-------------------------------------------------------------------
Thu Feb 02 06:59:38 UTC 2023 - kastl@b1-systems.de
- remove non-breakable-space character from changes file
- Update to version 11.3.2:
* Release 11.3.2 (#21121)
* Update ec2-tags.mdx (#21115)
* Fix MongoDB readHeaderAndPayload BSON max size (#21113)
* [v11] Fix direct node dial from WebUI (#20928)
* Update docker-compose docs (#21045)
* Use CDN links for install node scripts (#20985) (#21057)
* [v11] Remove CentOS6 and RHEL6 as valid distros (#20986)
* Skip TestBot_Run_CARotation (#20944)
* Use `SameSiteNoneMode` for application access cookies (#21049)
* Fix data race when closing listener (#21040)
* Conditionally build the UI if there are changes. (#20489) (#21018)
* [v11] Use the webassets directory at the root of the project for the web ui. (#21016)
* remove quotes from messages in makefile (#20740)
* Open Support links in UI to new page (#20984)
* [v11] Merge backports (#20997)
* [v11] Enable building teleport with the new UI location (#20965)
* Elasticsearch: explicitly require `--db-user`. (#20695) (#20919)
* Use concurrent streams for SFTP connections (#20953)
* update docs version (#20973)
* Disable disk-based logging for TestResizeTerminal (#20871)
* Fix language for try out teleport intro (#20948)
* Use a GitHub app for the check and backport workflows (#20873) (#20958)
* [v11] Add node and yarn to the buildboxes in preparation for the webapps merge (#20952)
* Hardware Key UX fixes (#20949)
* Update Rust to 1.67.0 (#20883)
* [v11] chore: Bump Buf to v1.13.1 (#20921)
* Added 01/26 Upcoming Releases Update
* [v11] fix `tsh proxy aws --endpoint-url` (#20880)
* Temporarily ignore the web directory when linting for license headers.
* [v11] Migrate AppLauncher tests into webapps. (#1532)
* Rearrange buildbox layers for faster updates (#20838)
* Use ghcr image for doc tests (#20876)
* Update app tests for rewritten headers (#20801)
* [v11] Add support for Moderated Sessions in the Web UI (#1540)
* [v11] [Discover] Enable mysql flow (#1539)
* [v11] feat: login rule audit events (#1537)
* [v11] Connect: Add useWorkspaceLoggedInUser (#1536)
* [v11] Update eref (#1534)
* Decode URL encoded values from AppLauncher's ARN. (#1530)
* Update e ref (#1528)
* Add --quiet to eslint package.json script (#1510) (#1523)
* Update webapps.e reference to latest commit (#1522)
* Fix clipboard permissions apparent inconsistency (#1509) (#1513)
* Change the application access authentication flow (#1515)
* capture additional prehog events (#1508)
* [v11] backport #1505 (Revert "Use sessionStorage for Authentication Bearer Token) (#1506)
* Add lazy loading for desktop sessions (#1503)
* Add lazy loading for session playback (#1502)
* Update e ref (#1500)
* Make trusted cluster screen hidden based on user roles (#1484) (#1494)
* Update Electron to 22.0.0 (#1498) (#1499)
* [v11] Discover: Implement Day 1 Database Postgres Flow (#1487)
* Update sessionPath value to new endpoint (#1486) (#1492)
* [v11] [Connect] requestableRoles and suggestedReviewers on LoggedInUser (#1485)
* [v11] Make bundled tsh available outside of Connect (#1488)
* Connect: Add missing modal stories, misc modal fixes (#1479) (#1482)
* Include session id in Session Uploaded event display (#1476)
* awaits the file write and close to avoid data corruption (#1471) (#1472)
* Fix websocket close (#1463) (#1470)
* [v11] add app access dynamodb event (#1462)
* [v11] backport #1275 (Use sessionStorage for Authentication Bearer Token) (#1458)
* Adds a status code to the closing of the tdp client's websocket (#1442) (#1455)
* [v11] [Connect] Use resourcesList in review access request table (#1456)
* Add support for InstanceJoin and BotJoin audit events (#1414) (#1440)
* Update electron-builder to 24.0.0-alpha.5 (#1434) (#1438)
* Connect: Use typed URIs (#1394) (#1436)
* Fix Connect stories (#1422) (#1435)
* Connect: Implement tshd event handlers for db cert renewal (#1383) (#1416)
* Add `recoveryCodesEnabled` (#1408) (#1419)
* Add subject value to app sessions (#1413) (#1426)
* alert convention matches grpc (#1424) (#1425)
* [Connect] Async autocomplete (#1406) (#1423)
* Fix large file corruption (#1382) (#1421)
* capture events from webapps (#1344) (#1411)
* Connect: Tell fpm to not use symlinks when building the rpm package (#1407) (#1410)
* useAsync: Add support for abort signal (#1377) (#1409)
* Update xterm to 5.0.0 (#1400) (#1401)
* [v11] backport #1321 (Add checkbox component to design package) (#1393)
* Lazy load Telemetry only when needed (#1399)
* Fix alerts from not disappearing on route changes (#1395) (#1397)
* Display `verb`, `request_path` & `response_code` in `kube.request` events (#1384) (#1391)
* [v11] Use a single websocket for SSH connections (#1361) (#1392)
* Pass clusterUri rather than documentUri to retryWithRelogin (#1385) (#1386)
* [v11] [Connect] Use server side search in resource tables (Advanced Search) (#1381)
* [v11] Forward SSH agent (#1366) (#1370)
* [v11] Update to Electron 21 (#1351) (#1360)
* Fix iterating over null array for sshLogins from fetched nodes (#1356)
* [Discover] Refactor SetupAccess Screens (#1310)
* Prevent non-https protocol from opening external windows (#1343) (#1345)
* Shared Directory Audit Events (#1290) (#1348)
* Connect: Set up tshd events server for tshd-initiated communication (#1285) (#1339)
* [v11] retryWithRelogin: Enable use outside of document context (#1341)
* Show all kinds of active sessions (#1337)
* [v11] Log shared process `stdout` and `stderr` (#1046) (#1336)
* [v11] Discover: Add back button for `TestConnection` screens (#1329)
* Update ensureBaseUrl to use URL constructors only (#1328) (#1330)
* Update ensureBaseUrl conditional (#1320) (#1322)
* [v11] Handle private key policy errors and config (#1298) (#1311)
* Warn user when desktop is active (#1297) (#1312)
* Connect: Use gap instead of margins for <Label> groups (#1316) (#1317)
* [UI]: Make roles render as labels (#1299) (#1308)
* [v11] Connect: Accommodate for making gRPC server creds in shared process (#1220) (#1302)
* Change Session Recording created date to UTC timestamp (#1304) (#1305)
* Make linguist correctly classify JS protobuf files (#1300) (#1301)
* [v11] Stop `FeatureBox` from adding a scrollbar (#1295)
* Connect: Fix filtering internal logins (#1292) (#1293)
* [v11] Discover implement kube flow day 1 (#1287)
* Change Desktop page to link to Discover, fix k8s typo (#1289)
* [v11] [Connect] Conditionally render Access Request navigation menu (#1281)
* [v11] File Transfer UI fixes (#1276) (#1284)
* [v11] Assumed roles bar improvements (#1274) (#1283)
* Connect: Adjust size of sync button & search input (#1280) (#1282)
* Connect testing fixes (#1269) (#1272)
* Update support ticket url (#1259)
* Fixes clipboard sync (#1250) (#1267)
* [v11] Do not keep assumed requests in `app_state.json` (#1254) (#1255)
* CatchError and Discover related feature extensions (#1249) (#1262)
* [v11] [Connect] Add Document Access Requests (#1203) (#1252)
* [v11] Backports (#1248)
* Update e-ref (#1245)
* [v11] Add support for Cassandra audit events (#1241)
* [v11] Add file transfer to Connect (#1225) (#1244)
* [Teleport] Create Tabs Component(#1234)
* Fix copy for SCP upload audit event (#1233)
* TDP PNG2 (#1230)
* Handles connect and disconnect audits for database servers where database name is not given. (#1226)
* Create TextSelectCopyMulti that allows multi lines and adding comments (#1194)
* Add audit log changes for SSM executions (#1192)
* Add `WEBPACK_PORT` (#1215)
* Add application CRUD audit events.
* Elasticsearch audit events. (#1213)
* Update Hot Reloading to work under more conditions, add `WEBPACK_PORT` (#1210)
* Create a FeatureContext to replace passing features as a prop (#1211)
* Add caching to Webpack during development (#1207)
* Add events for create, update and delete `kube_clusters` (#1202)
* Remove `raw-loader` completely (#1206)
* [Discover] Desktop Setup Flow (#1172)
* Minor kube fixes (#1195)
* add cluster alert links to UX (#1193)
* Add type-check step to CI (#1197)
* Remove auto-refresh for Active Sessions list (#1196)
* Add kube support (#1191)
* Fix double scroll bars, make everything have min width 1250px (#1178)
* Add BannerList and Banner components to display cluster alerts on load (#1169)
* [Discover] Check permission during the flow step instead of at beginning (#1185)
* Use node server_name of addr.local in audit log display (#1089)
* Change DEB artifact name (#1183)
* [Discover] Bug fix appending index number to login trait names (#1180)
* [Discover] User menu checkmark, alert bubble, tweaks (#1173)
* Adds `is_empty` to the File System Object (#1174)
* Remove leftover Connect proto file, update shared process protos (#1162)
* [Discover] Add permissions checks and available Teleport versions (#1126)
* [Discover] Update copy and design tweaks (#1131)
* Update generated protos for Connect (#1155)
* Update GitHub connector template (#1157)
* Adds special handling for CapsLock on MacOS (#1153)
* Enforce react-testing-library eslint rules (#1150)
* Allow Webpack's HTTPS options to be set through environment variables (#1151)
* adds (preview) to Share Directory menu item (#1148)
* Add `--request-id` flag to connection instructions for Kubes and Databases (#1130)
* Turn on directory sharing by default (#1141)
* Add default value for CONNECT_TSH_BIN_PATH in dev mode (#1143)
* Change Linux artifact names (#1142)
* Add support for Connect builds with Touch ID (#1116)
* Ignore `*.story.tsx` when type checking during Webpack builds (#1140)
* [Discover] Implement onboarding (#1121)
* update e ref (#1129)
* Improve Linux support (#1098)
* Enable no-unused-vars (#1118)
* [Discover] Prompt the user on pressing the back button during Discover (#1119)
* Add functional empty states to discover UI (#1106)
* bump e-ref (#1117)
* [Discover] Refactor context and top nav user menu dropdown (#1113)
* Reorganize approach to cluster names (#1086)
* Move electron-builder to a JS file (#1111)
* [Discover] Refactor and re-use Main component styling (#1112)
* Add warning dialog for unsupported browsers for directory sharing (#1110)
* Add an event for when a session recording is accessed (#970)
* SharedDirectoryDeleteRequest and SharedDirectoryDeleteResponse (#1096)
* [Discovery] Add Finish Component and Tweaks (#1109)
* Remove building native deps from `yarn build-term` (#1058)
* Use `.ico` for Windows (#1097)
* style sidebar (#1104)
* Update app access events (#1100)
* Remove AgentConnect (#1099)
* [Discover] Test Connection Boilerplating (#1094)
* `SharedDirectoryCreateRequest` and `SharedDirectoryCreateResponse` (#1090)
* Show Connect icon in better quality (#1091)
* Add a playback speed selector for Desktop Access recordings (#1072)
* [Discover] Add resource discovery polling and static OS logins (#1088)
* [Connect] Refactor FormLogin and add passwordless capabilities (#1019)
* `SharedDirectoryMoveResponse` (#1074)
* Switch webapps automation to main repo (#1082)
* Mark app session with "AWS" (#1050)
* Refactor input focusing after transition (#1071)
* Move focus to active document (#1070)
* Dockerfile: Check yarn.lock only on CI servers (#1076)
* Use git diff to show the difference after yarn install (#1069)
* Update e reference to master (#1073)
* Add protocol interceptor (#1025)
* useDocumentGateway: Default to '' rather than '0' (#1061)
* Add SFTP audit events (#968)
* Add ability to change port for db proxy (#900)
* CI: Fail if an update to yarn.lock is needed (#1047)
* Remove the stash (#1055)
* webassets: stash and pull to stay up to date (#1054)
* Further improvements to the webassets automation (#1053)
* `SharedDirectoryMoveRequest` (#1045)
* Fix git push (#1052)
* Checkout webassets at the right branch (#1051)
* Set TCP protocol explicitly (#1048)
* Tidy up `sharedDirectoryManager` (#1010)
* `SharedDirectoryWriteResponse` (#1008)
* `SharedDirectoryWriteRequest` (#1007)
* `SharedDirectoryReadResponse` (#1005)
* `SharedDirectoryReadRequest` (#1003)
* `SharedDirectoryListResponse` (#1000)
* `SharedDirectoryListRequest` (#999)
* Add automation to update webassets on push (#868)
* `SharedDirectoryInfoResponse` (#996)
* Add resource selection scaffold (#1035)
* [discover] Create Download Script Component (#1028)
* Add dash to Windows artifact name (#1039)
* Make "Learn More" button open Connect docs (#1040)
* Allow only one instance of Connect (#1038)
* Allow users to update Upgrade Window Start (#980)
* Connect: Wait for tshd gRPC server to start (#1021)
* Fix minor Windows issues (#1027)
* Add Windows support for Connect (#971)
* Fix the plugins for Connect so React Refresh works (#1032)
* Add unsafe-eval to CSP in dev mode to make source maps work (#1031)
* Added eslint rule to enforce the order of file imports (#1030)
* Add source maps and type checking to Webpack, config improvements (#985)
* Create LoginTrait Component (#992)
* Add section to README about audit events (#1022)
* Add `c-` prefix to the OS field of the feedback form (#1009)
* Display UTC time in audit log and session recording log (#991)
* Remove pathname injection in 404 message (#1002)
* added a content-security-policy (#987)
* add database uses db configure create (#912)
* Fix bug caused by having no participants in a Kube session recording (#995)
* updated webPreferences config (#988)
* deny any permission requests until needed (#986)
* `SharedDirectoryInfoRequest` (#966)
* `SharedDirectoryAcknowledge` (#965)
* `SharedDirectoryAnnounce` (#960)
* Remove unnecessary tranformValue for gap (#984)
* Updates Babel build targets (#977)
* Apply discover perm check (#982)
* Add gap property to Flex (#981)
* Fix typo in malformed packet error (#978)
* Update caniuse-lite (#975)
* Add k8s to recordings and active sessions list (#972)
* Remove EOT fonts (#969)
* Update teleterm protobuf files (#967)
* autofill username if loggedInUser exists on cluster (#954)
* Add targetUser to DocumentGateway help text (#961)
* Discover wizard screen POC + boilerplating (#942)
* Directory sharing menu item (#952)
* [3/3] Prettify teleterm package and add prettier to CI rule (#956)
* [2/3] Prettify shared, build, and teleport packages (#955)
* [1/3] Prettify Design Package (#953)
* Adds directory sharing flag to the ACL, protected by a config variable (#951)
* Connect: Add note about resource lifecycle to readme (#950)
* wrap switchTab in a conditional (#941)
* Change page size in Connect to 15 (#943)
* Make DocumentGateway responsive (#944)
* fowards path parameter to app access authentication (#913)
* Change window title to `Teleport Connect Preview` (#939)
* Add section about --insecure to Connect's readme (#937)
* Sort connections only when the list opens and show newest on the top (#925)
* Filter out logins starting with dash (#932)
* Update "Connect with GUI" section, add universal context menu (#926)
* Add default username for Redis (#919)
* Fix menu bug (#929)
* Limit db connections to one per db server & db username (#889)
* if no tab present, do nothing when CMD+W pressed (#923)
* Add ability to change db name for db proxy (#883)
* Fall back to leaf cluster id when restoring leaf cluster terminal document (#920)
* Update eref: change language 'search' to 'resource' access req (#921)
* Show connection type in connection tracker (#906)
* Show cluster breadcrumbs (#901)
* Remove username from the `Identity` selector (#903)
* Connect `ShareFeedback` with API (#899)
* Update e-ref: prevent rendering with nonrecoverable error [access request] (#910)
* Small fixes and tweaks while going through test plan (#908)
* Refactor StepSlider Component (#884)
* changes 0.0.0.0 to 127.0.0.1 (#905)
* Add story for Identity (#902)
* Update e-ref for story fix (#897)
* Update e-ref: fix for search based request list total count bug (#894)
* Revert "setup project to run prettier (#886)" (#893)
* Mention Teleport Connect in the README (#888)
* Ensure the gateway is created only when opening the document (#890)
* setup project to run prettier (#886)
* Re-order kube resource connection instructions for clarity (#880)
* Add share feedback form (#878)
* Show node specific ssh logins options (#873)
* Add `TextArea` and `FieldTextArea` components (#870)
* Update e-ref (#881)
* Build Connect in Webapps-Build pipeline (#874)
* Restart cluster gateways on login (#879)
* Add error callback to `handleRequest()` method on devserver (#877)
* Various small fixes and touch ups (#876)
* Add `access_request.search` event to audit log (#875)
* Show recent clusters list (#865)
* Search based request related changes and Table addons (#867)
* Improve handling timeouts when resolving shell env (#862)
* Fix null role response from users fetch (#871)
* Change app name to `Teleport Connect` (#869)
* Fix logout icon (#859)
* Create agent type for resources (#828)
* type-check script: Perform type check only (#861)
* Add missing word to `PromptSsoStatus` (#854)
* SQLServer audit events (#860)
* Fix types for Logger/NullService (#864)
* Retry with relogin on errors related to expired certs (#846)
* Capture tshd logs (#853)
* Allow "Activity" tab to be hidden (#844)
* Add get-teleport-connect-dir script (#856)
* Use only dmg target for Teleport Connect (#855)
* Update eref for docs link fix (#850)
* Do not show the login dialog when user adds a cluster that is connected (#840)
* Prevent `active` label jumping in identity list (#839)
* Remove connections when logging out (#837)
* Increase scrollback size to 5k lines (#838)
* Do not include secrets in gRPC logs (#829)
* Add cloud link download to Help & Support (#820)
* Create a LabelPicker component (#823)
* yarn.lock: electron@^19 -> electron@19.0.0 (#833)
* Upgrade Electron to 19.0.0 (#830)
* Add two event codes for SSO test flow. (#717)
* Prevent `restorePersistedState()` crash when there is no persisted workspace for a cluster (#825)
* Add gRPC files generation and logging to shared process (#821)
* Update Electron & add shared process (#819)
* Add tooltips with keyboard shortcuts (#822)
* Refactor Teleport Reset/Invite Flow (#818)
* Create new SlideTab component (#817)
* Refactor Teleport Login Flow (#816)
* Create StepSlider Component (#815)
* useDocumentGateway: Remove null rootCluster checks (#814)
* useDocumentGateway: Pin shell to correct cluster (#812)
* Add Kubes initial sorting (#810)
* Add Initial Sorting for Tables (#809)
* Add Clickable Labels (#791)
* Add predicate doc link with predicate error messages (#776)
* Update e ref (#805)
* Add new icons: key, arrow forward/back (#804)
* Device name wiring and clean up FormNewCredentials (#803)
* Passwordless wiring on login and add device (#724)
* Indicate whether session.network events were allowed or blocked (#800)
* Move RecoveryCode component from enterprise (#789)
* bump webapps.e hash.
* Fix pagination bug (#798)
* Bump Teleport Connect version to 1.0.1 (#796)
* Omit title when comparing previous and current documents (#788)
* Update author and owner in package.json to be Gravitational (#792)
* update webapps.e submodule.
