shell|string|CreateHostUserDefaultShell is used to configure the default shell for newly provisioned host users.|
|create_host_user_mode|string or integer|CreateHostUserMode allows users to be automatically created on a host when not set to off. 0 is "unspecified"; 1 is "off"; 2 is "drop" (removed for v15 and above), 3 is "keep"; 4 is "insecure-drop". Can be either the string or the integer representation of each option.|
|desktop_clipboard|boolean|DesktopClipboard indicates whether clipboard sharing is allowed between the user's workstation and the remote desktop. It defaults to true unless explicitly set to false.|
Expand Down Expand Up @@ -723,7 +723,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator.
|create_db_user|boolean|CreateDatabaseUser enabled automatic database user creation.|
|create_db_user_mode|string or integer|CreateDatabaseUserMode allows users to be automatically created on a database when not set to off. 0 is "unspecified", 1 is "off", 2 is "keep", 3 is "best_effort_drop". Can be either the string or the integer representation of each option.|
|create_desktop_user|boolean|CreateDesktopUser allows users to be automatically created on a Windows desktop|
|create_host_user|boolean|CreateHostUser allows users to be automatically created on a host|
|create_host_user|boolean|Deprecated: use CreateHostUserMode instead.|
|create_host_user_default_shell|string|CreateHostUserDefaultShell is used to configure the default shell for newly provisioned host users.|
|create_host_user_mode|string or integer|CreateHostUserMode allows users to be automatically created on a host when not set to off. 0 is "unspecified"; 1 is "off"; 2 is "drop" (removed for v15 and above), 3 is "keep"; 4 is "insecure-drop". Can be either the string or the integer representation of each option.|
|desktop_clipboard|boolean|DesktopClipboard indicates whether clipboard sharing is allowed between the user's workstation and the remote desktop. It defaults to true unless explicitly set to false.|
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -340,7 +340,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator.
|create_db_user|boolean|CreateDatabaseUser enabled automatic database user creation.|
|create_db_user_mode|string or integer|CreateDatabaseUserMode allows users to be automatically created on a database when not set to off. 0 is "unspecified", 1 is "off", 2 is "keep", 3 is "best_effort_drop". Can be either the string or the integer representation of each option.|
|create_desktop_user|boolean|CreateDesktopUser allows users to be automatically created on a Windows desktop|
|create_host_user|boolean|CreateHostUser allows users to be automatically created on a host|
|create_host_user|boolean|Deprecated: use CreateHostUserMode instead.|
|create_host_user_default_shell|string|CreateHostUserDefaultShell is used to configure the default shell for newly provisioned host users.|
|create_host_user_mode|string or integer|CreateHostUserMode allows users to be automatically created on a host when not set to off. 0 is "unspecified"; 1 is "off"; 2 is "drop" (removed for v15 and above), 3 is "keep"; 4 is "insecure-drop". Can be either the string or the integer representation of each option.|
|desktop_clipboard|boolean|DesktopClipboard indicates whether clipboard sharing is allowed between the user's workstation and the remote desktop. It defaults to true unless explicitly set to false.|
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -340,7 +340,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator.
|create_db_user|boolean|CreateDatabaseUser enabled automatic database user creation.|
|create_db_user_mode|string or integer|CreateDatabaseUserMode allows users to be automatically created on a database when not set to off. 0 is "unspecified", 1 is "off", 2 is "keep", 3 is "best_effort_drop". Can be either the string or the integer representation of each option.|
|create_desktop_user|boolean|CreateDesktopUser allows users to be automatically created on a Windows desktop|
|create_host_user|boolean|CreateHostUser allows users to be automatically created on a host|
|create_host_user|boolean|Deprecated: use CreateHostUserMode instead.|
|create_host_user_default_shell|string|CreateHostUserDefaultShell is used to configure the default shell for newly provisioned host users.|
|create_host_user_mode|string or integer|CreateHostUserMode allows users to be automatically created on a host when not set to off. 0 is "unspecified"; 1 is "off"; 2 is "drop" (removed for v15 and above), 3 is "keep"; 4 is "insecure-drop". Can be either the string or the integer representation of each option.|
|desktop_clipboard|boolean|DesktopClipboard indicates whether clipboard sharing is allowed between the user's workstation and the remote desktop. It defaults to true unless explicitly set to false.|
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -380,7 +380,7 @@ Optional:
- `create_db_user` (Boolean) CreateDatabaseUser enabled automatic database user creation.
- `create_db_user_mode` (Number) CreateDatabaseUserMode allows users to be automatically created on a database when not set to off. 0 is "unspecified", 1 is "off", 2 is "keep", 3 is "best_effort_drop".
- `create_desktop_user` (Boolean) CreateDesktopUser allows users to be automatically created on a Windows desktop
- `create_host_user` (Boolean) CreateHostUser allows users to be automatically created on a host
- `create_host_user` (Boolean) Deprecated: use CreateHostUserMode instead.
- `create_host_user_default_shell` (String) CreateHostUserDefaultShell is used to configure the default shell for newly provisioned host users.
- `create_host_user_mode` (Number) CreateHostUserMode allows users to be automatically created on a host when not set to off. 0 is "unspecified"; 1 is "off"; 2 is "drop" (removed for v15 and above), 3 is "keep"; 4 is "insecure-drop".
