Stable UNIX users: storage and auth API #51102
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
espadolini
added
the
no-changelog
espadolini
force-pushed
the
espadolini/stable-unix-user-api
branch
from
0fb9265 to
d0943ca
Compare
espadolini
temporarily deployed
to
docs-amplify
GitHub Actions
Inactive
This comment was marked as off-topic.
This comment was marked as off-topic.
rosstimothy
reviewed
Jan 16, 2025
espadolini
temporarily deployed
to
docs-amplify
GitHub Actions
Inactive
espadolini
temporarily deployed
to
docs-amplify
GitHub Actions
Inactive
espadolini
temporarily deployed
to
docs-amplify
GitHub Actions
Inactive
espadolini
temporarily deployed
to
docs-amplify
GitHub Actions
Inactive
espadolini
temporarily deployed
to
docs-amplify
GitHub Actions
Inactive
espadolini
temporarily deployed
to
docs-amplify
GitHub Actions
Inactive
espadolini
temporarily deployed
to
docs-amplify
GitHub Actions
Inactive
strideynet
approved these changes
Jan 28, 2025
| return 0, trace.Wrap(err) | ||
| } | ||
|
|
||
| // TODO(espadolini): emit an audit log event with the username and UID |
There was a problem hiding this comment.
Assuming this is out of scope for this PR
There was a problem hiding this comment.
Yes, it's addressed in #51200.
public-teleport-github-review-bot
bot
removed request for
ravicious,
bernardjkim and
eriktate
github-merge-queue bot
pushed a commit
that referenced
this pull request
Jan 28, 2025
* add config field in cluster auth preference * extend ClusterConfiguration to support checking auth preference in AtomicWrite * stable UNIX users storage * auth API and auth-side business logic * move server implementation to a subpackage * Use proto3 and the default (open) API * remove type alias for ClusterConfiguration * Move new AuthPreference validation into a Validate method * Check the StableUnixUserConfig before use * use Config instead of Params * Don't rely on error types for the retry logic * Fix TestStableUNIXUsersBasic * Use free functions for Validate * make grpc * black-box testing that includes authz
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
espadolini
added a commit
that referenced
this pull request
Jan 29, 2025
* add config field in cluster auth preference * extend ClusterConfiguration to support checking auth preference in AtomicWrite * stable UNIX users storage * auth API and auth-side business logic * move server implementation to a subpackage * Use proto3 and the default (open) API * remove type alias for ClusterConfiguration * Move new AuthPreference validation into a Validate method * Check the StableUnixUserConfig before use * use Config instead of Params * Don't rely on error types for the retry logic * Fix TestStableUNIXUsersBasic * Use free functions for Validate * make grpc * black-box testing that includes authz
This was referenced Jan 29, 2025
carloscastrojumo
pushed a commit
to carloscastrojumo/teleport
that referenced
this pull request
Feb 19, 2025
* add config field in cluster auth preference * extend ClusterConfiguration to support checking auth preference in AtomicWrite * stable UNIX users storage * auth API and auth-side business logic * move server implementation to a subpackage * Use proto3 and the default (open) API * remove type alias for ClusterConfiguration * Move new AuthPreference validation into a Validate method * Check the StableUnixUserConfig before use * use Config instead of Params * Don't rely on error types for the retry logic * Fix TestStableUNIXUsersBasic * Use free functions for Validate * make grpc * black-box testing that includes authz
espadolini
added a commit
that referenced
this pull request
Feb 26, 2025
* add config field in cluster auth preference * extend ClusterConfiguration to support checking auth preference in AtomicWrite * stable UNIX users storage * auth API and auth-side business logic * move server implementation to a subpackage * Use proto3 and the default (open) API * remove type alias for ClusterConfiguration * Move new AuthPreference validation into a Validate method * Check the StableUnixUserConfig before use * use Config instead of Params * Don't rely on error types for the retry logic * Fix TestStableUNIXUsersBasic * Use free functions for Validate * make grpc * black-box testing that includes authz
espadolini
added a commit
that referenced
this pull request
Feb 27, 2025
* add config field in cluster auth preference * extend ClusterConfiguration to support checking auth preference in AtomicWrite * stable UNIX users storage * auth API and auth-side business logic * move server implementation to a subpackage * Use proto3 and the default (open) API * remove type alias for ClusterConfiguration * Move new AuthPreference validation into a Validate method * Check the StableUnixUserConfig before use * use Config instead of Params * Don't rely on error types for the retry logic * Fix TestStableUNIXUsersBasic * Use free functions for Validate * make grpc * black-box testing that includes authz
github-merge-queue bot
pushed a commit
that referenced
this pull request
Feb 27, 2025
* Stable UNIX users: storage and auth API (#51102) * add config field in cluster auth preference * extend ClusterConfiguration to support checking auth preference in AtomicWrite * stable UNIX users storage * auth API and auth-side business logic * move server implementation to a subpackage * Use proto3 and the default (open) API * remove type alias for ClusterConfiguration * Move new AuthPreference validation into a Validate method * Check the StableUnixUserConfig before use * use Config instead of Params * Don't rely on error types for the retry logic * Fix TestStableUNIXUsersBasic * Use free functions for Validate * make grpc * black-box testing that includes authz * Stable UNIX users: functionality (#51200) * wiring the API client through * tctl stable-unix-users ls * stable UID fallback for Teleport SSHD * stable_unix_user.create event * fix-license * Require and test audit log message * Add stable_unix_user_config to fileconf * Avoid saying "fallback UID" in logs * Avoid saying "fallback UID" in error messages * Avoid racing writes in the mock emitter * pnpm lint-fix * fix lib/auth tests that broken during rebase
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This RFD implements the storage and storage manipulation in the auth server, and defines and implements the auth API to store and fetch stable UIDs for automatically provisioned UNIX users.
Related RFD: #50414
Part of #50292