* Pin local shell to the specified cluster (#767)
* When updating cluster resources, remove only those that belong to this cluster (#782)
* Simplify k8s join (#750)
* Replace "Lorem ipsum" for empty states (#756)
* Hide command bar when no cluster is selected (#772)
* Prepend PATH with bundled tsh (#769)
* Change predicate example to use bracket notation (#774)
* Add configure step (#751)
* Add support for notarization (#770)
* Use new Teleconnect icon (#768)
* Teleport Connect: Add dropdown for database name (#757)
* Remove state related to a cluster when removing it (#755)
* Fix trying to read from a null token (#759)
* Fix check for the --insecure flag (#758)
* Show database username suggestions in Teleport Connect (#754)
* Change app name to `Teleport Connect` (#753)
* Add Serverside Pagination, Filtering, and Sorting (#739)
* Resolve issues on logout (#740)
* Change connections shortcut to `Command/Ctrl-P` (#747)
* Fix getting cwd in presence of lsof warnings (#745)
* Add IAM method to web ui (#690)
* Close `Identity` popover after selecting an option (#741)
* Fix not clickable notifications when displayed over xterm
* Use new colors for theme
* Bring back native scrollbar as the styled one causes content to jump when it becomes visible
* Use the mac package download link instead of the tarball.
* update webapps to support more MySQL audit events (#729)
* IdentityList: Move roles list back into conditional (#736)
* Add max-width on Identity popover (#735)
* DocumentGateway: Replace the Copy button with a Run button (#733)
* Use dropdown for the db connect button (#732)
* Fix path to packaged assets in Teleterm (#731)
* Use DB CLI commands provided by tsh daemon (#726)
* Show cluster document instead of keyboard shortcuts as an empty state
* Show leaf cluster selector only when cluster has leaves
* Adds the Servers tab as a configurable UI feature (#728)
* Save window size and position
* Create shared instance of `fileStorage` for all processes, save app state before closing
* Handle cancellation of `ClusterConnectDialog` when changing workspace, use `onCancel` instead of `onClose`
* Ask user whether to reopen previous documents
* Support Electron's main process environment in `theme/getPlatform()`
* Move App initialization to the `AppInitializer` so it has access to all contexts
* Use dark background for the window
* Resolve shell env (#718)
* Simplify the db connection tab (#720)
* Prevent crash when network or cluster is offline (#712)
* Add Redis, MariaDB and Microsoft SQL Server to DB wizard (#709)
* Improve Teleterm README (#719)
* Remove u2f components and logic (#711)
* Use teleterm/logger in runtimeSettings (#716)
* Remove global `keyDown` handler from `KeyboardArrowsNavigation` as it blocked submitting forms
* Submit modals' forms on `Enter` press
* Revert "Use x64 arch when building & packaging Teleterm"
* Fix accessing `serversSyncStatus` Map in `clustersService`
* Do not block app rendering when initializing function fails
* Use `Notifications` error in `syncRootCluster()` and `removeGateway()`
* Show errors in `ClusterResources`' tables using standard `Danger` labels
* Add `Notifications` component and service
* Use x64 arch when building & packaging Teleterm
* Update e-ref
* Update getMfaOptions to createMfaOptions
* Fix half auto-filling OTP's for input boxes meant for it (#706)
* Update to electron@13.6.9 (#703)
* Limit navigation capabilities to reduce attack surface
* Update node snapshot for new terminology.
* Modify wording of add node messaging.
* Add view documentation button to desktop view.
* Fix Active Sessions Table Misalignment (#699)
* use has* to determine when to render the Add resource buttons.
* Properly use `css` prop
* Make connections icon bigger
* Enable `babel-plugin-styled-components` in production and tests (#697)
* Apply `Identity` design changes
* Change command `cluster-remove` to `cluster-logout`
* Adjust `Identity` layout, combine `logout` and `clusterRemove` into a single action
* Update snapshots for new UI changes.
* Cleanup issues with jumping elements and some button cleanup.
* Use connection dropdown instead of modal for supplying SSH username
* Render ssh menu item as `NavLink` only when URL is provided
* Update protobufs for Teleterm (LoginRequest params)
* Update command for updating proto files
* Show username when possible in identity list (#687)
* Prevent breaking layout on long cluster name (#688)
* remove `Navigator` code (#685)
* Update electron-builder to 23.0.3
* Fixed up failing CI.
* Update failing snapshot tests from the updated Empty UI.
* Use inline style instead of modifying text template.
* Lint
* Fix flashing the 'add entity' button on load when empty.
* Hide header add button if empty.
* Update desktop UI empty state to new layout.
* Updated nodes page to new empty state.
* Update empty state for databases to new design.
* Update empty Kubernetes listing page to new design.
* Format Empty component to new design layout and apply new change to applications view.
* Change shortcut to open `QuickInput`
* Force `TopBar` items to take full height
* Hide kubes and apps
* Show leaf cluster name when possible in Connections list
* Change placeholder text in `ClusterAdd`
* Autocomplete database names for tsh proxy db
* Don't close the tab on non-zero exit code
* Always use root cluster URI to obtain `documentsService` in `useServerConnect`
* Update connection icon
* Automatically try to connect a connection when possible
* Display cluster name for each connection
* Take `localClusterUri` into account in `QuickInput` (#679)
* make middle part of `TopBar` central
* always show active item in `QuickInputList`
* adjust `QuickInput` to match designs
* add simple empty state to pickers
* Launch unsupported invocations of tsh ssh in local shell
* Remove leftover cruft from quick pickers
* Simplify manual db join (#653)
* Refactor join tokens generation to use new endpoint (#672)
* Update teleterm styles (#674)
* Create DocumentTshNode after executing "tsh ssh" in command bar
* Include command to run in AutocompleteResult
* useQuickInput: Rename serviceQuickInput to quickInputService
* Fix opening new terminal when there's no active document
* Adjust how showing & hiding autocomplete works in command bar
* Append space after picking command suggestion
* Open command bar commands in new local shell
* Autocomplete ssh hostnames
* QuickInputService.getAutocomplete: Return no-match on empty suggestions
* Automatically append @ after ssh login suggestion
* Ignore case for autocomplete
* Autocomplete commands and ssh logins
* Remove old pickers, rename Item to Suggestion
* Remove code related to empty command bar item
* Show autocomplete suggestions in command bar
* Remove command palette commands from command launcher
* Reformat commandLauncher.ts
* Improve identity picker (#670)
* Add clusters picker (#668)
* Update e-ref for regression fixes (#665)
* Fix Table Regression Bugs (#642)
* Support the 'unknown' audit event
* Updates Alert to use break-word (#655)
* Add keyboard support to `Connections` popover (#651)
* changes hostname to be the hostname rather than the ip addr (#654)
* Simplify manual app joining process (#641)
* Add connections switcher (#647)
* smooth out progress bar (#648)
* Add cluster context switching (#624)
* added internal back in
* Add windows internal logins back in
* internal k8s users
* internal k8s groups add
* remove whitespace and changes
* grammer
* Set all protocols
* Update default roles template
* desktop playback error handling (#638)
* only synchronize clipboards if data was or is going to be sent (#640)
* Update FormLogin.tsx (#608)
* Disable autocomplete on the SSH login input (#605)
* Fix two 'unkown' mispellings in alerts
* Use generated join token to simplify manual resources join (#619)
* Maintain aspect ratio on Desktop Playback (#635)
* Edit api response for getXXX (resources) (#622)
* Fix clipboard sync (#628)
* added missing prop.
* lint.
* Add cluster name to `tsh login` for kube instructions (#632)
* Use prop drilling to get the isEnterprise flag down into the DownloadLinks components.
* Remove the context calls from DownloadLinks to make testing easier.
* Update command for generating gRPC files for Teleterm
* Add more tests to Teleterm (#601)
* add missing license.
* If running in enterprise version then provide the enterprise download links.
* desktop per session mfa (#613)
* Clipboard (#594)
* Add chrome as unsupported for U2F checks (#609)
* Update e-ref for fetch more btn move (#607)
* Move Fetch More Button In Table (#606)
* Fix date picker (#604)
* postgres function is not prepared statements, revert
* update postgres events, and 2 more mysql statements event
* Add desktop clipboard audit events
* switch recordings service endpoint back to clusterEventsRecordingsPath so that returned recordings respect rbac where clauses, and users won't try to playback desktop sessions they don't have permission to (#600)
* Add `VirtualScroll` component (#595)
* add UT and test out storybook
* Add the `cert.create` event (#584)
* Update teleterm proto files (#593)
* Allow the automatic toggle to be visible when adding new nodes in OSS version.
* add db_name
* add events
* modifyResponse: Add optional space before /> to regex (#591)
* Teleterm Preview (beta) (#590)
* moving progress bar (#577)
* Add session connect event (#583)
* Update e-ref for flaky test fix and DataTable import (#582)
* Remove DataTable v1 (#573)
* Add storybook, make TunnelPublicAddress prop optional
* Add public tunnel address
* desktop session recording (#572)
* Fix typo in makeCluster and add unit test (#578)
* Update e-ref for date-fns migration (#571)
* Replace momentjs with date-fns (#568)
* Fixed the lint warnings for unused variables in the desktop session story.
* List recordings (#558)
* Add x11 forward events (#561)
* Clean up custom cells in Tables (#550)
* Update e-ref for updated UsageSummary and RequestList (#551)
* Update MfaDeviceList to use TableV2 (#549)
* Update RecordingList to TableV2 (#546)
* Table V2 Tweaks (#544)
* Update SessionList to TableV2 (#545)
* Update ClusterList to TableV2 (#548)
* Update RoleList to TableV2 (#542)
* Update UserList to TableV2 (#543)
* Update EventList to TableV2 (#541)
* Disable drone for PR (#540)
* Add Postgres Audit Events (#512)
* Update AppList to use TableV2 (#535)
* Add the `access_request.delete` event (#532)
* Update DesktopList to use TableV2 (#537)
* Update KubeList to use TableV2 (#536)
* Update DatabaseList to TableV2 (#534)
* Update NodeList to use Table V2 (#525)
* Add Table V2 (#524)
* Update xterm to the latest (#511)
* Adds a TDP Error message (#527)
* Replace `waitForElement` and `wait` with `waitFor` in tests (#529)
* Add error message for failed SSO authorization (#530)
* Add pagination to SelectFilters component (#518)
* Address `eslint` warnings (#522)
* Restore Build pipeline in CI (#521)
* Remove unused code (#517)
* Revert "Remove old `PlayerNext` (#513)" (#515)
* Remove old `PlayerNext` (#513)
* Create url filter and query params hook (#465)
* FIx devServer csrf and berear token handling (#506)
* Move search bar into Table (#502)
* Update e-ref for Invite/Reset refactoring and YAML import fix (#503)
* Fix YAML template imports (#501)
* Refactor Invites/Reset Components (#496)
* move jest rules to test overrides (#498)
* Add Separate Recordings List Service (#491)
* GCB buildfile
* cleanup `webpack.base.js` (#476)
* CR
* Makes getDisplaySize its own function
* removing unecessary client from onInit
* mirroring backend variable name updates
* updates to use connection string params rather than json
* attempting to add login and screensize to websocket string but getting smartcard not enabled, going back to master for a sanity check
* Update build depedencies (#473)
* Update e-ref for invite/reset welcome card (#483)
* Add prompt prior to form for Invite and Reset (#479)
* Make language for empty resources list more accurate (#472)
* Fix Safari Favicon & Update Docker Node Version (#464)
* changes inaccurate desktopId to desktopName
* updated to use cleaner backend api
* adds useMemo for document.title
* consolidating username, desktopId, clusterId extraction
* mimics clusterId • username@hostname document title of console for desktop sessions
* Create a general multiselect filter component (#454)
* Bug fix: Show a authentication dialog for web terminal (#452)
* Add created date to recovery codes respones (#442)
* State UTC timezone for consistent dates in tests (#449)
* Add account dashboard support for SSO users (#445)
* Update e-ref for dashboard (#446)
* MFA Device Management Dashboard (#412)
* Add audit log support for privilege token event (#440)
* adds Firefox specific keycodes
* adds mouse wheel support
* add preventDefault to prevent default browser shortcuts from interfering with desktop sessions
* refinements while creating isaiah/features-test branch for enterprise repo
* adds a test to ensure that the client only emits a "connect" message on the first png frame
* emit connect event when the connection is actually confirmed
* adds back disconnected flag (now private)
* Revert "removing disconnected flag"
* adding desktops to the cluster list
* fixing cell naming and component usage
* adding name column
* Add webauthn options to forms (#423)
* changing ts to js to remove allow json from tsconfig to see if that fixes ci error
* Remove the OS column in the desktop list view
* updating test and snapshot
* changing the disconnected message
* configuring Audit logs to display desktop events
* removing disconnected flag
* redesign to remove focus variable
* refactored with styled components
* removing resize
* moving TdpClientCanvas to its own directory
* CR nits
* refining naming
* Change RenderData to ImageData
* adds test for decoding regions
* adds test for message decoding
* Adds Desktops (preview) to the Main.story
* fixing test.
* making chrome-windows keycodes the default
* changing desktopServers to desktops
* fixing tests
* adds ui labels
* removing unnecessary useCallback
* shorter topbar and domain changed to hostname
* pipes in the windows logins from the userACL and displays allowed logins (carbon copy of how we do it for ssh server access
* Adds (preview) to desktop features and adds acl check for desktops. Now needs to add logic for windows_desktop_logins
* dealing with ts version discrepancy
* removing saveMessages flag
* rename connection to connectionAttempt
* performance testing code for requestAnimationFrame-array
* Sets up the basics of a performance test in storybook
* adding flag for capturing arraybufs as they come in and printing them to the console on disconnect
* fixing storybook
* makes system work accross browsers by using onload function
* moves openNewTab into a utils file and uses it for Desktop
* adds storybook and fixes incorrect loading jsx logic
* big performance improvements by converting image array buffer to a base64 encoded string and strapping that as the source of an html image element
* Changing websocket type to arraybuffer and modifying codec to work with that
* ignoring unrecognized keys
* refactor
* extending protocol functionality to full mvp functionality
* finishing touches
* makes TdpClientCanvas its own file component with state hook
* refactored internal structure
* refactors client and DesktopSession to simplify state management
* Revert "Noticed that it was confusing the the tdpclient was now both an emitter, and could return a Promise on the initial connection. This redesign puts the Promise logic into useDesktopSession so that tdpclient remains exclusively an event emitter."
* Noticed that it was confusing the the tdpclient was now both an emitter, and could return a Promise on the initial connection. This redesign puts the Promise logic into useDesktopSession so that tdpclient remains exclusively an event emitter.
