CLI ref for tctl sso commands.
#13148
Conversation
docs/pages/setup/reference/cli.mdx
Outdated
|
|
||
| Required params `--id` and `--secret` come from the [Github OAuth app](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app). | ||
|
|
||
| The flag `--teams-to-logins` can be provided multiple times to specify which Github Teams are assigned which roles. |
There was a problem hiding this comment.
Can we call this --teams-to-roles instead? teams-to-logins is a legacy name that predates RBAC, and there's actually an open PR that may make it into v10 which will rename the field in the connector.
There was a problem hiding this comment.
Sure, this is a good change, although I need to modify the actual code to make it so. This expands the scope of PR, but I'm happy to do so.
Tener
changed the title
tctl sso commands.tctl sso commands. Use non-deprecated teams-to-roles field for GitHub.
|
@ptgott PTAL? |
These are good suggestions, thank you! |
|
@ptgott can you please take a look? |
docs/pages/setup/reference/cli.mdx
Outdated
|
|
||
| The command supports all auth connector types: `github`, `oidc`, `saml`. The latter two require Teleport Enterprise. | ||
|
|
||
| The testing consists of running a single end-to-end authentication request using the provided auth connector definition. |
There was a problem hiding this comment.
Maybe put this paragraph after the command format? I think it would help readers to have the format in mind while reading this paragraph (e.g., the meaning of "the provided auth connector definition").
There was a problem hiding this comment.
Done: 1d6841cfaf83f54e0092bba3c3150370695b2ccb
docs/pages/setup/reference/cli.mdx
Outdated
|
|
||
| The testing consists of running a single end-to-end authentication request using the provided auth connector definition. | ||
| Once the request is finished, the results will be printed to console along with context-specific diagnostic information. | ||
| The test process may modify the list of configured auth connectors or result in new certificates being issued. |
There was a problem hiding this comment.
How can the test process modify the list of configured auth connectors? I think one or two brief examples would help.
There was a problem hiding this comment.
Ah, this is actually a mistake: there should be negation there, as the test process will not do any of those things. I'll rephrase.
There was a problem hiding this comment.
Done: 1d6841cfaf83f54e0092bba3c3150370695b2ccb
Co-authored-by: Zac Bergquist <[email protected]>
Co-authored-by: Zac Bergquist <[email protected]>
Co-authored-by: Paul Gottschling <[email protected]>
Tener
force-pushed
the
tener/tctl-sso-cli-ref
branch
from
f26840f to
3ad8391
Compare
Tener
changed the title
tctl sso commands. Use non-deprecated teams-to-roles field for GitHub.tctl sso commands.
Co-authored-by: Paul Gottschling <[email protected]>
Co-authored-by: Paul Gottschling <[email protected]>
* CLI ref for `tctl sso` commands. Co-authored-by: Zac Bergquist <[email protected]> Co-authored-by: Paul Gottschling <[email protected]>
Co-authored-by: Zac Bergquist <[email protected]> Co-authored-by: Paul Gottschling <[email protected]>
Taken out of another PR (#12941) to reduce scope.
Parent: #9270
Edit: There is nowteams-to-rolesfield in the GitHub connector. The PR was updated to make thetctl sso configure githubuse it, instead of the legacyteams-to-logins.Edit: Code changes moved to #13463.