- `desktop_clipboard` (Boolean) DesktopClipboard indicates whether clipboard sharing is allowed between the user's workstation and the remote desktop. It defaults to true unless explicitly set to false.
Expand Down
2 changes: 1 addition & 1 deletion docs/pages/reference/terraform-provider/resources/role.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -433,7 +433,7 @@ Optional:
- `create_db_user` (Boolean) CreateDatabaseUser enabled automatic database user creation.
- `create_db_user_mode` (Number) CreateDatabaseUserMode allows users to be automatically created on a database when not set to off. 0 is "unspecified", 1 is "off", 2 is "keep", 3 is "best_effort_drop".
- `create_desktop_user` (Boolean) CreateDesktopUser allows users to be automatically created on a Windows desktop
- `create_host_user` (Boolean) CreateHostUser allows users to be automatically created on a host
- `create_host_user` (Boolean) Deprecated: use CreateHostUserMode instead.
- `create_host_user_default_shell` (String) CreateHostUserDefaultShell is used to configure the default shell for newly provisioned host users.
- `create_host_user_mode` (Number) CreateHostUserMode allows users to be automatically created on a host when not set to off. 0 is "unspecified"; 1 is "off"; 2 is "drop" (removed for v15 and above), 3 is "keep"; 4 is "insecure-drop".
- `desktop_clipboard` (Boolean) DesktopClipboard indicates whether clipboard sharing is allowed between the user's workstation and the remote desktop. It defaults to true unless explicitly set to false.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1133,8 +1133,7 @@ spec:
created on a Windows desktop
type: boolean
create_host_user:
description: CreateHostUser allows users to be automatically created
on a host
description: 'Deprecated: use CreateHostUserMode instead.'
type: boolean
create_host_user_default_shell:
description: CreateHostUserDefaultShell is used to configure the
Expand Down Expand Up @@ -2478,8 +2477,7 @@ spec:
created on a Windows desktop
type: boolean
create_host_user:
description: CreateHostUser allows users to be automatically created
on a host
description: 'Deprecated: use CreateHostUserMode instead.'
type: boolean
create_host_user_default_shell:
description: CreateHostUserDefaultShell is used to configure the
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1136,8 +1136,7 @@ spec:
created on a Windows desktop
type: boolean
create_host_user:
description: CreateHostUser allows users to be automatically created
on a host
description: 'Deprecated: use CreateHostUserMode instead.'
type: boolean
create_host_user_default_shell:
description: CreateHostUserDefaultShell is used to configure the
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1136,8 +1136,7 @@ spec:
created on a Windows desktop
type: boolean
create_host_user:
description: CreateHostUser allows users to be automatically created
on a host
description: 'Deprecated: use CreateHostUserMode instead.'
type: boolean
create_host_user_default_shell:
description: CreateHostUserDefaultShell is used to configure the
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1133,8 +1133,7 @@ spec:
created on a Windows desktop
type: boolean
create_host_user:
description: CreateHostUser allows users to be automatically created
on a host
description: 'Deprecated: use CreateHostUserMode instead.'
type: boolean
create_host_user_default_shell:
description: CreateHostUserDefaultShell is used to configure the
Expand Down Expand Up @@ -2478,8 +2477,7 @@ spec:
created on a Windows desktop
type: boolean
create_host_user:
description: CreateHostUser allows users to be automatically created
on a host
description: 'Deprecated: use CreateHostUserMode instead.'
type: boolean
create_host_user_default_shell:
description: CreateHostUserDefaultShell is used to configure the
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1136,8 +1136,7 @@ spec:
created on a Windows desktop
type: boolean
create_host_user:
description: CreateHostUser allows users to be automatically created
on a host
description: 'Deprecated: use CreateHostUserMode instead.'
type: boolean
create_host_user_default_shell:
description: CreateHostUserDefaultShell is used to configure the
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1136,8 +1136,7 @@ spec:
created on a Windows desktop
type: boolean
create_host_user:
description: CreateHostUser allows users to be automatically created
on a host
description: 'Deprecated: use CreateHostUserMode instead.'
type: boolean
create_host_user_default_shell:
description: CreateHostUserDefaultShell is used to configure the
Expand Down
2 changes: 1 addition & 1 deletion integrations/terraform/tfschema/types_terraform.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions lib/services/access_checker.go
Original file line number Diff line number Diff line change
Expand Up @@ -1035,6 +1035,7 @@ func (a *accessChecker) HostUsers(s types.Server) (*HostUsersInfo, error) {
}

createHostUserMode := role.GetOptions().CreateHostUserMode
//nolint:staticcheck // this field is preserved for existing deployments, but shouldn't be used going forward
createHostUser := role.GetOptions().CreateHostUser
if createHostUserMode == types.CreateHostUserMode_HOST_USER_MODE_UNSPECIFIED {
createHostUserMode = types.CreateHostUserMode_HOST_USER_MODE_OFF
Expand Down
1 change: 1 addition & 0 deletions lib/srv/regular/sshserver_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2881,6 +2881,7 @@ func newUpack(testSvr *auth.TestServer, username string, allowedLogins []string,
role.SetRules(types.Allow, rules)
opts := role.GetOptions()
opts.PermitX11Forwarding = types.NewBool(true)
//nolint:staticcheck // this field is preserved for existing deployments, but shouldn't be used going forward
opts.CreateHostUser = types.NewBoolOption(true)
role.SetOptions(opts)
role.SetLogins(types.Allow, allowedLogins)
Expand Down

0 comments on commit 71bf5fe

Please sign in to comment.