* makes tdpclient.connect a promise so that it can be passed into a Promise.all and state can be consolidated
* changing styling
* CR
* adds disconnected state, adds storyboard
* Updating comments
* switches jsx components to use useTheme hook instead of being a implicit styled-components theme consumers which is confusing
* gets the real user@Host and adds logic for tracking a meta state between rest api calls and websocket
* updating topbar, icons, adding action menu
* Moves TopBar into its own file, adds ActionMenu (needs to updated with appropriate in-menu behavior)
* adds clipboard sharing en/disabled text and icon
* replace direct call to socket.close() with a tdpclient.disconnect for easier mock-ing
* adds cleanup handling and fixes bugs
* converts client to be an emitter
* deleting vestigial cruft
* move connection string wrangling to hook
* renamings and minor fixes
* First draft of a system which can pop up a new desktop session and render desktop screen to canvas
* Moves getHostName into api service for use elsewhere in the code
* Opens a new window when a desktop is selected (currently displays an empty Console component)
* nit
* removing status light
* CR
* nits
* cleaning up rdp port from domain addr
* Adds the basic design for the table
* Adding Desktop and Circle icons
* displays desktop data in table
* Strips Desktops of some database cruft that I'm not focusing on for now and creates a desktops service which successfully retrieves desktop objects from the backend
* renaming DatabaseList to DesktopList
* renaming Databases.tsx to Desktops
* copying Databases into a new Desktops dir and adding it as an option in the sidebar, and renaming useDatabases to useDesktops
* small fixes from final CR
* cosmetic changes + updating based on updated rfd0037
* renaming to "tdp"
* adds the nodejs TextEncoder to the window
* updating to use browser TextEncoder api. Unfortunately its another one jsdom hasn't caught up to yet
* adding codec and encoding tests
* Add webauthn support to web terminal mfa prompt (#421)
* Add webauthn methods to auth service (#418)
* Remove depracated endpoints (#417)
* Add Array Buffer and Base64URL converter (#415)
* Add database created/updated/deleted events (#413)
* Move FormLogin and FormInvite from shared to teleport (#411)
* Delete Gravity (#410)
* Update e-ref (#408)
* Add support for SessionProcessExit event (#407)
* Yarn workspace fails to add local package as dependency (#405)
* Add Account Recovery Flows (#398)
* Fix table pager clipping (#390)
* Update e-ref for access requests table fix (#392)
* Add support for unicode passwords (#389)
* Add watcher that logs user out when reaching max idle timeout (#378)
* Add lock events to audit log (#377)
* Update Github YAML (#365)
* Temp fix for empty paginate result in session recording list (#368)
* [forward-port] AWS Console Access Tweaks (#366)
* Fix overflowing text with long cluster name in tc list view (#361)
* update e-ref (#360)
* Convert applications tiles view to table view (#340) (#359)
* Update e-ref: Access request bug fix and design update (#355)
* MongoDB and MySQL GCP support (#350)
* Use filter `session.end` to retrieve events for session recording screen (#339)
* Allow webapps to build without e (#352)
* Update trusted_cluster_enterprise.yaml
* Revert events list sorting back to original (latest to oldest) (#341)
* Add pagination to Audit Log screen (#329)
* Update drone signature for drone.teleport.dev (#334)
* Empty States (#333)
* Refactor services get link return value (#331)
* Refactor default dropdown selector CSS (#317)
* Add more icons to design package (#327)
* Update e-ref for changes in switchback banner (#324)
* Add kube and db to our cluster list action menu (#323)
* :memo: Update e-ref for webapps.e database
* Created database access screen (#303)
* Update e-ref on adding Kube feature (#318)
* Create Kubernetes access screen (#304)
* Language/wording fixes with our editor (#313)
* Fix manual tsh login commands for apps and nodes (#311)
* Set default empty object on regular renew token request (#314)
* Filter out session end events with "session_recording" set to off (#306)
* Use dedicated API for app FQDN resolving (#284)
* Update e-ref on billing chart ytick formatting fix (#290)
* :bug: Fix not being able to filter nodes by searching exact label
* Updated empty node name to N/A and changed the placeholder text (#246, #276) (#278)
* Update renew session response and renew URL (#261)
* Type and style tweaks and add unix display date (#257)
* Correct misspelling in kubernetes comment for role (#263)
* Remove duplicate `deny` section in Role template (#260)
* Update e-ref: Remove verb update check for access request reviews (#258)
* Update README.md
* mfa related fixes (#251)
* Add more fields to user context (#216)
* terminal: check whether the browser supports U2F (#249)
* ssh: handle U2F challenge in web terminal (#248)
* Update link to github discussion and feedback email (#239)
* Add billing events for audit logs (#245)
* Convert datetimes returned by day-picker lib to begin at start and end of day (#244)
* Support multiple MFA methods on login (#241)
* Add Billing Feature (#238)
* Increase token renewal threshold to 3 min (#242)
* Update README.md
* mfa: support multiple U2F devices on login (#236)
* Handle new MFA audit events
* Implement OAuth-style state token for AAP auth flow
* Disable use of web workers in ace editor (#232)
* Fix bug and consistent error banner placement (#233)
* Fix error handling on the Delete Role Dialog (#231)
* Open source and refactor resources (#222)
* Refactor error handling for auth cn (#226)
* Add app URI validation regexp to match backend logic (#227)
* Tiny grammar fix (#223)
* Check for browser u2f support and display user-friendly err msg (#218)
* Update README.md
* Update README.md
* Update README.md
* Populate "Node" name in k8s session recordings (#214)
* Update e-ref (#213)
* Replace app name check with regex that conform to rfc 1035 (#210)
* Refactor and update user context object (#211)
* Add database access audit events
* Set default role to 'admin' vs 'admins' (#208)
* Grab auth type from config for manual step flag --auth (#201)
* Rename Blog (#202)
* Update links to https://goteleport.com (#200)
* Fix manual steps and remove share session dialog (#199)
* Disable AddServer and AddApp buttons on leaf clusters (#198)
* Fix some regression bugs (#197)
* Fix instructions for Manual steps (#196)
* Minor improvements to dialogs (#195)
* Add ShareSession dialog and share button to DocumentSsh (#193)
* Safari fixes (#192)
* Add KUBE_REQUEST event and improve existing k8s events (#190)
* Lisa/manual testing bugs (#189)
* TextSelectCopy appends $ to text when bash flag is true (#188)
* Teleport V5 (#185)
* [teleport] Implement account access check and waiting room (#178)
* Fix case sensitive testing for sso providers (#174)
* [teleport] Add session.reject, trusted_cluster.create/delete events (#172)
* [teleport] Handle null value response when retrieving audit logs (#166)
* Remove gh from web-apps Docker image (#154)
* [teleport] Remove url, proxy version, node count from clusters list (#152)
* Update gh version to latest
* [teleport] Remove checking for error keywords for websocket close event (#147)
* Install gh in Dockerfile
* Tidy up
* Tidy up
* Remove update-teleport-repo
* Change update-teleport-repo job to raise a PR rather than instantly committing
* Raise a PR rather than pushing to Teleport
* [teleport] Set server/cluster ID for new session requests (#140)
* [teleport] Fix flex issue with terminal ActionBar (#141)
* Check out submodules
* Check out submodules
* Change directory
* Split up steps and add dockersock
* Install make
* Sign file
* Add initial .drone.yml
* [teleport] Work around for server sending close events for shell exit errors(#127)
* [teleport] Drop UTM link prefixes (#128)
* Add boaders and onhover styles to table rows (#126)
* [teleport] Fix grammar for non/interactive session event log (#124)
* [teleport] Various fixes (#123)
* Typescript conversion mostly in shared package (#120)
* Fix a bug with 0 nodes in the cluster list
* Add Open Terminal Button to the Cluster List (#121)
* Bring back QuickLaunch (#118)
* Better audit events description (#117)
* [teleport] Set user permission for viewing audit logs (#116)
* [design] Remove uppercasing of login names (#115)
* Update icomoon library with new icons (#114)
* Touchups round 2 (#113)
* Grammatical fix (#112)
* [Teleport] Remove sessions view from Audit Log (#109)
* [Teleport] Use native URLSearchParams to handle escape symbols in URL params (#107)
* [Teleport] Account for empty hostname and server addrs in Session (#106)
* Allow dashes for login name in QuickLauncher (#108)
* [Teleport] Replace session button with quicklauncher in Node (#105)
* [Teleport] Fix assortment of user issues (#103)
* Update e-ref (#104)
* [Teleport] Tweak styling for topbar auto scrollX and text alignment (#102)
* Replace cluster view button and open terminal related actions in new tabs (#101)
* Check for expired session before resources unload (redirect) (#100)
* Fix session scroller (#99)
* Replace "entity" with "name" in Audit Events
* Delete un-used files
* Alexey/updateddesign (#98)
* Update xterm to 2.8.1 (#95)
* Filter non interactive sessions out (#94)
* Address code review
* Change action btn, rename title, refactor fetchSession
* Add back clusterId for makeSessions, refactor fetchSession
* Clean up active sessions list
* update e-ref
* Bump jquery from 3.4.1 to 3.5.0 in /packages/gravity (#89)
* [Teleport] Allow switching tabs with hotkeys (#81)
* update e-ref (#82)
* [Teleport] Create Support component, story, and snpashot test (#78)
* Fix U2F login error messages (#76)
* Display nodes hostname instead of its ID under session audit log (#75)
* Display hostname and addr in active sessions list (#74)
* README file updates
* Fixed broken docker build
* Cleanup
* Type SessionList
* Use local tsc intance when building force project
* Fix eslint warning messages
* Add proto files to force MVP
* use custom scrollbars styles on macs
* Address url-loader breaking changes
* Fix OSS redirects (#72)
* Auto close active terminal tab on terminal.close event (#73)
* update e-ref (#71)
* Fix url-loader and file-loader (#70)
* Fix build pipeline (#66)
* Display cluster info when user clicks btn using user context (#63)
* Simplify and clean up Makefile (#62)
* use UTC in unit-tests (#58)
* Fix broken tests (#59)
* Automated builds (#53)
* Receive auth version for Cluster interface (#54)
* update e-ref (#57)
* fix: vscode does not resolve aliases in the new files
* Fix peer dep. warnings (#56)
* Cleanup
* cleanup
* dist files + updated e-ref
* Update e-ref
* JS to TS migration (#55)
* [teleport] Receive and display nodeCount and publicURL in cluster table (#52)
* Remove unused imports from makeEvent.ts
* Typescript migration (#51)
* [Teleport] Prompt user with a confirmation window for session tabs (#49)
* Refactor tabs creation to a separate hook and add unit-tests (#50)
* Do not rerender in-active document (#47)
* regenerate dist files
* New Terminal (#46)
* Unit test rest of Dialog*.jsx and TopNav*.jsx (#45)
* Read localAuthEnabled config from backend (#44)
* Unit Test Popover (#43)
* Unit test teleport/Login (#40) closes #39
* Test rendering of SideNav, SideNavItem, SideNavItemIcon (#41)
* Unit test featureBase (#38)
* Unit test useStore (#37)
* Unit test FormPassword (#36)
* Unit test FormLogin (#35)
* Unit test FieldSelect (#34)
* Test useRule unsubscribe behavior and some cleanup (#33)
* Unit test FieldInput (#32)
* Unit test useRule custom hook from Validation (#31)
* Prettify package design (#25)
* Unit test rules.js and Validation provider context (#30)
* Prettify package shared (#27)
* Prettify root config files for *.{js,json} (#29)
* Update README.md
* Unit Test ButtonSso and Validator Class (#24)
* Unit Test shared/ActionMenu (#23)
* Update dist files
* Fix modal test failing and include code coverage scripts (#22)
* Unit test design pkg (#18)
* Update E reference and port Gravity changes (#17)
* Add unit-test for Portal component (#16)
* Unit test LabelInput and LabelState (#15)
* Unit Test Design/Package/* [Part 3] (#14)
* Unit test all components inside Table.jsx (#13)
* Add vscode config file
* Add ResetPassword and Invite (#12)
* Unit Test Design/Packges [Part 2] (#11)
* Unit test Design/Alert, Button, ButtonIcon [Part 1] (#10)
* Snapshot Test package/gravity/login Story (#9)
* Finish converting package/design stories to CSF [Part 3] (#8)
* Disable eBPF stories (#7)
* Convert Card*, DataTable, Dialog*, Flex stories to CSF [Part 2] (#6)
* Update README and convert Alert, Button to CSF (#5)
* Upgrade storybook and convert a few stories to CSF
* Disable github hooks
* Docker should work when submodules are missing
* Rename e submodule to webapps.e
* Fix storybook sorting
* Add Force Web UI package
* Add initial BPF viewer implementation
* Add typescript support and update npm depenencies
* Update README.md (#2)
* Fix user invite
* Fix typos
* Add a better comment
* Do not delete dist folders on make clean
* Update packages/build README file.
* Update e-ref
* Allow custom webpack config in dev builds
* Refactor dev server code
* Change default datetime format
* Fix type on design stories
* Update e-ref
* Docs (#1)
* Exclude all dist folders
* Update e-ref
* dist files
* Update e-ref
* Add E reference
* Move code to this repo
* Initial commit
-------------------------------------------------------------------
Tue Jan 31 15:22:27 UTC 2023 - kastl@b1-systems.de
- Update to version 11.3.1:
* Release 11.3.1 (#20864)
* Add tsh proxy types aws,db,ssh to CLI ref (#20547)
* Fixed issue where container image tag and push step would fail due to missing `docker pull` `--platform` argument (#20859)
-------------------------------------------------------------------
Tue Jan 31 15:16:55 UTC 2023 - kastl@b1-systems.de
- Update to version 11.3.0:
* Release 11.3.0 (#20841)
* InstallNode Script: use correct version (oss vs ent) (#20816)
* WebAPI/CreateDB: improve error message when DB already exists (#20755)
* [auto] Update webassets in teleport/branch/v11 from webassets/teleport-v11 (#20803)
* [v11] Add support for Moderated Sessions in the Web UI (#19647)
* Fix key attestation error on `tsh login` (#20712)
* [auto] Update webassets in teleport/branch/v11 from webassets/teleport-v11 (#20790)
* Renew Kubernetes cluster credentials until the cluster is removed from inventory (#20788)
* [v11] update e and webassets to latest v11 (#20780)
* [v11] feat: evaluate login rules for OIDC and SAML users (#20738)
* Pass parent context to `prompt.Confirmation()` in `identityfile`. (#20685) (#20773)
* [v11] feat: evaluate login rules for GitHub users (#20737)
* fix(azure): verify if system identity is set (#20483)
* Add test that verifies connectivity when Auth is down (#20450) (#20683)
* [v11] Reject access requests with invalid cluster names (#20674)
* [v11] Convert rhel `VERSION_ID`s to only include the major version (#20604)
* Fix two issues with Oracle MySQL client on Windows. (#20599)
* [v11] feat: add login rule audit event types
* [v11] feat: add RW verbs for login rules to preset editor role
* [v11] ci: Use large macOS runner for build-macos workflow (#20718)
* [v11] Disconnect moderated session on Ctrl+C (#20588)
* Alert ack API + CLI implementation (#20692)
* Enforce using github.com/google/uuid (#20633) (#20681)
* Update ssh-approval-email.mdx (#20701)
* [v11] Move connection metrics to `proxy.Router` (#20688)
* [auto] Update webassets in teleport/branch/v11 from webassets/teleport-v11 (#20625)
* [v11] (buddy) helm: Add nodeSelector field (#20441)
* [v11] helm: have proxy reload certificates daily (#20503)
* helm: addPodMonitor support (#20564)
* [v11] Fix typo in install-node script's usage message (#20668)
* Show `client_idle_timeout_message` for windows access (#20617)
* [v11] feat: add login rule evaluator to auth.Server (#20629)
* Document Machine ID and CircleCI joining (#20545)
* Docs. Direct invite link via docs (#20548)
* helm: support passing raw config in `teleport-kube-agent` (#20129) (#20449)
* [v11] Docker install doc updates (#20578)
* Update FedRAMP link (#20464)
* Docs version update (#20612)
* Fix: change var to inner scope's Testing t (#20595)
* fix `tctl auth sign --format kubernetes` when using remote auth server (#20497) (#20571)
* Increase `ReadDeadline` to accommodate slow clients (#20517)
-------------------------------------------------------------------
Tue Jan 24 20:42:58 UTC 2023 - kastl@b1-systems.de
- Update to version 11.2.3:
* Release 11.2.3 (#20570)
* [11] Add metric for incomplete file uploads (#19724) (#20492)
* Fix kube access proxy peering compatibility (#20561) (#20566)
* docs: update trusted clusters page (#20159)
* Backport GHA workflows (#20507)
* [v11] Respect --auth and --mfa-mode before defaulting to passwordless (#20474)
* expand for CNAME records (#20445)
* [v11] feat: login rule tctl CRUD commands (#20236)
* sort database guides (#20501)
* Remove unmaintained AWS Cloudformation example (#20459)
* [v11] Support multiple transformations in role templates (#20296)
* Bump webassets. (#20422)
* [v11] Add initial instructions for cluster role map updating (#20480)
* Fix "tsh db connect" with "mariadb" when proxy is in seperate port mode (#20409)
* Don't prematurely close context in app service. (#20437)
* Integ tests: Use address of web UI as Proxy.PublicAddrs (#20470)
* spell fixes (#20457)
* update style guide relating to focus and content duplication (#20292)
* [v11] helm: support dnsConfig in `teleport-kube-agent` chart (#20107)
* Update Cloud architecture with DDoS security (#19429)
* [v11] Fix "*":"*" matching in EC2 auto discovery (#20390)
* adding video banner to documentation (#20354)
* [v11] Allow updating of trusted cluster role maps (#20286)
* Skip unparsable events when decoding searchevents results (#20329)
* Bump `gravitational/trace` to `v1.2.1` (#20349)
-------------------------------------------------------------------
Fri Jan 20 10:08:52 UTC 2023 - kastl@b1-systems.de
- Update to version 11.2.2:
* Release 11.2.2 (#20363)
* [auto] Update webassets in teleport/branch/v11 from webassets/teleport-v11 (#20375)
* Remove invalid commands on login with ssh port (#20364)
* spell fixes (#20279)
* [v11] Add Connect docs about linking tsh (#20029)
* Validate AWS regions when configuring the AWSMatcher (#20288)
* Add redirects to the new Audit Events section (#19553) (#19968)
* [v11] Point at source version in docs rather then generic master. (#20303)
* [v11] [Docs] Use gravitational.com to download checksums. (#20282)
* Added binary signing for darwin tarballs - branch/v11 backport (#20305)
* [v11] Machine ID and GitHub Actions docs copy improvements (#20291)
* Add mysql conn tester (#20177) (#20230)
* fix: Always dial to root cluster for single-use certificates (#20238)
* [v11] Set extra proxy headers in all `tsh` HTTP requests (#20071)
* [v11] Updates to cloud getting started (#20256)
* Update Rust to 1.66.1 (#20201)
* Bump Buf to v1.12.0 (#20194)
* [v11] Stop heartbeating during graceful shutdown (#20225)
* [v11] docs: add overview of session recording (#19934)
* [v11] Use pre-generated RSA keys in tests (#19448)
* [v11] Document GitHub Actions and Kubernetes (#20179)
* fixes ldap filter example (#20223)
* [v11] Update Linux install package link for Cloud (#20210)
* Grant the built-in kube role semaphore permissions (#20174)
* Adds a post-delete hook to delete the `kube-agent` state secrets (#20169)
* Stablize RemoteConnCleanup (#20048) (#20086)
* [v11] Change the application access authentication flow (#20165)
* Bump cloud version to 11.2.1 (#20157)
* [v11] capture additional prehog events (#20114)
* Ensure Proxy uses cache for periodic operations (#20153)
* Add kube and windows_desktop tctl tokens add handling (#20139)
* Added 01/12 Upcoming Releases Update (#20137)
* [v11] feat: add login rule service proto definition (#20112)
* [v11] Trim error messages on UserLogin events (#20125)
* [v11] Fix `certificate signed by unknown authority` after reconciling a dynamic RDS resource (#20099)
* Update to 11.2.1 for docs (#20117)
* Fix CertificateInvalidError in formatCertError (#20052)
-------------------------------------------------------------------
Thu Jan 12 06:03:42 UTC 2023 - kastl@b1-systems.de
- Update to version 11.2.1:
* Release 11.2.1 (#20113)
* [auto] Update webassets in teleport/branch/v11 from webassets/teleport-v11 (#20102)
* [v11] chore: Bump Go to 1.19.5 (#20084)
* [v11] Minor docs fixes (#20006)
* Update config example to turn off ssh, proxy, auth and use teleport start example (#20076)
