-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Opened in error #10856
Closed
Closed
Opened in error #10856
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Update oxy * Do not allow MySQL COM_CHANGE_USER command * Add support for all MongoDB wire messages * Release 8.0.4
* Updated version of Teleport in docs. * Updated supported version of Teleport in docs.
Add WebAuthn and Active Session docs * Add user-facing documentation for WebAuthn (#8479) Add the WebAuthn Access Control guide and tweak various pages that mention U2F to either refer to WebAuthn or use more generic terms. * Added `/docs/access-controls/guides/webauthn/` (branched from u2f.mdx) * Added `webauthn` section to reference configuration (`u2f` kept unchanged) * U2F access control guide moved under the "References" section and removed from the index / navigation menu * Cloud guides removed (U2F was the last guide, now deleted) * WebAuthn access control guide * Update access controls pages Update links to WebAuthn and changes lingo to refer to either WebAuthn, MFA, "second factor hardware token" and "second factor authenticator", where appropriate. U2F is moved to the references sections and WebAuthn is favored as the guide to be followed in regards to MFA hardware tokens. Generic language is used whenever possible, excluding places where we reference server configuration or protocol support. * WebAuthn cloud guide * Update cloud pages * WebAuthn config reference * Update references to U2F in various pages * Link to the WebAuthn guide in from the Authentication reference page Incorporates ibeckermayer's suggestion from #8703. * Rephrase sentences according to reviewer feedback * Replace explicit <h2> with `##` * Move "Migrating from U2F" section to the bottom * Use numbered steps * Include tabs for Cloud in config examples * Add tctl as a prerequisite for WebAuthn setup * Remove Cloud guides U2F and WebAuthn were the last remaining items. * Make linter happy * Add public docs for active and recorded sessions "where" (#9084) Document features added by RFD 44 and RFD 45. * https://github.com/gravitational/teleport/blob/master/rfd/0044-session-where-condition.md * https://github.com/gravitational/teleport/blob/master/rfd/0045-ssh_session-where-condition.md
41fbc6e [backport v8] Update e-ref for TOTP Invite/Reset Fix (#505) gravitational/webapps@41fbc6e [source: -w teleport-v8] [target: -t branch/v8]
External listeners should always be on port 3026, not 3027. This `kube_public_addr` doesn't conform and is causing confusion.
This change clears the screen when an ssh session ends (only in FIPS mode). Note: This doesn't currently do anything in `tsh` on Windows since BoringCrypto isn't supported, but once it is supported, the behavior will match Unix and web. Co-authored-by: Grzegorz <[email protected]> Co-authored-by: Russell Jones <[email protected]>
[v8] Backport of #9254
- Prerequisites: Make the requirement for a DNS server a bit more generalized. - Add an admonition box directing users expecting a local evaluation setup to our Docker Compose guide. - Add a bit more context around how ACME works - Move "Configure DNS" before "Configure Teleport" to provide a clearer order of tasks. - Add a bit of explanation for why a user would create DNS records. - Add some explanation for how "teleport configure" sets up TLS. - Add a "Start Teleport" H3 section to separate this step from previous ones. - Various minor additions to add clarity. Closes #9077 since it refers users without access to a DNS server to the Docker Compose guide. Closes #9083
* Create a blast radius reduction guide This is the first guide within the "Security" subsection within the "Setup" section of the docs site. Closes #9055 * Respond to PR feedback
Fixes gravitational/teleport-private#79 LAT-APP21-4: DOS - Goroutine leak in app server Prevent the app server's HandleConnection from blocking for every connection until the server closes. This change blocks only until the connection is closed.