* revert plugin version (#20093)
* Update webassets in preparation for 11.2.1 release (#20074)
* Fix RFD link in the Directory Sharing guide (#20062)
* [v11] Periodically reload proxy certificates (#20040)
* Remove RW on `license` and `download` from preset editor role (#19997) (#20033)
* Unbundle TestAppInvalidateAppSessionsOnLogout (#20037)
* Change "name" to "sAMAccountName" (#20022)
* Fix bot IAM joining (#20011)
* docs: update version to 11.2.0 (#19971)
* Fix Machine ID Certificate TTL on IAM join (#20001)
* [v11] Make Connect's --insecure flag easier to find in docs (#19991)
* Use one Buf workspace instead of three (#19774) (#19990)
-------------------------------------------------------------------
Sat Jan 07 14:58:25 UTC 2023 - kastl@b1-systems.de
- Update to version 11.2.0:
* Other improvements and bugfixes
- Added an improved database joining flow in the web UI #1487
- Added support for secure certificate mapping for Windows desktop certificates #19737
- Fixed an issue with desktop directory sharing where large files could be corrupted #1472
- Fixed an issue where Desktop Access users may see a an error after ending a session #1470
- Fixed an issue preventing database agents from joining due to improperly formatted YAML #19958
- Updated the web UI to use session storage instead of local storage for Teleport's bearer token #1470
- Added rate limiting to SAML/OIDC routes #19950
- Fixed an issue connecting to leaf cluster desktops via reverse tunnel #19945
- Fixed a backwards compability issue with Database Access in 11.1.4 #19940
- Fixed an issue where access requests for Kubernetes clusters used improperly cached credentials #19912
- Added support for CentOS 7 in ARM64 builds #19895
- Added rate limiting to unauthenticated routes #19869
- Add suggested reviewers and requestable roles to Teleport Connect access requests #19846
- Fixed an issue listing all nodes with tsh #19821
- Made gcp.credentialSecretName optional in the Teleport Cluster Helm chart #19803
- Fixed an issue preventing audit events that exceed the maximum size limit from being logged #19736
- Fixed an issue preventing some users from being able to play desktop recordings #19709
- Added validation of AWS Account IDs when adding databases (#19638) #19702
- Added a new audit event for DynamoDB requests via Application Access #19667
- Added the ability to export tsh traces even when the Auth Server is not configured for tracing #19583
- Added support for linking Teleport Connect's embedded tsh binary for use outside of Teleport Connect #1488
-------------------------------------------------------------------
Sat Dec 24 08:59:31 UTC 2022 - michael@stroeder.com
- Update to version 11.1.4
* Security fixes:
- [Critical] RBAC bypass in SSH TCP tunneling
- [High] Application Access session hijack
- [Medium] SSH IP pinning bypass
- [Low] Web API session caching
* Other improvements and bugfixes
- Fixed issue with noisy-square distortions in desktop access. #19545
- Fixed issue with LDAP search pagination in desktop access. #19533
- Fixed issue with SSH sessions inheriting OOM score of the parent process. #19521
- Fixed issue with ambiguous host resolution in web UI. #19513
- Fixed issue with using desktop access with Windows 10. #19504
- Fixed issue with session.start events being overwritten by session.exec events. #19497
- Fixed issue with tsh login --format kubernetes not setting SNI info. #19433
- Fixed issue with websockets not working via app access if the upstream web server is using HTTP/2. #19423
- Fixed TLS routing in insecure mode. #19410
- Fixed issue with connecting to ElastiCache 7.0.4 in database access. #19400
- Fixed issue with SAML connector validation calling descriptor URL prior to authz checks. #19317
- Fixed issue with database access complaining about "redis" engine not being registered. #19251
- Fixed issue with disconnect_expired_cert and require_session_mfa settings conflicting with each other. #19178
- Fixed startup failure when MongoDB URI is not resolvable. #18984
- Added resource names for access requests in Teleport Connect. #19549
- Added support for Github Enterprise join method. #19518
- Added the ability to supply Access Request TTLs. #19385
- Added new instance.join and bot.join audit events. #19343
- Added support for port-forward over websocket protocol in Kubernetes access. #19181
- Reduced latency of tsh ls -R. #19482
- Updated desktop access config script to disable password prompt. #19427
- Updated Go to 1.19.4. #19127
- Improved performance when converting traits to roles. #19170
- Improved handling of expired database certificates in Teleport Connect. #19096
-------------------------------------------------------------------
Wed Dec 07 06:34:44 UTC 2022 - kastl@b1-systems.de
- Update to version 11.1.2:
* Release 11.1.2 (#19117)
* Fixed container images dockerfile download using hardcoded repo name (#19090)
* Remove mentions of "setup" as a verb (#18949)
* spelling, typos, and non-example nouns fixed (#18943) (#18976)
* docs: fix tsh --cert-format reference (#19057)
* update webassets (#19070)
* [v11] Update e ref to conditionally enable usage reporting in cloud/enterprise (#19064)
* Add a new usage reporter (#18142) (#19059)
* [v11] docs: Add warnings about using layer 7 LBs with TLS routing (#19052)
* Provided expanded definition on internal.logins (#19035)
* [v11] Re-add the section about EC2 instances including the AmazonSSMManagedInstanceCore (#19029)
* [v11] Fix web ssh session with proxy recording mode (#19021)
* [v11] Create a partial for adding a role to a user (#19026)
* [v11] BUGFIX | Teleport ALPN Proxy doesn't respect HTTP CONNECT Proxy (#19038)
* [v11] Move corrupted uploads to separate directory (#19040)
* Cache static desktop labels (#18874)
* docs: clean up per-session MFA page (#18952)
* [v11] Fix unknown group error issue (#18990)
* full link to main site (#19004)
* [v11] Add clarification as to the purpose of Metrics endpoint. (#19017)
* Ensure `tctl windows_desktops ls` produces expected output (#18779) (#19016)
* correct heading level for 11.0.1 release (#18998)
* update docs version (#18997)
* Properly check err from EmitAuditEvent. (#18963)
* [v11] Add a guide to GKE Auto-Discovery (#18986)
* Address feedback
* Added 12/01 Upcoming Releases Update
* Fix dir path in Enterprise install instructions (#18967)
* [v11] Improve the Kubernetes Dynamic Registration guide (#18950)
* [v11] Add the `--version` flag to `helm install` (#18947)
* docs version update (#18927)
* [v11] [Docs] Update EC2 Discovery guide for bootstrapping. (#18924)
* [v11] Fixes for ec2 discovery installer script on legacy ubuntu and fixes for `teleport discovery bootstrap` (#18965)
* Connect: Check db cert before using it for local proxy (#18740) (#18852)
* [v11] Connect: Set TeleportClient.AuthConnector before logging in (#18900)
-------------------------------------------------------------------
Thu Dec 01 05:44:31 UTC 2022 - kastl@b1-systems.de
- Update to version 11.1.1:
* Release 11.1.1. (#18957)
* [auto] Update webassets in teleport/branch/v11 from webassets/teleport-v11 (#18954)
* [v11] backport #18036 (Allow for specifying roles when making Resource Access Requests in the UI) (#18868)
* [v11] Add Terraform provider links to Terraform module README (#18162)
* backport spell fixes (#18941)
* operator: Handle conflicts properly during tests (#18916)
* Fix FIPS builds (#18902)
* Remove DEBUG env var from Connect macOS dronegen (#18899) (#18921)
* [v11] Include ssh protocol in start, end audit events (#18895)
* [v11] Securely delete OTP QR code (#18917)
* [v11] Update permit_user_env comments in config ref (#18912)
* Include upload ID & session ID in failed upload warning logs (#18788) (#18872)
* Fix duplicate docs page titles (#18862)
* fuzz: fix broken OSS-Fuzz build (#18878)
* [v11] Add info on license renewals (#18848)
* Swaps Allow remote RDP connections and Open firewall to inbound RDP connections steps (#18844)
* Add `server_hostname` to `session.*` events (#18812) (#18832)
* [v11] Improve error message if dialing etcd nodes times out (#18822)
* [v11] feat: GCP KMS support (#18835)
-------------------------------------------------------------------
Tue Nov 29 08:02:09 UTC 2022 - kastl@b1-systems.de
- Update to version 11.1.0:
* Release 11.1.0 (#18806)
* saml: Don't check existence of templated role names (#18766)
* [auto] Update webassets in teleport/branch/v11 from webassets/teleport-v11 (#18841)
* Export GithubConverter type (#18751) (#18836)
* Generate new session on new ssh websocket connection. (#18523) (#18839)
* [v11] Improve `tsh play` JSON & YAML output (#18825)
* Add extra database validations to CreateDatabase (#18776) (#18785)
* Do not run parker process for all SSH sessions (#18810)
* Add `tctl windows_desktops` as the default and keep `tctl desktops` as an alias (#18816)
* Add `teleport discovery bootstrap` command (#18641)
* [v11] Add info to docs about working with github enterprise server (#18808)
* [v11] Session Control + UI SSH Performance (#18797)
* [v11] Ensure app session is in backend in app access integration tests. (#18803)
* call out restrictions on Var in code blocks (#18714)
* [v11] Document Discord access plugin (#18790)
* [v11] [Docs] Desktop Access Value and Log updates (#18799)
* [v11] Undos support for `TELEPORT_PROXY` in `tctl` (#18796)
* [v11] Reformat imports GCI (#18736)
* [v11] Update GetDatabases to use the correct cluster uri (#18735) (#18762)
* [v11] Fix for Teleport start config file log (#18778)
* Add STS endpoints for new regions (#18756)
* [v11] Fix issue self-hosted databases with ec2 hostnames fail to create (#18773)
* [v11] Add FIPS support for Desktop Access (#18743)
* [v11] Release server CI integration improvements (#18513) (#18702)
* [v11] Terminate sessions when peers disconnect (#18684)
* Added 11/23 Upcoming Releases Update
* bump etcd client
* Stop creating Snowflake ocsp_response_cache.json (#18720)
* [v11] Fix Mongo document sequence msg validation (#18738)
* Fix up GCP docs (#18729)
* [v11] operator: Add `auth_connector` support (#18350)
* Add additional space to apt commands (#18733)
* [v11] Make the Standalone Kubernetes guide easier to use (#18694)
* [v11] Ensure ssh connection rejection errors are returned (#18708)
* Connect: Add prerequisites for gracefully handling expired db proxy certs (#18259) (#18678)
* GCS: don't swallow cleanup errors (#18725)
* CodeQL: Rename from codeql-analysis.yml to codeql.yml
* spell fixes (#18692)
* Fix trusted clusters for Desktop Access
* Enable and fix AuditOn. (#18574)
* update teleport.e submodule (#18687)
* [v11] Adds GCP GKE auto-discovery (#18396)
* [v11] [Docs] Fix rewrite key example. (#18387)
* Add ability to have multiple Github auth connector implementations (#18521)
* [v11] Allow configuration of identity file and proxy url with env in `tctl` and `tsh`. (#18673)
* Add tests for teleterm.Serve with TCP address (#18144) (#18637)
* Add mutex for certs in local proxy (#18278) (#18623)
* [Docs] remove tf language from codeblocks (#18669)
* Make SessionTracker heartbeat loop more robust (#18415) (#18576)
* [v11] Allow connections to nodes when Auth is offline (#18585)
* docs: improve wording on free cloud trials (#18653)
* Make proxy routing logic reusable (#18370) (#18596)
* [v11] Add TLV support to ProxyLine (#18650)
* Docs: Update Terraform suggested role (#18648)
* [v11] Take cloud labels into account for application access permissions calculation. (#18642)
* attempt to fix TestProxyProtocolRedis flakiness (#18316)
* [v11] [Docs] Minor Config Reference Update (#18613)
* [Docs] Add AWS credentials to variables block (#17916) (#18645)
* [v11] [Docs] End User Doc Page (#18619)
* Docs: fix TF role's `<resource>_labels` type (#18635)
* remove single quotes from env vars for k8s (#18624)
* [v11] Fix web ListResources total count with apps and update tests (#18601)
* Added EOL dates for releases. (#18630)
* Add Teleport 11 videos (#18629)
* [v11] Add a guide to dynamic Kubernetes registration (#18533)
* Deflake TestWebSessionsRenewDoesNotBreakExistingTerminalSession (#18529)
* [v11] Improve trusted cluster observability (#18609)
* Forward traces from the web UI (#18519) (#18598)
* [v11] fix aws rds discovery invalid engine filter (#18590)
* [v11] Fix Flaky TestDatabaseRootLeafIdleTimeout test (#18422)
* Added 11/17 Upcoming Releases Update (Cloud)
* [v11] Desktop Discovery guide (#18571)
* spell fixes (#18583)
* [v11] add allowed users to tsh db ls json and yaml output (#18543)
* Bump cloud version to 10.3.8 (#18560)
* Close local proxy conn if middleware errors (#18242) (#18527)
* [v11] Update the teleport-kube-agent reference (#18535)
* Added 11/17 Upcoming Releases Update
* Update to use db configure create, troubleshooting, required cert (#18556)
* Add support for user.spec in moderated sessions filters (#18455)
* Deflake TestResizeTerminal (#18406)
* Sign tsh on windows builder for connect (#18165) (#18477)
* Minor logging order tweak in tbot (#18511)
* [v11] Add new audit event for DynamoDB protos (#18035)
* [v11] Allow users to merge multiple clusters in the same `kubeconfig` file when using `tctl auth sign --format kubernetes` (#18525)
* Docs version update (#18512)
* [auto] Update webassets in teleport/branch/v11 from webassets/teleport-v11 (#18505)
* Use temp files instead of current dir for active dir install script (#18502)
* set cluster connector name on signin for first cloud user (#17834) (#18445)
* Allow non-moderated sessions during outage (#17309) (#18441)
* docs: add FAQ entry for seeing resource name in access requests (#18400)
* [v11] improve kube rbac docs (#18480)
* Shared Directory Audit events (#17410) (#18398)
* [v11] [Docs] Document AWS quotas (#18450)
* Correct username -> user in tsh alias guide (#18482)
* Fix role word reference (#18471)
* Remove CertificateTTL from appaccess integration tests. (#18448)
-------------------------------------------------------------------
Tue Nov 15 07:20:33 UTC 2022 - michael@stroeder.com
- Update to version 11.0.3:
* Fixed issue with validation of U2F devices. #17876
* Fixed tsh ssh -J not being able to connect to leaf cluster nodes. #18268
* Fixed issue with failed database connection when client requests GSS encryption. #17811
* Fixed issue with setting Teleport version to v10 in Helm charts resulting in invalid config. #18008
* Fixed issue with Teleport Kubernetes resource name conflicting with builtin resources. #17717
* Fixed issue with invalid MS Teams plugin systemd service file. #18028
* Fixed issue with failing to connect to OpenSSH 7.x servers. #18248
* Fixed issue with extra trailing question mark in application access requests. #17955
* Fixed issue with application access websocket requests sometimes failing in Chrome. #18002
* Fixed issue with multiple tbot's concurrently using the same output directory. #17999
* Fixed issue with tbot failing to parse version on some kernels. #18298
* Fixed panic when v9 node runs against v11 auth server. #18383
* Fixed issue with Kubernetes proxy caching client credentials between sessions. #18109
* Fixed issue with agents not being able to reconnect to proxies in some cases. #18149
* Fixed issue with remote tunnel connections not being closed properly. #18224
* Added CircleCI support to Machine ID. #17996
* Added support for arm and arm64 Docker images for Teleport and Operator. #18222
* Added PostgreSQL and MySQL RDS Proxy support to database access. #18045
* Improved database access denied error messages. #17856
* Improved desktop access errors in case of locked sessions. #17549
* Improved web UI handling of private key policy errors. #17991
* Improved memory usage in clusters with large numbers of active sessions. #18051
* Updated tsh proxy ssh to support HTTPS_PROXY. #18295
* Updated Azure hosted databases to fetch the new CA. #18172
* Updated tsh kube login to support providing default user, group and namespace. #18185
* Updated web UI session listing to include active sessions of all types. #18229
* Updated user locking to terminate in progress TCP application access connections. #18187
* Updated teleport configure command to produce v2 config when auth server is provided. #17914
* Updated all systemd service files to set max open files limit. #17961
-------------------------------------------------------------------
Thu Oct 27 15:29:33 UTC 2022 - Michael Ströder <michael@stroeder.com>
- Update to version 11.0.1:
* Block SFTP in Moderated Sessions #17727
* Fixed issue with agent forwarding not working for auto-created users. #17586
* Fixed "traits missing" error in Application Access. #17737
* Fixed connection leak issue in IAM joining. #17737
* Fixed panic in "tsh db ls". #17780
* Fixed issue with "tsh mfa add" not displaying OTP QR code image on Windows. #17703
* Fixed issue with tctl rm windows_desktop/<name> removing all desktops. #17732
* Fixed issue connecting to Redis 7.0 in cluster mode. #17849
* Fixed "failed to open user account database" error after exiting SSH session. #17825
* Improved tctl UX when using hardware-backed private keys. #17681
* Improved tsh mfa add error reporting. #17580
-------------------------------------------------------------------
Tue Oct 25 04:54:30 UTC 2022 - kastl@b1-systems.de
- Update to version 11.0.0:
* Full changelog see https://github.com/gravitational/teleport/releases/tag/v11.0.0
* Teleport 11 brings the following new major features and improvements:
- Hardware-backed private keys support for Server Access (Enterprise only).
- Replacement of obsolete SCP protocol with SFTP for Server Access.
- Removal of persistent storage requirement for Helm charts.
- Automatic discovery and enrollment of EKS/AKS clusters for Kubernetes Access.
- Richer Azure integrations for Server and Database Access.
- Cassandra and Scylla support for Database Access, including AWS Keyspaces.
- GitHub Actions and Terraform support for Machine ID.
- Access Requests and file upload/download support for Teleport Connect.
-------------------------------------------------------------------
Thu Oct 20 08:03:56 UTC 2022 - michael@stroeder.com
- Update to version 10.3.3 with multiple improvements and bug fixes:
* Fixed issue with EC2 auto-enrollment not working on Ubuntu instances. #17467
* Fixed issue with tctl auth sign producing "access denied" error. #17557
* Fixed issue with agents entering permanent error loop if they had expired
join tokens and the cluster had previously undergone host CA rotation. #17599
* Fixed issue with tsh producing auditd errors on some systems. #17495
* Fixed issue with Machine ID bots joined via IAM token not respecting requested certificate TTL. #17371
* Fixed issue with Teleport failing to initialize properly without configuration file. #17343
* Fixed desktop access clipboard sharing with newer versions of Chrome. webapps#1266
* Added license expiration alerts. #17489
* Added support for imagePullSecret in teleport-kube-agent Helm chart. #16678
* Added support for join parameters in teleport-kube-agent Helm chart. #17534
* Improved error when trying to connecto to a Windows desktop that is locked. #17548
* Improved SAML connectors validation upon creation. #16854
* Improved desktop access connection error handling. #17390
* Updated tsh ls --query to allow querying SSH nodes by hostname. #17038
* Updated Machine ID to export user CA when generating SSH host certificate. #17525
* Updated tsh to default to passwordless login if Touch ID is available. #17472
-------------------------------------------------------------------
Fri Oct 14 04:56:55 UTC 2022 - kastl@b1-systems.de
- Update to version 10.3.2:
* Release 10.3.2 (#17303)
* [v10] Fix FIPS aws credentials (#17304)
* Desktop Access optimizations (#17071)
* [v10] Add AWS Roles to Drone pipelines (#17296)
* [v10] Refactor Drone Pipelines to use AWS role assumption (#17244)
* Tweak wording of joining nodes blurb.
* AWS Terraform App Access, DB listeners variables (#17105)
* [v10] Remove installer, app and database watchers for remote proxies (#17226)
* [v10] Fix X11 forwarding for non-root users (#17130)
* [v10] Manually print installer scripts instead of using asciitable (#17167)
* [v10] Fetch tags when promoting rpm/deb (#17031)
* [v10] Ensure operator tests are run when Go dependencies change (#17032)
* desktop clipboard: prevent integer underflow (#17179)
* Bump Cloud Version (#17150)
* Fix background database local proxy termination by SIGINT signal (#16932)
* Drain errChan in `api.client/connect` (#17159)
* Limit number of resources loaded into memory for version metrics (#17087)
* Port in Tiago's feedback.
* Update tool/tsh/app.go
* Fix unit test.
* Update tool/tsh/app.go
* Remove cacert flag from curl output during tsh app login.
* Revert change from PKCS1 to PKCS8 (#17045)
* Fix ListResources for WindowsDesktops (#17093) (#17117)
* Added 10/06 Upcoming Releases Update
* Add `username_claim` to OIDC config to select claim from Identity Provider to use as username (#17070)
* Update on-prem version in docs (#17091)
* [v10] fix: data race in NodeSession.runCommand (#17073)
* [v10] Finalize CI release API integration (#17064)
* Stop using etcd serializable mode (#17049)
* Missing spaces in on/offboarding section (#17039)
* [v10] correct plugin name reference (#17019)
* Refactor TestResolveEndpoints to avoid test failure when AWS SDK changes (#16943) (#16987)
* correct protocol name (#16995)
* [v10] Add docs for IdP-initiated SSO (#16897)
* docs: mention that WindowsDesktop now supports EC2 join (#16811)
* [v10] [Docs] Update 'Using Teleport Connect' for Linux & Windows (#16945)
* bump cloud version (#16855) (#16885)
* snowflake access fixes (#16940)
* Fixes Dismiss Stale Workflows Runs GitHub Actions (#16926)
* Fix client idle timeout ending sessions too early (#16868)
* Release 10.3.1 (#16915)
* docs: add more details on audit log retention (#16814)
* [v10] Drop direct dependency on github.com/golang/protobuf (#16904)
* local alert resync
* security patch alerts
* Release 10.3.0 (#16891)
* [v10] security: include exec command in session.start.initial_command (#16905)
* typo correction (#16839)
* Fix label based tsh when per session mfa is enabled via role (#16893)
* Implement RFD 82: Session Tracker Resource RBAC (#15760) (#16554)
* [auto] Update webassets in teleport/branch/v10 from webassets/teleport-v10 (#16888)
* [v10] Backport Elasticsearch suppport (#16873)
* Update download link (#16836)
* [v10] Drop a couple of deprecated/shallow Go dependencies (#16883)
* Added 09/29 Upcoming Releases Update
* update webassets (#16860)
* update eref (#16859)
* Initial RDPDR tests (#16470) (#16846)
* [auto] Update webassets in teleport/branch/v10 from webassets/teleport-v10 (#16807)
* [v10] Clean up old artifacts when retrying a tag build (#16669) (#16785)
* [v10] Add an Elastic Stack guide (#16842)
* [v10] security: one allow one exec request per SSH channel (#16813)
* [v10] Change kube logged in message (#16829)
* [v10] Document MsTeams access plugin (#16642)
* Update on-prem docs version (#16725)
* [v10] Fix auto discovery on secondary cluster of a global Aurora database (#16710)
* Updated operating system support
* [v10] Retrieve an IMDS token in the default ec2 discovery installer (#16808)
* [v10] Docs: Update Docker Config Path (#16522)
* docs: add ssh_file_copy to role spec (#16766)
* Update the docs issues contributing guide (#16529) (#16631)
* [v10] Backport PagerDuty edits (#16052)
* [v10] fix: Handle failures when checking for excluded credentials (#16765)
* [v10] update e ref (#16731)
* Hide `--db-user`/`--db-name` flags if they are not needed. (#16747)
-------------------------------------------------------------------
Sat Oct 01 16:49:17 UTC 2022 - kastl@b1-systems.de
- Update to version 10.3.1:
* Release 10.3.1 (#16915)
* docs: add more details on audit log retention (#16814)
* [v10] Drop direct dependency on github.com/golang/protobuf (#16904)
* local alert resync
* security patch alerts
-------------------------------------------------------------------
Sat Oct 01 16:25:21 UTC 2022 - kastl@b1-systems.de
- Update to version 10.3.0:
* Release 10.3.0 (#16891)
* [v10] security: include exec command in session.start.initial_command (#16905)
* typo correction (#16839)
* Fix label based tsh when per session mfa is enabled via role (#16893)
* Implement RFD 82: Session Tracker Resource RBAC (#15760) (#16554)
* [auto] Update webassets in teleport/branch/v10 from webassets/teleport-v10 (#16888)
* [v10] Backport Elasticsearch suppport (#16873)
* Update download link (#16836)
* [v10] Drop a couple of deprecated/shallow Go dependencies (#16883)
* Added 09/29 Upcoming Releases Update
* update webassets (#16860)
* update eref (#16859)
* Initial RDPDR tests (#16470) (#16846)
* [auto] Update webassets in teleport/branch/v10 from webassets/teleport-v10 (#16807)
* [v10] Clean up old artifacts when retrying a tag build (#16669) (#16785)
* [v10] Add an Elastic Stack guide (#16842)
* [v10] security: one allow one exec request per SSH channel (#16813)
* [v10] Change kube logged in message (#16829)
* [v10] Document MsTeams access plugin (#16642)
* Update on-prem docs version (#16725)
* [v10] Fix auto discovery on secondary cluster of a global Aurora database (#16710)
* Updated operating system support
* [v10] Retrieve an IMDS token in the default ec2 discovery installer (#16808)
* [v10] Docs: Update Docker Config Path (#16522)
* docs: add ssh_file_copy to role spec (#16766)
* Update the docs issues contributing guide (#16529) (#16631)
* [v10] Backport PagerDuty edits (#16052)
* [v10] fix: Handle failures when checking for excluded credentials (#16765)
* [v10] update e ref (#16731)
* Hide `--db-user`/`--db-name` flags if they are not needed. (#16747)
-------------------------------------------------------------------
Tue Sep 27 18:46:58 UTC 2022 - michael@stroeder.com
- Update to version 10.2.6:
* Fixed issue with connecting to SQL Server in a leaf cluster through the local proxy. [#16616]
* Fixed regression issue introduced in `10.2.3` with enterprise specific web UI pages returning errors. [webapps#1212]
-------------------------------------------------------------------
Tue Sep 27 07:57:11 UTC 2022 - michael@stroeder.com
- Update to version 10.2.5:
* Fixed issue with connecting to servers with some GUI clients e.g. PyCharm. [#16662]
* Added support for simplified Active Directory configuration in Desktop Access. [#16623]
-------------------------------------------------------------------
Tue Sep 27 06:39:03 UTC 2022 - kastl@b1-systems.de
- Update to version 10.2.4:
* Release 10.2.4 (#16712)
* Fix link with a long redirect chain in the CHANGELOG (#16527)
* [v10] helm: allow custom CA in teleport-cluster without custom certs (#16475)
* Disable MongoDB server selection in tests (#14622) (#16695)
-------------------------------------------------------------------
Tue Sep 27 06:32:20 UTC 2022 - kastl@b1-systems.de
- Update to version 10.2.3:
* Release 10.2.3 (#16686)
* [v10] Misc Backports (#16674)
* [v10] Improve logging when TDP input streaming fails (#16525)
* Fix issue with builtin remote proxy role getting access denied to roles (#16685)
* [v10] ci: Add Dependency Review linting tool (#16651)
* Use `testauthority` instead of `native` to generate keys in tests (#16486) (#16625)
* [v10] Fix flaky integration test: TestAppServersHA/RootServer (#16628) (#16666)
* helm: add minReadySeconds to teleport-cluster chart (#16675)
* Add a timeout for device cancels (#16657)
* bucket etcd leases (#16659)
* Add a version support table to the FAQ (#15924) (#16630)
* docs: move S3 IAM policy into an include (#16476)
* Introduce discovery_service and automatically run an SSM Document on discovered EC2 nodes (#14094) (#16588)
* [v10] Connect: Fix premature `proxyClient.Close()` when getting kube clusters (#16538) (#16586)
* Backport V10: Add an AWS EC2 instance fetcher (#13886) (#16006)
* spell fix (#16607)
* [v10] azure mysql postgres auto discovery docs (#16562)
* Make the Fluentd guide more usable (#16051)
* add cluster alert links (#16426) (#16595)
* Fix CA pool loading for etcd backend (#16484) (#16598)
* Generic retrieval of FnCache values (#16485) (#16544)
* add status interface for cluster alerts (#16505) (#16574)
* [v10] ci: Swap CodeQL to larger runner and improve workflow (#16535)
* [v10] [Docs] note S3 versioning requirement (#16454)
* Allow opting out of forced OIDC email verification (#15847) (#16142)
* [v10] Move GitHub review bot to shared-workflows repository (#16226) (#16557)
* [v10] Register Windows native artifacts in release API (#16197) (#16540)
* Update on-prem v10 docs version (#16514)
* [v10] TLS Routing support with Teleport Proxy behind ALB for database access (#16415)
* Fix issue "tsh db env" returns error when TLS routing enabled (#16252) (#16468)
* Change caching resolver to return a copy of cached data (#16219) (#16353)
-------------------------------------------------------------------
Wed Sep 21 08:27:17 UTC 2022 - kastl@b1-systems.de
- Update to version 10.2.2:
* Release 10.2.2 (#16469)
* update e-ref
* rework cmd registration
* Add EC2 joining for Windows Desktop Service (#16438)
* Fix incorrect PagerDuty guide redirect (#15917)
* [v10] VSCode remote ssh extension settings (#16462)
* Add documentation for Event Handler chart (#15662)
* adding video banner to mssql server db quide (#16420)
* Fix minor issues that impact SEO (#15920)
* Fix auditd status on older kernels (#16448)
* [v10] Fix `known_hosts` locking by refactoring our locks in `utils/fs` (#16441)
* [v10] Nodes use FIPS STS endpoints for IAM join method when in FIPS mode (#16374)
* Added 09/15 Upcoming Releases Update
* operator: Fix flaky drift tests (#15815) (#16338)
* Add `where` predicate and Machine ID support to SSH host certificates (#16261) (#16427)
* [v10] helm: support Kubernetes 1.25 (#16343)
* Capture stderr from "tsh db connect" and reformat redis error (#13843) (#16416)
* [v10] Rephrase docs on moderated sessions backward compatibility (#16349)
* Remove Stripe from `Content-Security-Policy` header (#16390)
* Unhide tctl alert create (#16290)
* Add Default Allow Rules for new resources (#16237) (#16399)
* [v10] Prevent ssh.Session SendRequest from wrapping payload twice (#16171)
* [v10] Correct hsm service docs command (#16405)
* [v10] docs: fix joinParams reference (#16381)
* [v10] ci: Add paths/paths-ignore to GitHub Actions workflows to reduce unnecessary builds (#15708)
* [v10] Kubernetes Exec via Websockets (#16282)
* Documentation for AWS API access (#14429) (#16066)
* Use tracing handler per server not per route (#16372)
* [v10] Document `tbot configure` (#16373)
* [v10] Add /webapi/sites/:site/alerts endpoint to the apiserver (#16336)
* updates changelog to document when rdp licensing negotiation was added (#16340)
* Fix `TestTokenGeneration` flakiness (#15090) (#16362)
* [v10] backport #16136 and #16151 (#16213)
* [v10] Wrap `desktopplayback` endpoint with `WithClusterAuth` rather than `WithAuth` (#16292)
* [v10] Adds warning about directories blocked from being shared (#16328)
* [v10] Clarify access denied due to Teleport role permission (#16331)
* [v10] Dial by UUID for label based ssh (#16324)
* spell fixes (#16166)
* [v10] docs: Add missing commands key to dynamic labels in reference (#16294)
* Update on-prem docs version (#16313)
* Tweak TestAgentForward (#16304)
* changelog: fix moderated sessions typo (#16222)
-------------------------------------------------------------------
Tue Sep 13 12:46:41 UTC 2022 - kastl@b1-systems.de
- Update to version 10.2.1:
* Release 10.2.1 (#16283)
* [auto] Update webassets in teleport/branch/v10 from webassets/teleport-v10 (#16287)
* [auto] Update webassets in teleport/branch/v10 from webassets/teleport-v10 (#16280)
* [v10] Reduce the severity of the upgrade alert to 'info' (#16211)
* [v10] Add documentation for Jira Helm chart (#15921)
* [v10] Categorize Teleport Connect linux builds correctly (#16272)
* Remove the "." from the end of the auth token generated by "tctl tokens add" command (#16157) (#16238)
* Update Helm snapshots when updating version (#16189)
* Change base image for os compatibility check. (#16177)
* (v10) Bump Go to 1.18.6 (#16259)
* [v10] fix tctl auth server flag (#16255)
* [v10] Calculate shasums of TCon Linux OS packages (#16253) (#16256)
* Added 09/08 Upcoming Releases Update
* Update grpc-go (#16199)
* Add validation for hostname read from EC2 (#16015)
* [v10] Correct cluster auth preference dynamic example (#16246)
* [v10] bump go mod go1.18 (#16088)
* Add serialization of writes to `known_hosts` file. (#16203)
* [v10] Update the CockroachDB logo in our guide (#16194)
* bumps rust to 1.63.0, fixes linting errors (#16056) (#16152)
* Fix running ssh command on multiple nodes with mfa per session (#16148)
* [v10] Add a guide to Desktop Access Directory Sharing (#15932)
-------------------------------------------------------------------
Wed Sep 07 06:53:32 UTC 2022 - kastl@b1-systems.de
- Update to version 10.2.0:
* Release 10.2.0 (#16172)
* upgrade notifications
* implements IRP_MJ_LOCK_CONTROL (#16139)
* [v10] Generalize private keys in tsh (PIV integration) (#15890)
* [v10] Replace quay.io with amazon ECR where appropriate (#15713)
* Rename web JSON field names and wrap traits (#14611) (#16173)
* Auditd integration (#14948) (#16140)
* [auto] Update webassets in teleport/branch/v10 from webassets/teleport-v10 (#16169)
* [v10] Add OS compatibility checker (#16141)
* [v10] Add section on teleport.cluster.local (#16153)
* [v10] Update buildbox to push to ECR (#15725)
* [v10] Update user traits when renew session (#16122)
* Plugin ECR Documenation updates (#15719)
* [v10] Docs: Update Contributing Page (#16115)
* [v10] Add retries on operation denied in fido2 (#16085)
* Restrict Google JSON creds to service_account (#16042)
* Add support for `--browser none` to `tctl sso test`. (#16086)
* [v10] ConnectionDiagnostics: SSH Tester (#15413) (#16087)
* Forward flags to "tsh ssh" and "tsh aws" (#16058) (#16094)
* Support AWS Console for US GovCloud Partition (#13442) (#16067)
* [v10] Make `tctl bots add` display the proxy address (#16089)
* Fix outdated CHANGELOG links (#16110)
* Increase dynamo get limit (#16103)
* [v10] Use regional STS endpoints for IAM join method (#15915)
* [v10] Update Library for new systemd install (#16030)
* Drop libudev-dev from buildbox dependencies (#16102)
* Fix username in example (#14276) (#16077)
* Add omitempty for GitHub teams_to_roles (#16012)
* Add comment and import cycle proto linters (#16092)
* Fix infinite session heartbeat failures (#16065)
* [v10] Correct links to tracks (#16078)
* dronegen: Enable verbose logs for electron tooling on macOS (#15836) (#15894)
* [v10] Add an `is_empty` field to `FileSystemObject` (#16059)
* [v10] Add support for `FileNamesInformation` (#16054)
* Added 09/01 Upcoming Releases Update
* [v10] Backport TLS routing Ping connection (#16017)
* [v10] azure mysql postgres auto discovery watchers (#15992)
* [v10] Add Access Request ID to response for UserContext (#15962)
* [v10] Add architecture guide for Machine ID (#16036)
* [v10] Avoid wrongly filtering Yubikey4 devices (#16011)
* [v10] Update on-prem version to 10.1.9 (#16020)
* [v10] Remove deprecated upsert password endpoint (#15855) (#15938)
* [v10] Fix a flaky operator test (#16010)
* [v10] NodeJoin script: fix when no labels are provided (#15755)
* improve semaphore flakiness test
* fncache test improvements
* github releases scraper
* [v10] Add lock target to lock.create event (#15981)
* Added section on Cloud upgrades.
* [v10] azure mysql postgres auto discovery api (#15991)
* [v10] azure mysql postgres auto discovery proto (#15989)
* [v10] Azure mysql postgres auto discovery config create (#15990)
* [v10] Apply linters to legacy protos (#15961)
* [v10] Azure mysql postgres auto discovery configuration (#15988)
-------------------------------------------------------------------
Wed Sep 07 06:48:02 UTC 2022 - kastl@b1-systems.de
- Update to version 10.1.9:
* Release 10.1.9 (#15980)
* [v10] Add default debug setting for install.sh AMI script (#15936)
* [v10] Record when a session recording is accessed (#15729)
* [v10] backports for 13630 14267 14959 15289 15364 15789 15743 (directory sharing) (#15767)
-------------------------------------------------------------------
Wed Sep 07 06:44:22 UTC 2022 - kastl@b1-systems.de
- Update to version 10.1.8:
* Release 10.1.8 (#15952)
* [v10] Fix race in `reversetunnel.remoteConn` (#15943)
* [v10] Organize docs guide sections chronologically (#15735)
* [v10] Fix link in Authentication options docs (#15276)
* [v10] Connect: Add tests for ParseClusterURI (#15942)
* [v10] Use Buf linters and formatter on lib/teleterm protos (#15919)
* [v10] Use Buf to build/lint/format lib/ protos (#15913)
* [v10] Add omitempty for deprecated teams_to_logins field (#15933)
* [v10] Added sles as another identifier for suse in auto install (#15702)
* [v10] Build Teleport Connect for Windows (#15292) (#15899)
* [v10] moved redirect path param to RawQuery and added escaping (#15628) (#15908)
-------------------------------------------------------------------
Wed Sep 07 06:40:07 UTC 2022 - kastl@b1-systems.de
- Update to version 10.1.7:
* Release 10.1.7 (#15931)
* [v10] Edit the Mattermost guide (#15508)
* [v10] Add redirect from /user-manual (#15525)
* [v10] Authenticated pulls to build artifacts (#15791)
* [v10] Replace `Tile` components with lists of links (#15423)
-------------------------------------------------------------------
Wed Sep 07 06:36:39 UTC 2022 - kastl@b1-systems.de
- Update to version 10.1.6:
* Release 10.1.6 (#15914)
* [v10] Default debug to false in aws AMI scripts (#15909)
* Fix SAML alternate redirects (#15868)
* [v10] Backport #13924 (#15733)
* [v10] Use to Buf to lint, format and generate api/ protos (#15875)
* cluster alerts
* [v10] Correctly handle Firestore pagination with DocumentID cursors (#13756)
-------------------------------------------------------------------
Wed Sep 07 06:34:23 UTC 2022 - kastl@b1-systems.de
- Update to version 10.1.5:
* Release 10.1.5 (#15866)
* [v10] Use Debug flag in aws scripts (#15431)
* [v10] Increase missing tunnels check interval (#15802)
* Merge pull request #15853 from gravitational/capnspacehook/backport/v10/15144
* [v10] Fix an issue `tsh aws s3` fails when using path with special characters (#15819)
* Added 08/25 Upcoming Releases Update
* [v10] Update deprecated pty dependency (#15857)
* [v10] Update fpm images to use amazon ECR (#15561)
* [v10] Ensure watchers are using cache when applicable (#15838)
* [v10] Documentation for AWS API access (#14429) (#15807)
* [v10] Add Machine ID FAQ section on per-session MFA (#15831)
* [v10] Remove TestMux/Timeout reliance on real time (#15827)
* [v10] Add drone pipeline for building Connect with signed tsh.app (#15832)
* [v10] Check if user has access to any registered resource (#15637) (#15814)
* [v10] Deflake TestEC2Hostname (#15809)
* [v10] Backport Teleport Connect Linux Builds (#15783)
* [v10] Teleport Operator ECR (#15438)
* [v10] update e & webassets (#15785)
* [v10] Ignore Logins when listing Nodes (#15597) (#15797)
* [v10] backport #14326 (Remove check for `local_auth` when creating privilege token) (#15776)
* [V10] Show proper error message when "tsh db env/config" are not supported (#15734)
* [v10] (buddy) Pass JWT headers on websocket requests (#15738)
* [v10] upgrade window events (#15732)
* [v10] Fix race condition to sessions map in K8S proxy (#15456)
* [v10] Fix invalid Write implementation on K8S join stream (#15657)
* [v10] Improve error logging on reconnect node (#15639)
* [v10] ci: Reduce CodeQL max goroutines to address failed extraction (#15698)
* [v10] Fix table formatting in the SOC 2 guide (#15692)
* [v10] Span improvements (#15670)
* [v10] Fix race in EC2 label warning (#15685)
* [v10] Delete touch_id credentials during tsh mfa rm (#15675)
* [v10] Remove duplicate words in trusted cluster overview (#15663)
* [v10] helm: allow to disable local auth in teleport-cluster chart (#15595)
* Added 08/18 Upcoming Releases Update
* [v10] Update on-prem and cloud in docs to 10.1.4 (#15666)
* [v10] Stop validating schema for labels in k8s operator (#15600)
* [v10] Add an Email Access Request guide (#15414)
* [v10] Improve K8S session join error propagation (#15492)
* [v10] Reorganize approach to cluster names in Connect (#15200) (#15638)
* [v10] Document `teleport.dev/database_name` tag. (#14923) (#15604)
* [v10] Make tctl auth sign to write out kube TLS server name if TLS routing is enabled (#15632)
* [v10] Fix 'get-kubeconfig.sh' to work with Kubernetes v1.24+ (#15617)
* [v10] Connection Diagnostic: update, traces and ConnectionTester (#15158) (#15551)
* Attempt to connect to other proxies on failure (#14954) (#15313)
* [v10] Store AuthConnector in profile (#15552)
* [v10] Reorganise Machine ID docs (#15522) (#15570)
* [v10] Alias support for `tsh` (#13305, #14931) (#14919)
* [v10] Add info to login command about passwordless (#15548)
* [v10] Support China and GovCloud for database access (#15583)
* [v10] Fix OS package repo promotion parallelism issue (#15531)
* Lower EC2 label log frequency (#15179)
* [v10] Publish to Release API on release promotion (#15153) (#15251)
* [v10] Document multi-role-behavior for `create_host_user` option (#15587)
* Backport #15268: Added docs for new RPM repos (#15268) (#15533)
* [v10] misc docs fixes (#15539)
* [v10] Add AWS troubleshooting page and add into applicable pages (#15568)
* Fix cloud scope for db configure command. (#15567)
* Allow reverse tunnel join without exposing the web API (#13598)
-------------------------------------------------------------------
Wed Sep 07 06:26:31 UTC 2022 - kastl@b1-systems.de
- Update to version 10.1.4:
* Release 10.1.4 (#15527)
* (v10) Update Cloud package repo instructions (#15007)
* [v10] Add Machine ID Kubernetes and Apps guides (#15501)
* [v10] Fix inverted check for `join_params` and `auth_token` mutual exclusion (#15517)
* Backport/branch/v10/pr 12763 (#15429)
* [v10] Machine ID support for Logins trait (#15117) (#15470)
* [v10] Fix TLS usage across multiple protocols (#15464)
* Backport "Added YUM implementation of OS package build tool" (#14203) into branch/v10 (#15127)