Fixes gravitational/teleport-private#80 LAT-APP21-5: Insecure random number generation - updated rand call from rand.Reader.Read to rand.Read - changed length parameter name from len to l. - changed byte slice var name to b. - updated godoc
…10806) We do not publish pre-releases to apt repos, but we do publish them to github. That means we need to filter them out when considering if an apt release should be published. We don't want v8.3.3 to be blocked by v9.0.0-dev.1, only by v9.0.0. Honestly, this is a bit of a mess, but it only needs to hold out a bit longer until #10746 lands. Contributes to #10800 (cherry picked from commit 08bc483) Co-authored-by: Roman Tkachenko <[email protected]>
The upload completer scans for uploads that need to be completed, likely due to an error or process restart. Prior to this change, it only completed uploads that had 1 or more parts. Since completing an upload is what cleans up the directory on disk (or in the case of cloud storage, finishes the multipart upload), it was possible for us to leave behind empty directories (or multipart uploads) for uploads with no parts. This change makes it valid to complete uploads with no parts, which ensures that these directories get cleaned up. Also fix an issue with the GCS uploader, which failed to properly calculate the upload ID from the path. This is because strings.Split(s, "/") returns an empty string as the last element when s ends with a /. Updates #9646
When completing a file-based upload, open the parts files one at a time and write them to the upload, closing each file before opening the next one. This is preferrable to opening them all at once and closing all files at the end, because it consumes less file descriptors. Updates #10660
* Clarify Cloud compatibility in the VS Code guide - Mention Teleport Cloud in the guide's Prerequisites section - Add a warning for Cloud users re: the tsh config command Also add misc style and clarity tweaks. * Respond to PR feedback * Address PR feedback - Fix spelling - Clarify the username you should use in the ssh command * Appease the linter
webvictim
requested review from
klizhentas,
russjones,
r0mant and
zmb3
as code owners
March 4, 2022 17:51
github-actions
bot
added
application-access
audit-log
Issues related to Teleports Audit Log
bpf
Used to bugs with bpf and enhanced session recording.
database-access
Database access related issues and PRs
desktop-access
documentation
helm
kubernetes-access
rdp
rfd
Request for Discussion
tctl
tctl - Teleport admin tool
tsh
tsh - Teleport's command line tool for logging into nodes running Teleport.
labels
Mar 4, 2022
Opened this one against the wrong branch 🤦♂️ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
application-access
audit-log
Issues related to Teleports Audit Log
bpf
Used to bugs with bpf and enhanced session recording.
database-access
Database access related issues and PRs
desktop-access
documentation
helm
kubernetes-access
rdp
rfd
Request for Discussion
tctl
tctl - Teleport admin tool
tsh
tsh - Teleport's command line tool for logging into nodes running Teleport.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
MouseWheel
fix #8753) (scroll wheel backport #8814)tctl auth sign
(tctl: allow issuing app access certificates viatctl auth sign
#8717) ([v8] Backport #8717 #8941)tsh
on Windows (Do not prompt for hardware MFA usingtsh
on Windows #9081) (Do not prompt for hardware MFA usingtsh
on Windows (#9081) #9198)tsh play -f json
--cluster
flag to alltsh db
subcommands, Add "--diag_addr" flag toteleport db/app start
(Add--cluster
flag to alltsh db
subcommands, Add "--diag_addr" flag toteleport db/app start
#9220) ([v8] backport #9220 #9518)go.etcd.io/etcd
v3.4.14 togo.etcd.io/etcd/{api,client}/v3
v3.5.1 #9607 (upgradego.etcd.io/etcd
) ([v8] backport #9607 (upgradego.etcd.io/etcd
) #9733)google.golang.org/grpc
to v1.43.0 #9656 to branch/v8 (backport #9656 to branch/v8 #9746)tsh ssh
(Fall back to "/" when home directory doesn't exist fortsh ssh
#9413) ([v8] Fall back to "/" when home directory doesn't exist fortsh ssh
(#9413) #9662)access_request.delete
event (Add theaccess_request.delete
event #9552) ([v8] backport #9552 (access_request.delete
event) #9787)tsh config
usage docs on Windows ([v8] Clarifytsh config
usage docs on Windows (backport of #8409) #10208)TestProxyReverseTunnel
.cert.create
event (Add thecert.create
event #9822) ([v8] backport #9822 (cert.create
event) #10222)service.spec
in teleport-cluster chart