* [auto] Update webassets in teleport/branch/v10 from webassets/teleport-v10 (#15504)
* [v10] docs: Improve cloud security/compliance documentation (#15460)
-------------------------------------------------------------------
Wed Sep 07 06:23:56 UTC 2022 - kastl@b1-systems.de
- Update to version 10.1.3:
* Release 10.1.3 (#15499)
* [v10] Add instructions for backporting PRs (#15420)
* [v10] Remove tctl access ls from cli ref (#15496)
* [v10] helm: Add support for mounting existing TLS root CA (#15347)
* [v10] auditlog: fix panic during concurrent streams of the same session (#15360)
* [v10] Add RBAC instructions for DB tctl auth sign (#15451)
* [v10] Use the absolute path of the teleport binary in node join script (#15473)
* Added 08/11 Upcoming Releases Update
* [v10] Add support for variable playback speed for Desktop Access recordings (#15326)
* [v10] Remove deprecated GenerateUserCerts HTTP endpoint (#15412)
* [v10] Pick correct cert when signing Connect (#15344) (#15411)
* [v10] Add better handling for common libfido2 errors (#15395)
* [branch/v10] Update docs to use the latest Cloud version number (#15418)
* [v10] Document teleport-operator (#15320)
* [v10] Documentation for AWS DynamoDB guide (#14319) (#15387)
* [auto] Update webassets in teleport/branch/v10 from webassets/teleport-v10 (#15406)
* [v10] Adjust Machine ID generated ssh cert path to align with convention (#15297)
* [v10] Update last report date for SOC 2 report (#15377)
* fix peer addr for in-memory control stream
* [v10] backport #15012 (Add `teleport install systemd` command) (#15270)
* [v10] Connect docs: Add section about insecure mode (#15340)
* [v10] Use a getter/setter for reading the token value from the config (#15372)
* [v10] Add "RDP connection fail" section to desktop access troubleshooting docs (#15324)
* [backport v10] Make dir before trying to open config file on `teleport configure --output=/some/dir ` (#15352)
* [v10] Tag forwarded spans with custom attributes (#15215)
* Fix cert renewal by recovering certbot state (#3610)
* Fix bash examples in terraform README
* Support terraform v1 (#15087)
* [v10] Trace ssh sessions (#15228)
* [v10] Create and List Connection Diagnostics (#14781) (#15080)
* [v10] Add passwordless login capabilities to teleterm (#15265)
* [v10] Add Suggested Labels to Provision Tokens (#15114) (#15319)
* [v10] Use `waitForError` instead of `require.Eventually` in SessionRecordingModes integration tests (#15221)
* [v10] Shutdown TCP socket on Go-side close (#14996)
* [v10] Machine ID docs: Trusted Cluster support (#15295)
* [v10] ci: Implement code scanning with CodeQL (#15279)
* [v10] docs: Add additional known issues to BPF-based enhanced session recording security warning (#15308)
* [v10] Add more general information to our SSO guide (#15307)
* [v10] desktop access: send full websocket messages to the browser (#15314)
* [v10] Add directory sharing to the ACL (#14653)
* [v10] Move Access Requests guides to Access Controls (#15138)
* [v10] docs: add a note about desktop session recording RBAC (#15290)
* [v10] Add calls to action for Teleport Cloud (#15139)
* [v10] desktop access: try using system DNS resolver first (#15255)
* [v10] Fix missing cluster name on session.upload via Upload Completer (#15239)
* [v10] [doc] Remove "tsh db login" from database guides (#15240)
* [v10] Add FAQ and Troubleshooting docs for Machine ID (#15226)
* [v10] Detect M1/M2 ARM CPUs when using the install script (#15233)
* [v10] Revert "Use high CPU pool for unit & integration (#13875)" (#15229)
* [v10] Minor updates to FedRAMP documentation (#15273)
* Backport #12815 to branch/v10 (#15261)
* [v10] Remove incorrect URLs from config.json (#15219)
* [v10] Update instructions on checking version (#15071)
* Backport #14852 to branch/v10 (#15084)
* Backport #15099 to branch/v10 (#15260)
* Backport #15191 to branch/v10 (#15257)
* [v10] Fix data race on shutdown (#15248)
* [v10] Add custom unmarshal for second_type factor (#15201)
* [v10] Backport #13507 (#14456)
* [v10] Fix session join requirements documentation (#14416) (#15130)
* [v10] Actually use the cache for Snowflake sessions (#15193)
* Added 08/04 Upcoming Releases Update
* [v10] Add a version to the role in the GitHub CA guide (#14901)
* [v10] AWS session audit log (#13288) (#15207)
* [v10] [docs] AWS external ID support (#15161)
* [v10] Skip cache during CreateBot RPC (#15116)
* [v10] Don't reset eventID to 0 when out of events in the Postgres backend (#15165)
* [v10] Fix the behavior of `tsh mfa add --allow-passwordless` (#15137)
* [v10] helm: configure dynamoDB autoscaling in teleport-cluster (#15122)
* [v10] backport #14698 (embed auth.Cache in auth.Server) (#14984)
* [v10]Update docs version (#15132)
* [v10] helm: configure session recording in teleport-cluster (#15003)
* [v10] reduce sensitivity of fncache cancellation test (#15069)
* [V10] Proxy Protocol support for Proxy SSH listener (#14712) (#15086)
* [v10] Clarify when HTTP_PROXY applies (#14673)
* [v10] `tctl` - Add --set flags for every trait (#14552) (#15108)
* [v10] Add docs for TCP apps access (#15125)
* [v10] fix help output for --access-request flag. (#15052)
* [v10] Backport #14564 (#14992)
* Amend 10.1.2 changelog (#15112)
-------------------------------------------------------------------
Tue Aug 02 07:25:30 UTC 2022 - kastl@b1-systems.de
- Update to version 10.1.2:
* Release 10.1.2 (#15104)
* [v10] Check manifest before attempting to push docker images (#15095)
* Backport [v10] Add error messages to SFTP audit events (#15035)
* [v10] SSH request tracing (#14124) (#14968)
* Release 10.1.1 (#15067)
* [V10] Download mTLS files from Web (#14526) (#15081)
* [v10] Make tsh installer non relocatable and drop version from app (#15033)
* [v10] helm: Deploy CRDs when the operator is enabled (#15006)
* [v10] Fix drone teleport operator publishing (#15066)
* [v10] Fix duplicated JWT import (#14888)
* [v10] docs: mark resource access requests as in preview (#15059)
* [v10] Document `tsh request drop` (#15038)
* Release 10.1.0 (#15047)
* [v10] Return nil on success for web UI file tranfers (#15044)
* [v10] Move Helm references (#13102) (#14166)
* [v10] Fix chan_shutdown_read issue (#15049)
* [v10] Fix tsh proxy ssh handshake (#15010)
* improve semaphore retries and tests
* Refactor tests under services package.
* [v10] Change IAM "UnmodifiableEntity" error to a debug log (#14958)
* [v10] backport 14985 (#15026)
* [v10] backport #14940 (refactor `Supervisor.WaitForEvent`) (#14994)
* [v10] Update drone publishing (#14961)
* Added 07/28 Upcoming Releases Update
* [v10] Updated Teleport 10 Getting started videos (#14906)
* [v10] Enable BPF tests in CI (#14501)
* [v10] Firestore: Err Not Found if doc was already deleted (#14982)
* [v10] Use IP as `LocalAddress` when gateway is created on Windows for SQL Server (#15000)
* [v10] helm: Add CA Pinning Support (#14893)
* [v10] Connect: Implement SetGatewayLocalPort RPC (#14828)
* [v10] Backport "Add on_leave documentation for require policies" (#14182) (#14579)
* [v10] Make EC2 availability check more robust (#14962)
* Added 07/27 Upcoming Releases Update
* Backport [v10] SFTP server side support (#14209)
* [v10] Fix artifact registration in Releases API for Teleport Connect (#13946) (#14925)
* [v10] Validate token for node join script (#14944)
* [v10] Fix Token creation TTL regression (#14943)
* (v10) Add support for proxying TCP apps (#14896)
* [v10] Add docs for Teleport Connect (#14945)
* [v10] Support AWS external id (#14086) (#14894)
* [v10] Rename `teleport.dev/database-name` to `teleport.dev/database_name` to match convention. (#14933)
* [v10] Handle `"true"` being passed for the `email_verified` OIDC claim (#14917)
* [v10] `tsh ssh` `--forward` and `--dynamic-forward`: graceful error handling (#14914) (#14745)
* [v10] Error out if port is already bound #13464 (#14886)
* [v10] Force unlock keychain on Darwin Push Build (#14910)
* [v10] Teleport 10 Video (#14811)
* [v10] Support dynamic registration in kube-agent helm chart (#14881)
* [v10] Fix makeClientForProxy user extraction (#14865)
* [v10] Refactor reversetunnel localsite (#14785)
* [v10] Fix flakiness in `TestRoleUpdate` (#14890)
* [v10] Warn that all nodes must be on v10 for Resource Access Requests (#14868)
* [v10] Add context.Context to session.Service inteface (#14877)
* [v10] Support TCP protocol in tshd (#14882)
* [v10] Add dynamodb metrics (#14757)
* [v10] Improve error message if data dir on tbot and tctl not available for permissions (#14872)
* [v10] Teleport Operator (#14860)
* [v10] Add `tsh request drop` command (#14843)
* [v10] Add context.Context to AuthenticateWebUser and AuthenticateSSHUser (#14846)
* [v10] Fix TestMux/Timeout (#14483)
* [v10] Correct Node/agent naming and usage (#14650)
* [v10] Allow setting public addresses in `teleport-cluster` chart (#14768)
* [v10] Ensure that the WindowsDesktopReady event is emitted (#14839)
* [v10] Adjust global logger to include `\r` when terminal is in raw mode. (#14831)
* [v10] Retry login for tsh proxy ssh (#14814)
* [v10] Fix possible deadlock during server close (#14816)
* [v10] Spelling fixes additional (#14837)
* [v10] Allow "tsh proxy db" without "tsh db login" first (#14336) (#14798)
* [v10] Allow to override db name using AWS tag. (#14799)
* [v10] Remove time.Sleep in teleterm tests (#14829)
* [v10] Spelling Fixes (#14819)
* [v10] Fix session join access denied (#14770)
* [v10] Fix the device detection loop for U2F devices (#14795)
* [v10] Update advisory to remove that SQL Server audit logs aren't available (#14805)
* [auto] Update webassets in branch/v10 (#14769)
* Backport #12770 to branch/v10 (#14714)
* [v10] Fix tctl instructions in DB Access guides (#14600)
* [v10] Fix bug when merging resource and role requests (#14711) (#14777)
* [v10] Ensure the upload completer sets the time on session.upload events (#14559)
* Backport #14658 to branch/v10 (#14784)
* [v10] Better error message on ping parse error. (#14735)
* [v10] Add SSH session recording modes to documentation (#14747)
* [v10] Add app access support to Machine ID (#14551) (#14723)
* [v10] backport #14177 (build-time cbindgen) (#14684)
* [v10] Fix Enterprise spelling in intro (#14670)
* [v10] Fix docs redirects (#14720)
* [v10] Add documentation for the sqlite backend options (#14744)
* [v10] Move the tsh guide to the new "Use Teleport" section (#14682)
* [v10] [docs] Consistently quote second_factor in cluster_auth_preference (#14727)
* [v10] Allow traces to be exported to files (#14746)
* [v10] Updates to loadtest assets (#14527)
* [v10] Correctly exit out of tbot when one shot mode is enabled (#14683)
* [v10] Allow dynamic libfido2 builds via Makefile (#14693)
* [v10] Update port used in Machine ID database guide (#14708)
* Added 07/20 Upcoming Releases Update
* Apply forScopes feature to articles (#14704) (#14709)
* [branch/v10] Add context.Context to CreateWebSession and DeleteWebSession (#14663) (#14699)
* Update scaling documentation.
* [v10] Add s3 metrics (#14664)
* [auto] Update webassets in branch/v10 (#14675)
* [v10] add config flags to db configure create (#14654)
* [v10] Fix CTRL-C hanging if session is paused (#14511)
* [v10] Add note about disabling password authentication for added security (#14626)
* [v10] lib/teleterm: Refactor daemon gateways to a hash map (#14640)
* [v10] Reduce flakiness of Testbot_Run_CARotation (#14628)
* [v10] Add error message for failed SSO authorization (#9622)
* [v10] Docs update version 10.0.2 for on-prem, 9.3.10 cloud (#14524)
* [v10] WebAPI: return user traits (#14138) (#14453)
* Add support for session recording config override
* [v10] Complete renaming of the Graceful Restarts guide (#14605)
* Backport "Update docs for new APT repos" (#12959) into branch/v10 (#14591)
* Fix TestAgentStart flakiness (#14610) (#14639)
* [v10] Implement the Touch ID credential picker (#14643)
* [v10] Add tbot to nightly build (#14631)
* [v10] Remove `update` verb requirement when creating Tokens (#14506) (#14624)
* [v10] Fail `db_service` start on invalid configuration (#14515)
* [v10]: fix tsh status cluster env var (#14335)
-------------------------------------------------------------------
Wed Jul 20 05:47:24 UTC 2022 - kastl@b1-systems.de
- Update to version 10.0.2:
* Release 10.0.2 (#14613)
* [v10] Replace `ssh proxy` execution with `crypto/ssh` call (#14522)
* [v10] Add Kubernetes Access support to Machine ID (#14269) (#14550)
* [v10] Deflake TestOpenExecSessionSetsSession (#14588)
* [v10] Fix broken links (#14532)
* [v10] Update error message returned when user is not allowed to sign db certs (#14426)
* [v10] tsh: Suppress PPK deletion error when file doesn't exist (#14572)
* Fix TestProxyTunnelStrategyAgentMesh flakiness (#14398) (#14474)
* [v10] Expand the edition comparison table (#14255)
* [v10] Add RBAC instructions for Kubernetes Access (#14258)
* [v10] Display helpful error when joining with invalid host ID for EC2 join method (#14494)
* [v10] Bundle `tbot` into the built docker images (#14462)
* [v10] Fail `app_service` start on invalid configuration (#14325) (#14478)
* [v10] Add check that roles in given user exist (#14459)
-------------------------------------------------------------------
Mon Jul 18 05:57:27 UTC 2022 - kastl@b1-systems.de
- Update to version 10.0.1:
Changelog omitted due to size, please see here:
https://github.com/gravitational/teleport/releases/tag/v10.0.1
-------------------------------------------------------------------
Mon Jul 11 14:04:02 UTC 2022 - kastl@b1-systems.de
- Update to version 10.0.0:
Changelog omitted due to size, please see here:
https://github.com/gravitational/teleport/releases/tag/v10.0.0
-------------------------------------------------------------------
Mon Jul 04 12:35:43 UTC 2022 - kastl@b1-systems.de
- Update to version 9.3.9:
* Release 9.3.9 (#14034)
* [v9] Fix TDP/RDP termination (#14024)
* Updated upcoming releases (06/30)
* (v9) Fully check the policy set for and v5 policies without short-circuiting (#14013)
* [v9] Fix database role fetch for `tsh db ls --all` (#13626)
* [v9] Add error check before `handle_bitmap` (#13828) (#14019)
* remove extra `handle.Delete()` (#14010)
* [v9] Backport #11616, #11714, and #12499 (#13707)
* [v9] Open a new remote client when the remote site has changed in a web session (#13967)
* [v9] Improve error msg when client fails to auth in Teleport (#13835)
* [v9] Improve log message when we fail to retrieve the client cert pool (#13675)
* [v9] Fix JumpHost TLSRouting flow when root cluster is offline (#13791) (#13928)
* [v9] Fix AWS credentials format in IBM guide (#13847)
* [v9] updates rdp-rs ref to new HEAD where scroll wheel delta is fixed (#13905)
* Clarify our version compatibility guarantees (#13593)
* [v9] fix panic child.Close() called without logger initialized (#11117) (#13907)
* [v9] Properly handle empty list of role requests (#13456) (#13893)
* [v9] Mongo clients with `serverSelectionTimeoutMS` set to 5000 (#13859)
* Optionally provide ca_pin as a file path (#13089)
* [v9] Pass proxy address to PromptMFAChallenge calls (#13772) (#13856)
* [v9] Move predicate err check earlier, inside RetryWithRelogin (#13368) (#13747)
* [v9] ensure timestamps on request reviews (#13758)
* [v9] Add OpenSSH Proxy Jump docs (#13851)
* Backport lib/utils/prompt improvements to [v9] (#13822)
* [v9] Update Terraform reference (retries and provider source) (#13842)
* [v9] Fix LDAP attribute labeling
* [v9] Update docs version (#13810)
* [v9] backport fips #11291 and #13222 (#13703)
* Enterprise docker getting started fixes (#13550)
- skipping non-existent version 9.3.8
-------------------------------------------------------------------
Wed Jun 22 20:44:53 UTC 2022 - kastl@b1-systems.de
- Update to version 9.3.7:
* Release 9.3.7 (#13742)
* Backport #10708 to branch/v9 (#13250)
* Backport #12946 to branch/v9 (#13244)
* [v9] Fix Teleport welcome screen image (#13710)
* Update libbpf to 0.7.0-teleport (#13650)
* [v9] Add better error handling for ec2 labels (#13487)
* Fixes potential `cgo.Handle` panic (#13479) (#13590)
* Fixed AWS 'teleport-generate-config' script when IMDSV2 is used (#13537)
* [auto] Update webassets in branch/v9 (#13665)
* Error out if port is already bound (#13679)
* Fix panic when tsh kube exec is invoked (#13655)
* [V9] Add `sshLogins` to nodes endpoint on `webapi` (GET /nodes) (#13474)
* deflake TestAgentForwardPermission (#13638)
* Update our list of support databases (#12841)
* docs(helm): remove wrong statement from kube-agent highAvailability (#13262)
* Drop rdpsnd messages (#13496)
* Deflake TestX11Forward (#13493)
* [v9] `tsh` list resources accross proxies and clusters (#12934) (#13313)
* Backport #12828 to branch/v9 (#13421)
* Update docs self-hosted version to 9.3.6 (#13533)
* Naji/backport 13287 (#13520)
* Update downloads.mdx (#13431)
* Optimize instance metadata availability check (#13167)
* Fix CA rotation watcher not starting when database svc enabled w/ no cfg (#13470) (#13517)
* Replaced bsh with code blocking in docs (#13486)
-------------------------------------------------------------------
Wed Jun 22 12:17:21 UTC 2022 - kastl@b1-systems.de
- Update to version 9.3.6:
* Release 9.3.6 (#13500)
* [v9] Check for unimplemented error during stream receive in Client.GetAccessRequests (#13490)
* Backport of #10746 to v9 (#13197)
* Rephrase the Teleport Cloud introduction (#13422)
* Add de-duplicating apps, dbs, and desktops when sorting/totalCount is needed (#12685) (#13451)
* Backport #12840 to branch/v9 (#13420)
* [v9] Aurora serverless v2 support (#13203)
* [v9] Wait for app requests to finish before closing the session chunk (#13469)
* [v9] Backport #12891 (#13391)
* [v9] Deflake TestNoReadWhenOff (#13415)
* [v9] Fix file descriptor leaks in `tbot` (#13386)
-------------------------------------------------------------------
Wed Jun 22 11:18:01 UTC 2022 - kastl@b1-systems.de
- Update to version 9.3.5:
* Release 9.3.5 (#13449)
* Added debugging packages to Docker images (#13199)
* [v9] Access request compatibility for servers without v2 api (#13428)
* Backport #12712 to branch/v9 (#12881)
* Hide Access Controls links/pages based on scope (#12880)
* CamelCase GitHub (#13269)
* Hide Getting Started pages/links based on scope (#12882)
* Hide Server Access menu items based on scope (#12883)
* Hide Setup menu items based on scope (#12886)
* [v9] Backport docs PRs related to scoped visibility (#12888)
* Backport #12682 to branch/v9 (#12950)
* Update the tctl auth sign --ttl flag docs (#12947)
* Add a more complete Teleport Cloud introduction (#13081)
* [v9] backport #13310 (use `auth_servers` when proxying) (#13399)
* [v9] Forward kubernetes errors to user when running in remote exec mode (#13400)
* Improve kube exec Audit Log events (#13381)
* [v9] Deflake TestAgentForward (#13166) (#13358)
* [v9] Enable Database and Application Access in AWS Terraforms (#13383)
* [v9] Backport #13016 (Buddy merge for #11939)
* [v9] Fix help string for "tctl version" (#13255)
* SQLServer add suport for SSMS client (#13337)
* Update upcoming-releases.mdx (#13344)
* Implement proxy templates (#13311)
* [v9] Make `TestDefaultTemplateRendering` less failure prone (#13002) (#13225)
* Update to 9.3.4 for self-hosted (#13339)
* V9: Backport #13029 (thread context.Context in tctl) (#13185)
* Minor bugfix to correct dronegen error link in v9 (#13200)
-------------------------------------------------------------------
Fri Jun 10 19:32:42 UTC 2022 - kastl@b1-systems.de
- skipped non-existent version 9.3.3
- Update to version 9.3.4:
* Release 9.3.4 (#13315)
* Remove rdpclient's Cargo.lock (#13290)
* [v9] Improve resourceAccessChecker performance (#13263)
* Remove outdated MySQL DBeaver note (#13272)
* Backport #12183 to branch/v9 (#13248)
* (v9) Security fixes (#13301)
* [v9] Add missing flags to "tctl auth sign" docs (#13279)
* Document `tsh --mfa-mode` flag (#13264)
* [v9] Expand --mfa-mode and disable stdin hijack by default (#13134) (#13212)
* [auto] Update webassets in branch/v9 (#13265)
* [v9] Add S3:AbortMultipartUpload to AWS IAM policies (#13235)
* Make windows terminal keep up with real time (#13221)
* [v9] docs: Fix proxy config for GCP (#13259)
* [v9] Label desktops based on the content of LDAP attributes (#13238)
* Reorganize the docs homepage menu (#13247)
* Support proxy protocol v2 in MySQL (#12424) (#12993)
* fix typo in RBAC guides.mdx (#13172)
* Edit tctl instructions to clarify remote login (#13078)
* Prereqs for tctl and enterprise, cloud flow (#12998)
* Backport #12544 to branch/v9 (#13110)
* Add a link from the older docs versions page (#12953)
* Backport #12504 to branch/v9 (#13112)
* [v9] Simplify reexec on linux (#13119)
* Change tsh to only print non exit errors on exit (#12903)
* Filter out invalid EC2 tag keys (#13131)
* Update to Go 1.17.11 (#13104)
* Add JWT auth guide for ElasticSearch (#12612)
* Add disabled imds client by default for integration tests (#13109)
* [v9] Cloud customer auth servers use port 443 (#13066)
* Fix EC2 labels concurrent write (#13072)
* [v9] Docs Backports (#12894)
* Add ap-south-1 (Mumbai) as a cloud proxy region
* OIDC multiple redirect URLs (#13046)
* Backport #12038 to branch/v9 (#12642)
* V9: Backport #12898 #12855 (#13065)
* docs version update to 9.3.0 (#13004)
* Automatically import EC2 tags (#12593)
-------------------------------------------------------------------
Wed Jun 01 11:28:24 UTC 2022 - kastl@b1-systems.de
- Update to version 9.3.2:
* [v9] Fix broken version check in tbot's `tshwrap` (#13034) (#13037)
* Updated Upcoming Relapses (05/26).
* skip no credential providers error (#12984)
* [v9] Fix CA rotation docs inconsistently providing `--type` flag (#12929)
* [v9] Deflake TestLockWatcherStale (#12981)
- skipping 9.3.1 release that does not exist
-------------------------------------------------------------------
Mon May 30 14:39:12 UTC 2022 - kastl@b1-systems.de
- Update to version 9.3.0:
* Release 9.3.0 (#12955)
* [v9] Re-add `kinds` config field to tbot with a deprecation warning (#13000)
* Read all PROXYv2 header bytes (#12861) (#12994)
* Fix missing SSH HostCA in tbot impersonated identities (#12992)
* Add `tbot proxy` and `tbot db` wrapper commands (#12687) (#12990)
* Extend support for identity files in tsh (#12686) (#12922)
* [auto] Update webassets in branch/v9 (#12989)
* Backport #11768 #12411 to branch/v9 (#12975)
* [v9] When adding a cluster, return it if it was already added (#12978)
* add ExactKey function to create absolute storage paths (#12721)
* ensure tctl outputs all debug log messages (#12920)
* Update docs docker versions for oss and enterprise (#12917)
* Chage `teleport configure` to accept non existent `--data-dir` directory (#12673) (#12806)
* Revert "Avoid nil dereferencing when tlsConfig is nil. (#9788)" (#12874)
* [v9] Set TELEPORT_ETCD_TEST=yes. (#12784) (#12851)
* Backport #12034 to branch/v9 (#12842)
* Fix `tsh db ls` for remote clusters. (#12281) (#12853)
* Improve CertAuthorityWatcher (#10403) (#12724)
* Improve performance using session trackers in large clusters (#12584) (#12832)
* tctl: Respect TELEPORT_HOME value when grabbing profile (#12486) (#12738)
* [v9] Fix Redis Cluster default user AUTH cmd (#12754)
* Warn instead of hard error when validating u2f facets (#12826)
* [v9] Update docs version to 9.2.4 for self-hosted and cloud (#12823)
* Remove non-https facets from documentation (#12776) (#12785)
-------------------------------------------------------------------
Sat May 21 18:28:41 UTC 2022 - kastl@b1-systems.de
- Update to version 9.2.4:
* Release 9.2.4 (#12788)
* [v9] Upgrade MySQL driver to v1.5.0 and set missing mysql client cap (#12734)
* [v9] Add hostlogin to proxy config for windows desktop (#12781)
* 05/19 Upcoming Releases Update
* Backport #12119 to branch/v9 (#12645)
* Backport #12236 to branch/v9 (#12648)
* Add Video Banner for Installing Teleport page (#12746)
* Ensure h2 has precedence over http/1.1 (#12740) (#12749)
* Update Teleport Cloud FAQ (#12663)
* Ignore access denied errors when creating/getting a session tracker as db, app, or windows desktop service. (#12728)
* Backports redirects from #12528, adds indexing page (#12655)
* [v9] Listener hygiene (#12689)
* `tbot configure` command for assisting Machine ID configuration (#12517) (#12576)
* Updates terraform docs for provider (#12314) (#12595)
* Optionally skip unshallowing step (#10978) (#12669)
* ssh: Ignore PuTTY-specific channel requests (#12662)
* Replace title-less Details boxes with ScopedBlocks (#12608)
* [v9] Proxy restart fixes (#12488)
* Restore "Adds optional deployment key for CI (#10506) (#12590)" (#12624)
* Reduce latency of GetNodes (#12637)
* Implement global tsh config file: `/etc/tsh.yaml` (#12598) (#12626)
* docs version update to 9.2.3 (#12631)
* [v9] Link to Interactive Teleport Labs (#12620)
* [v9] Client timeout fixes (#12632)
-------------------------------------------------------------------
Fri May 13 14:54:38 UTC 2022 - kastl@b1-systems.de
- Update to version 9.2.3:
* Release 9.2.3 (#12623)
-------------------------------------------------------------------
Fri May 13 14:52:56 UTC 2022 - kastl@b1-systems.de
- Update to version 9.2.2:
* Release 9.2.2 (#12621)
* Update upcoming-releases.mdx
* [v9] Add Session tracker to DB, App, and Windows Desktop Sessions; Fix make grpc
* [v9] Refactor non-interactive sessions out of proxy/sess.go (#12541)
* Update to Go 1.17.10 (#12607)
* add --format flag to 'token add' and make the same flag visible for 'token ls' (#12588)
* docs: mention new desktop label for OU (#12548)
* Revert "Adds optional deployment key for CI (#10506) (#12590)" (#12603)
* Ignore HTTP_PROXY in reverse tunnels, part 2 (#12335)
* Stop loading the enitre node set into memory per tsh ssh connection (#12014) (#12573)
* [v9] Fix user mismatch in postgres backend (#12553)
* include groups example for role in k8s controls docs (#12563)
* Adds optional deployment key for CI (#10506) (#12590)
* App access JWT header improvements (#12589)
* [v9] Includes Audit Log into common sso Troubleshooting (#12565)
* Make the Installation guide more usable (#12369)
* Add a UI reference entry for code blocks (#12428)
* feat(helm): add priorityClassName and extraLabels to kube-agent (#12559) (#12568)
* add pam tag back to tctl build (#12572)
* Add new config templates to `tbot` for databases and identity files (#11596) (#12500)
* Re-add grace period to Upload completer for backwards compatibility. (#12535)
* Disable ssh_service for app config (#12539)
* [v9] Upgrade gravitational/kingpin to latest master (8b7839c62700) (#12511)
* Desktop access: add teleport.dev/ou label (#12502)
* helm: Buddy merge for #11368 (Enable persistence in custom mode) (#11993) (#12218)
* Make the Troubleshooting guide more usable (#12431)
* Fix RDS Redshift dynamic resources registration logic (#11868) (#12451)
* update version in docs to 9.2.1 (#12476)
-------------------------------------------------------------------
Fri May 06 06:43:30 UTC 2022 - kastl@b1-systems.de
- Update to version 9.2.1:
* Release 9.2.1 (#12472)
* Database agents to share same IAM policy (#11320) (#12457)
* Only acquire semaphore lease if maxconnections is configured (#12462) (#12468)
* [v9] Add roles needed in dynamic reg app and db docs (#12469)
* Add hint message when removing access requests. (#11963) (#12435)
* Update help message for `add token` command and allow token removal from the `rm` command. (#12118) (#12439)
* [v9] Add nil check for billing mode in AWS DynamoDB events driver (#12461)
* Update docs version to 9.2.0 for teleport (#12442)
-------------------------------------------------------------------
Thu May 05 15:11:02 UTC 2022 - kastl@b1-systems.de
- Update to version 9.2.0:
* Release 9.2.0 (#12427)
* Add a partial for agent installs in Teleport Cloud (#12366)
* reduce verbosity of missing kernel support warning for secure symlink (#12396) (#12423)
* [auto] Update webassets in branch/v9 (#12422)
* Allow users to request database certificates in Machine ID (#11904) (#12195)
* Fix tunnel mode for CockroachDB (#12400)
* Deflake TestTSHSSH (#12402)
* [auto] Update webassets in branch/v9 (#12338)
* Update docs version to 9.1.3 self-hosted, 9.1.2 for cloud (#12382)
* set cloud version in user pre (#12386)
* Add context.Context to GetReverseTunnels (#12393)
* Fix lingerAndDie race condition (#12376)
* Update DBeaver guides to use authenticated local proxy. (#12037) (#12384)
* [v9] Rollup backport (#12360)
* [v9] Disallow malformed U2F facets (#12208)
* moved status page cloud question up in faq order (#12354)
* Updated release dates in Machine ID documentation.
-------------------------------------------------------------------
Thu May 05 13:11:30 UTC 2022 - kastl@b1-systems.de
- Update to version 9.1.3:
* Release 9.1.3 (#12343)
* Never use `--tlsUseSystemCA` and `--tlsCAFile` together with `mongosh` (#12363)
* [v9] Advertise correct MySQL server version (#12340)
* Updated scaling limits.
* Improve error message for resource predicate query (#12262) (#12339)
* Prevent relative expiry from emitting more events than can be processed (#12002) (#12247)
* [v9] Specify the `NodeName` in `auth.ReRegister` (#12333)
* Gracefully degrade `tsh db ls` in case fetching roles fails. (#12320)
* added diagrams and install instuctions for db and app guides, getting started (#12313)
* Connect: Use SSHAgentLogin when second_factor is set to optional or on (#12322) (#12323)
* Upcoming releases: Replace Terminal with Connect (#12317)
* [auto] Update webassets in branch/v9 (#12316)
* Connect: Refresh leaf cluster certs before fetching certs for database (#12293) (#12315)
* Backport Teleport Connect gateway changes from #11720 (#12297)
* escape pipe char in table cell (#12280)
* Dial only application servers that serve the requested application (#12217) (#12300)
* SSH Session fixes (#12286)
* Add `proxy_host` and temporary `actual_name` fields to the cluster response object (#12291)
* Update predicate doc example to use bracket notation (#12237) (#12271)
* Update upcoming-releases.mdx (#12276)
* Create remote site cache based on remote auth version (#12130) (#12251)
* Speed up TestAppServersHA (#12128) (#12253)
* update docs version to 9.1.2 (#12278)
* give direct link to cloud signup (#12219)
* Add flags to `teleport configure` command (#11766) (#12267)
* Teleport Connect: Accept database name when setting up proxy (#12173) (#12228)
* Expose RoleSet.EnumerateDatabaseUsers to Teleport Terminal (#12070) (#12207)
* [v9] Backport quoting Postgres connection string & generating DB CLI commands for Teleport Connect (#12206)
* [v9] Backport initial Teleport Connect PR + fixes (#12205)
-------------------------------------------------------------------
Wed Apr 27 17:14:24 UTC 2022 - kastl@b1-systems.de
- Update to version 9.1.2:
* Release 9.1.2 (#12259)
* Revert "Backport #11725 #11249 #11799 to branch/v9 (#11795)" (#12243)
* docker: Add lint-helm to build.assets Makefile (#12189)
* [v9] Regenerate host UUID of node if host_uuid is empty (#12222)
* Simplify user creation in database access guides (#12136) (#12235)
* bump to 9.1.1 in docs (#12210)
-------------------------------------------------------------------
Tue Apr 26 19:47:35 UTC 2022 - kastl@b1-systems.de
- Update to version 9.1.1:
* Release 9.1.1 (#12192)
* docs: Add example for label usage with `tsh ssh` (#12110) (#12158)
* [auto] Update webassets in branch/v9 (#12170)
* Added support for JumpCloud. (#11936)
* [v9] docs: Machine ID update (#12155)
* Ignore HTTP_PROXY for reverse tunnels (#11990) (#12035)
* Respect Firestore commit write limits (#12111) (#12177)
* updates meta-description (#11746)
* update latest 9 version (#12174)
* Update upcoming-releases.mdx (#12166)
* Update upcoming-releases.mdx
* Fix Download Link (#12132) (#12134)
* Prevent blocking forever when transport channel fails to open (#11875) (#12122)
* Mention ScopedBlock in the UI reference (#12085)
* Backport #12001 to branch/v9 (#12088)
* Backport #11419 to branch/v9 (#12091)
* Backport #11913 and #11826 to v9 (#12095)
* Fix flaky test - TestAuditOn (#12135)
* Fix ProxyKube not reporting its readiness (#12152)
-------------------------------------------------------------------
Tue Apr 26 18:54:52 UTC 2022 - Johannes Kastl <kastl@b1-systems.de>
- introduce new executable tbot for new feature Machine ID
https://goteleport.com/docs/machine-id/getting-started/
-------------------------------------------------------------------
Tue Apr 26 06:24:53 UTC 2022 - kastl@b1-systems.de
- Update to version 9.1.0:
* Release 9.1.0 (#12020)
* Manually extract SSO redirect URL to preserve its own query params (#12100) (#12125)
* Allow setting additional traits in tctl users add command (#12102) (#12133)
* Fix reference to tbot start --oneshot (#12064) (#12112)
* [auto] Update webassets in branch/v9 (#12126)
* [v9] backport #12057 (panic in `CertAuthority.Clone`) (#12004)
* [v9] backport #11019 (`ListResources` in the webapi layer) (#12106)
* Add manual websocket pingloop (#11765) (#11915)
* Improve error handling in `tbot start` (#11756) (#12012)
* Pipe terminal stdin to session in kubernetes peer mode (#11288) (#11918)
* Allow requesting a join token with IAM method from the web api (#11339) (#12060)
* Fix globbing for Moderated Sessions join policies (#12067) (#12071)
* Make `tsh db ls` lists available db users. (#10458) (#11942)
* Switch to forked `httprouter` and enable `UseRawPath` option (#11068) (#12080)
* Prevent goroutine leak in oidc client (#11974) (#12078)
* docs: Don't lint external links when running in CI (#12058) (#12069)
* Fix flaky test - TestChaosUpload (#12052)
* Add JSON and YAML to several tsh commands (#11681)
* update prereqs for machineid ansible guide (#12066)
* fix(db): send initial heartbeat when there is no static dbs (#11160) (#12039)
* Generate database access credentials with tctl auth sign command (#10785) (#12042)
* Align atomics on ARM32 (#11822) (#11917)
* Correct note on node (#12045)
* Update linux-server.mdx (#11682) (#11815)
* fix docker example (#12027)
* update teleport cloud version to 8.3.7 in docs (#12017)
* Update installation docs (#11677) (#12013)
* Includes advisory for pages that are installing proxy, auth for cloud scope (#12030)
* Ensure Cache `types.WatchKinds` and `proto.WatchEvents` are in sync (#11692) (#11927)
* Backport #11381 to branch/v9 (#11969)
* Backport #10996 to branch/v9 (#11967)
* Backport #10759 to branch/v9 (#11966)
* Backport #10801 to branch/v9 (#11964)
* docs: Don't lint external links (#11940) (#11996)
* Prepare five guides for Cloud users (#11982)
* Document Okta OIDC provider workaround
* Extract tabbed Prerequisites into a partial (#11960)
* Backport #11801 to branch/v9 (#11965)
* Fix Okta OIDC (#11718)
* Remove references to authentication type 'false' from docs (#11621) (#11924)
* (v9) Delete app sessions on logout (#11956)
* helm: Set default second factor to "otp" in values (#11034) (#11923)
* helm: Add support for mounting existing TLS secrets with optional root CA (#11295) (#11922)
* Bump Go to 1.17.9 (#11932)
* Fix race condition in (*sess). broadcastResult() (#11851)
* Mention scoped Admonitions (#11900)
* Edit four docs guides for Cloud users (#11971)
* Edit four Access Controls guides for Cloud users (#11977)
* Update upcoming-releases.mdx
* Update upcoming-releases.mdx
* [v9] Add audit logging for more MySQL commands (#11914) (#11949)
* [auto] Update webassets in branch/v9 (#11951)
* Return error message if supplied auth connector name doesn't match registered names. (#11800) (#11884)
* change bash blocks to code to fix copy/paste and consistency (#11912)
* Updated Getting Started Machine ID Guide.
* Updated Ansible Machine ID Guide.
* Updated Jenkins Machine ID Guide.
* Update teleport-plugin guides to reference docker images for downloads (#11617) (#11934)
* SQL Backend Documentation (#11897)
* Move Cloud download binaries into tables (#11839)
* [v9] Rollup bugfix backport (#11890)
* NO_PROXY port support + special case for proxying via localhost (#11403)
* [v9] Replace session upload grace period with session tracker (#11853)
* Edit Database Access guides for Cloud users (#11846)
* [v9] Release pipeline improvements (#10707) (#11833)
* [v9] Make relogin attempts use the strongest auth method (#11781) (#11847)
* Mention Teleport is deployable in k8s (#11874)
* update golang version in docs config to 1.17 (#11869)
* [v9] helm: Backports (#11728)
* [v9] Access Control, K8s Cluster docs set scope and AWS first (#11761)
* Add client cert in insecure mode (#11758)
* Backport #11725 #11249 #11799 to branch/v9 (#11795)
* Add auth'd tunnel mode to tsh proxy db command (#11720) (#11808)
* [v9] Moderated Sessions rollup backport (#11803)
* Fix session leave + termination deadlock
* Backport #10880 to branch/v9 (#11442)
* Add grpc server and client metrics to Teleport (#11773)
* Fix key principals not being used when identity files are being used (#11793)
* update 9 release version to 9.0.4 (#11789)
* Document limitations with the Google OIDC connector and transitive group memberships (#11422)
-------------------------------------------------------------------
Thu Apr 14 19:37:37 UTC 2022 - kastl@b1-systems.de
- Update to version 9.0.4:
* Release 9.0.4 (#11785)
* Add Cloud instructions to five guides (#11742)
* [v9] Add hint when the user receives an error about an "unknown certificate authority" (#11550) (#11751)
* Added Machine ID to examples.
* Backport SQL Backend to v9 (#11667)
* [v9] Install script changes and sudo command updates for Teleport install and configure (#11750)
* Support proxy protocol v2 (#11684) (#11722)
* Clean up remoteSites with no active tunnels (#11435) (#11707)
* update cloud-config to fix install errors (#11732)
* update teleport 9 and cloud versions in docs (#11726)
* Spread out `UploadCompleter` load (#11590) (#11698)
* Split Redis docs (#11702)
* [v9] Kube agent instructions on matching to server version (#11711)
* Change client dialOpts append order (#11322) (#11624)
* Added admonition about TLS Routing and Machine ID.
* Added Jenkins Machine ID diagram.
* Add support for backward compatible API Client behavior (#11567) (#11663)
* [v9] Backport: fix tsh config test (#11657)
* Avoid nil dereferencing when tlsConfig is nil. (#11614)
* Updates minimum terraform version to 1.0 (#11651)
* Add documentation for ssh key extensions with github (#11656)
* docs: Add Helm docs for tls.existingSecretName (#11306)
* minor edits (#11641)
* Fix docs UI reference (#11635)
* Edit two guides for Cloud users (#11642)
* Remove misleading information about tctl for Cloud (#11632)
* Update repo in docs contribution guide (#11638)
* Fixes console player ctrl+C and ctrl+D functionality (#11559)
* Fix tsh player issues (#11491)
* docs: add note about user CA rotation + desktop access (#11586)
* fix loggers not respecting json config (#10808) (#11655)
* Add metric to track number ssh connect attempts (#11240) (#11629)
* [v9] backport #11386 #11387 (in-memory cache and sqlite sync) (#11658)
* Update IsValidLabelKey to include ':' (#11563)
-------------------------------------------------------------------
Thu Apr 14 19:35:08 UTC 2022 - kastl@b1-systems.de
- Update to version 9.0.3:
* Release 9.0.3 (#11649)
* Fix `ad-keytab-file` flag on sqlserver docs (#11581) (#11605)
* Split the Helm chart reference (#11437)
* helm: Add support for separate Postgres/Mongo listeners in teleport-cluster chart (#10858) (#11434)
* [Docs] Add teleport.yaml docs for x11 forwarding (#10561) (#11429)
* Edit three guides for Cloud users (#11362)
* Fix 32-bit arm deb and 64-bit arm rpm packages (#11318) (#11568)
* Add missing quotes in GCB triggers (#11608)
* tctl: respect TELEPORT_HOME variable when reading profiles (#11561)
* Use first available auth server (#11229) (#11598)
* [auto] Update webassets in branch/v9 (#11582)
* updated /signup to aboslute url (#11580)
* Remove potentially confusing EOF line from snippet (#11438)
* Split the AWS Node Joining guide (#11440)
* 03/30 Upcoming Released Update
* Backport #10620 to branch/v9 (#11542)
* Add missing doc link for predicate language (#11466) (#11541)
* [branch/v9] Backport #11388 (#11537)
* tsh: ignore empty or non-existing config files (#11495) (#11571)
* [docs/v9] Remove mention of x509 certs for Machine ID as they're not yet available (#11548)
* error message improvement on teleport start file permissions (#11502)
* [branch/v9] Rollup backport of session fixes (#11494)
* Don't respect HTTP_PROXY env in k8 forwarder (#11257) (#11462)
* [v9] Makes a common login error troubleshooting for sso docs (#11488)
* [v9] Backport: "helm: Add details on AWS ACM to AWS guide (#10857)" (#11414)
* Fix relative signup path
* Fix TLS Routing jumphost flow (#11282) (#11496)
* Assign EmitAuditEvent to err for subsequent check. (#11501) (#11505)
* Added Jenkins tile to documentation.
* Add Teleport Cloud downloads page.
* Added Machine ID Jenkins Guide.
* Update Machine ID icon to chip icon.
* [auto] Update webassets in branch/v9 (#11473)
-------------------------------------------------------------------
Sat Mar 26 14:53:54 UTC 2022 - kastl@b1-systems.de
- Update to version 9.0.2:
* Release 9.0.2.
* Updated CHANGELOG.md.
* update enterprise (#11408)
* Reexec with `/proc/self/exe` on Linux (#11283) (#11453)
* Add version string to terraform role ref (#11407)
* [v9] Add HTTPS_PROXY for tsh (#11397)
* Add tests for motd fixes
* Fix MOTD not showing up on tsh login with certain arguments
* Fix panic in getWebConfig (#11389) (#11413)
* Update cargo deps (#11400) (#11416)
* Reslove comments, move all occurences of teleport.dev to use a constant
* Add configurable verbosity to `tctl get roles`
* Resolve comments
* Add verbosity to tctl * ls commands and resource get.
* Move 'MakeTableWithTruncatedColumn' to asciitable and truncate labels
* ls consistency: add support for tctl desktop ls
* ls consistency: add tctl kube ls command
* ls consistency: make tctl db ls output consistent
* ls consistency: make tctl apps ls output consistent
* ls consistency: Make tctl nodes ls output consistent, support yaml
* Add a .tsh/config file and add support for configuring custom http headers
* [v9] Backport: "helm: Adds missing namespaces to ConfigMap (#11032)" (#11343)
* add copy/paste mention (#11377)
* Edit Helm installation instructions (#11303)
* Situate the Installation guide more clearly (#11300)
* Edit four Kubernetes Access guides for Cloud users (#11354)
* Teleport cloud license info and other info update (#11376)
* add all token types (#11375)
* Update Redis links in docs (#11393)
* [v9] Add endpoint to webapi to generate DB join token (#10914) (#11256)
* Fix certificate extension not being included in `tctl auth sign`
* Show usage on invalid command line invocation. (#11174) (#11333)
* Remove the v5 Kubernetes migration guide (#11297)
* Add Cloud-specific instructions to two guides (#11314)
* Add notes about wildcard certificates (#11310)
* Fix broken link in the ADFS guide (#11307)
* update e module (#11341)
* [v9] helm: Backport chart changes from unit test addition (#11336)
* Added Machine ID CLI and configuration references.
* Update 'tctl apps/db/nodes ls' to accept filter flags (#11003) (#11076)
* docs: add desktop session recording and clipboard sharing (#11005) (#11252)
* Mention Cloud compatibility in three guides (#11234)
* Updates `tsh ls` for node/app/db/kube to accept new filter flags (#10980) (#11016)
* Add doc for filter support for CLI tools (#11012) (#11258)
* Support role bootstrapping in OSS (#11175) (#11247)
* corrects some powershell examples and put in code for linux commands (#11225)
* docs: clarify /healthz and /readyz (#11085) (#11231)
* Keep multiple per-node remoteConns in localSite (#11074) (#11184)
* Fix TLS multiplexing for the kubernetes_service in the teleport-cluster helm chart (#10002) (#11212)
* Update upcoming-releases.mdx
* Improve `tsh` error message if mysql client is missing (#11215)
* helm: Adds extraArgs and extraEnv to teleport-kube-agent (#11155) (#11237)
* helm: include static_labels in database example (#10414) (#11214)
* Revert "Only allow access request deletion through static roles' permissions (#9540)" (#11221)
* Address problems in concurrent sqlite access (#10706) (#11190)
-------------------------------------------------------------------
Thu Mar 17 10:28:30 UTC 2022 - kastl@b1-systems.de
- Update to version 9.0.1:
* Release 9.0.1 (#11208)
* Fix outdated CLI help for `tbot init --owner` (#11158) (#11167)
* Fix improper default value check in tbot's `FromCLIConf()` (#11169) (#11206)
* [branch/v9] Backport #10665 (#11064)
* Fix quit on ctrlc, race panic, atomic load align in session IO (#11112) (#11188)
* Refactored Ansible guide to work with Machine ID.
* Cleanup of Machine ID Getting Started Guide.
* Remove mention of max ttl for tctl tokens command (#11148) (#11164)
* Silence false positive lints from staticcheck in tbot/init.go (#11084) (#11128)
* docs: add desktops to per-session-mfa page
* Update docs for FIPS users
* Automatically calculate `public_addr` field for dynamic apps (#10941). (#10943) (#11139)
* Fix DeleteRange when the backend sanitizer is used (#11124) (#11131)
* Fix `tsh aws ecr` Internal Server Error (#10475) (#11108)
* correct db connect (#11097)
* 03/11 Upcoming Releases Update.
* 9.0 post-release 4 (#11089)
* 9.0 post-release 1: update docs versions (#11082)
-------------------------------------------------------------------
Sat Mar 12 20:35:40 UTC 2022 - kastl@b1-systems.de
- Update to version 9.0.0:
* Release 9.0.0 (#11067)
* Add Redis docs (#11073)
* Fix NLB Mongo/Postgres errors spam (#11059)
* [auto] Update webassets in branch/v9 (#11055)
* Added Machine ID docs.
* Release 9.0.0-rc.2 (#11038)
* UX improvements for tbot (#10833) (#11046)
* Moderated Sessions improvements (#10991) (#11051)
* Fix meaning of `bot_name` in bot join tokens (#11039) (#11047)
* Backport of #10289 (#11030)
* Better Semaphore Lease Contention Handling (#10666) (#10877)
* V9 backport 10871 (#11031)
* Prevent panic caused by nil session recorder (#10792) (#10874)
* (v9) Missing v9 backports (#11033)
* Fixed incorrectly named RPMs (#11029)
* Fix quadratic complexity in Reconciler.Reconcile(). (#10989) (#11023)
* Fix ACME instructions in start-auth-proxy.mdx (#11013)
* Update suggested systemctl command (#10733) (#11025)
* Switch to warning in case of resource origin clash. (#10947) (#11024)
* Regenerate server identity if APIDomain not present (#10944)
* Release 9.0.0-rc.1 (#11018)
* Fix RPMs using a too-new version of glibc (#11008)
* [v9] Disable automatic updating of API import path (#11010)
* Update database guides with database configurator. (#10451) (#10995)
* Add MariaDB to AWS RDS auto discovery (#10994)
* Update go-mysql package (#10997)
* Enable desktop access in Web UI in Cloud clusters (#10970)
* Handle case where display is itself a unix socket #10719 (#10985)
* [auto] Update webassets in branch/v9 (#10988)
* Release v9.0.0-beta.2 (#10982)
* (v9) Update e (#10964)
* flaky test: TestDatabaseAccessMongoConnectionCount (#10869) (#10955)
* skip databases that are not available during auto discovery (#10699) (#10870)
* feat(app): consider reverse tunnel errors in apps HA mechanism (#10734) (#10906)
* [v9] backport 10915 (memory leak) (#10927)
* Default to `https` scheme for `--proxy` argument in `tctl auth sign` (#10844) (#10911)
* Open parts files one at a time
* Fix Windows session uploads
* Complete empty uploads
* [v9] backport #10765 and #10766 (#10855)
* Include tbot binary in Teleport packages and installs (#10646) (#10802)
* Add desktop access to front page (#10894)
* Add sorting for kube cluster (#10702) (#10921)
* Add `KindWindowsDesktops` to `ListResources` (#10769) (#10912)
* Fix missing identity in certs logic (#10822)
* Fix DynamoDB getAllRecords logic when 1MB query limit is reached (#10726) (#10845)
* Fix panic in MSSQL when Login7 package is invalid (#10709)
* Add support for more Redis Cluster commands (#10760)
* Backport #9470 to branch/v9 (#10823)
* Backport #9556 to branch/v9 (#10824)
* Update dronegen to fix build-darwin-amd64-pkg-tsh artifacts path (#10862)
* Fix panic in MongoDB message reader (#10710)
* Backport #9969 to branch/v9 (#10826)
* Backport #10061 to branch/v9 (#10827)
* Fix large clipboard copy/paste (#10670)
* Backport #10621 to branch/v9 (#10829)
* [v9] Sanitize leaf cluster CA (#10742)
* Fix ALPN panic on empty db handler (#10662)
* Do not block apt publishing if there is a more current pre-release (#10805)
* Restore docs deploy hook (#10838)
* Fix V5 role in getting started guide. (#10837)
* Tweaks in getting started guides. (#10780)
* docs: update CA rotation page (#10419)
* Improve HA behavior of database agents in leaf clusters (#10641) (#10771)
* Partial revert of session.connect event
* Print proxy server on instructions on nodes add command for cloud (#10750)
* Display correct error message when host is missing in `tctl auth sign` (#10739)
* [v9] Fix Mongo topology resource release (#10731)
* [v9] Backport #10460 to branch/v9 (#10616)
* Fix desktop session playback RBAC (#10570) (#10679)
* TF provider configuration environment variables (#10417) (#10548)
* Update CI to teleport9 buildbox (#10715)
* IAM join method support for tbot (#10535) (#10685)
* Add documentation for static windows hosts
* [auto] Update webassets in branch/v9 (#10712)
* Tag buildbox and upgrade to go1.17.7 (#10605)
* Change get resources webapi response (#10598) (#10683)
* Return filtered total count with ListResources (#10573) (#10682)
* Fix crash when AWS Redshift does not have Endpoint info (#10597) (#10675)
* helm: Fix enabled clause for db_service when using awsDatabases only (#10644)
* Disable BPF tests in CI (#10654) (#10691)
* [Docs update] Mention unsupported scenarios for IAM join method (#10530) (#10652)
* helm: Fix indenting on database autodiscovery (#10624)
* Update desktop access docs for 9.0 (#10406) (#10545)
* Fix artifacts path for build-darwin-amd64-pkg-tsh drone pipeline (#10600)
* docs: fix code block (#10495) (#10555)
* Restore teleport-private deb/rpm gating (#10536)
* [v9] Backport "helm: Revert PodSecurityPolicy change" (#10565)
* Release 9.0.0-beta.1 (#10508)
* Update e (#10505)
* [auto] Update AMI IDs for 8.3.1
* Certificate renewal bot (#10099)
* [auto] Update webassets in master (#10482)
* CertAuthority watcher filtering (#10020)
* Adds a `DesktopSessionRecording` flag to the ACL (#10365)
* Add SQL Server guide (#10293)
* Update x11 sshserver test to test concurrent sessions and requests. (#10470)
* Add MFA for Windows Desktop web access (#10271)
* Reduce concurrent connections in TestRedisTransaction (#10472)
* feat: aws database configurator (#9145)
* Add missing action VerbRead to ListResources (#10422)
* Re-sign .drone.yml (#10469)
* Remove drone step to publish centos6 buildbox (#10432)
* Fix server compare to check expiry last (#10380)
* Add teleport_audit_emit_event prometheus metric (#9134)
* Use tdr in Dronegen (#10453)
* helm: Add AWS database auto-discovery to teleport-kube-agent (#10344)
* Add support for windows desktop services proxying different desktops (#10101)
* Address Cloud users in guides (#9962)
* Mention Teleport Cloud in some of our guides (#9989)
* docs: Updated path to tctl/tsh for Enterprise binaries (#10428)
* Add a Cloud compatibility warning to Helm guides (#10023)
* Add a prominent warning to the config reference (#9558)
* [auto] Update webassets in master (#10427)
* IAM Joining Docs: Set join_method in token.yaml (#10433)
* Clear terminal when auth server is in FIPS mode (#10095)
* Update version thresholds (#10426)
* Add support for configurable ssh key extensions
* Fix HSM flaky integration tests (#10390)
* Install gcloud in /opt, so it can be accessed by non root (#10400)
* add where option with sessions so Access role by default can see their own session recordings (#10376)
* Add SQL Server support for database access (#10097)
* [auto] Update webassets in master (#10409)
* Switch shell to golang for latest version detection (#10295)
* Add a command to query the latest release
* Switch to testify
* Exclude draft releases from latest version logic
* Fix release sorting
* Add an lexicographic test case
* Integrate version-check into build.assets/tooling
* Implement resource sorter for server, appserver, dbserver (#10243)
* Check for shell user's home directory as that user (#10321)
* Update e submodule. (#10413)
* add teleport_connected_resources metric (#9603)
* MySQL prepared statement support (#10283)
* Fix TestHandleConnection directory not empty error (#10407)
* Add Redis integration (#10053)
* Only request CF_OEMTEXT clipboard data
* Add audit events for desktop clipboard access
* Increase GCB UT timeout (#10398)
* Remove the legacy JSON API for requesting host certs
* Remove CentOS 6 builds for Teleport 9
* docs: add warning about auditor role (#10258)
* Label active directory domain controllers (#10334)
* Fix Reverse Tunnels Not Properly reconnecting (#10368)
* Add TestModules (#10369)
* Ensure docs nav titles use title case consistently (#10353)
* Deflake TestFnCacheSanity (#10250)
* Clarify Kubernetes Getting Started guide (#9580)
* Fix db configure (#10349)
* Migrate the joined-tokens code to the OSS release. (#10288)
* Implement Moderated Sessions (#8563)
* Fix tctl insecure flag when TLS Routing is enabled (#10297)
* DigitalOcean 1-click Droplet and Kubernetes getting started guides (#8773)
* Return desktop events in SearchSessionEvents (#10325)
* Save unit test logs (#10076)
* Fix TestProcessKubeCSR (#10355)
* Implement global SessionData storage (#10287)
* Don't open clipboard static channel when clipboard is disabled (#10348)
* Synch Teleport preview updates (#10318)
* Replace /tmp with os.TempDir(). (#10322)
* Generate/validate a PIN for our virtual smartcard (#9919)
* Add passwordless-related information to protos (#10281)
* Expose reverse tunnel address to web ui (#10133)
* Fix fake streamer implementation to match the real one (#10330)
* Desktop session recording/playback (#9583)
* RFD 48: Desktop Session Recording (#9864)
* Ensure clipboard data is shared in the format Windows expects (#10284)
* Add docs for IAM join method (#8899)
* Add Prometheus metrics cache events and stale events (#9826)
* Add Teleport Cloud instructions to 3 guides (#9681)
* RFD 52/53/54: Passwordless (#9296)
* Add documentation for moderated sessions (#9425)
* Don't return `nil, nil` in (*AuditWriter).tryResumeStream (#10254)
* Trusted clusters doc: Use wildcard for spec.allow.cluster_labels.env
* Improve node labels example in roles docs (#9385)
* Fix interpolation example in role templates docs (#9382)
* Add missing DatabasesReady event to DB proxy (#10152)
* active node inventory cleanup
* Authentication options doc: wrap `on` in quotes
* Add keepalive heartbeat to kubernetes service (#9584)
* commit forgotten "make grpc" (#10280)
* feat: add create database config command (#9618)
* Convert auth test from gocheck to standard lib
* Document desktop role options for Teleport 9 (#10227)
* Replace testify/assert with testify/require (#9925)
* Adds Application certificate path to profile (#10043)
* [auto] Update AMI IDs for 8.2.0
* IAM Join Method (gRPC service) (#10087)
* Make our docs guidance discoverable (#10155)
* Use an apt-key alternative in install instructions (#10084)
* docs: add steps for joining w_d_s to a cloud cluster (#10219)
* Clean up desktop session error logging (#10232)
* [auto] Update webassets in master (#10235)
* Use buildbox images from quay.io (#10179)
* Remove Teleport DB Users only message for tctl users ls that is incorrect (#10181)
* Cleaned up NewClient in integration tests.
* Fixed TestSessionStartContainsAccessRequest.
* Fixed TestDisconnection
* Expand cloud in production usage faq question (#10218)
* Update the PR description for auto webassets udpates (#10212)
* IAM Join Method (backend implementation) (#10085)
* adds cliipboard to userACL (#10207)
* Add the `cert.create` event (#9822)
* [auto] Update AMI IDs for 8.1.5
* Reconnect broken LDAP connections (#10183)
* Enable map key sorting in `utils.FastMarshal` (#10070)
* Clarify `tsh config` usage docs on Windows (#8409)
* Update MariaDB docs (#10113)
* Add additional filters to ListResources (#10180)
* Desktop Access: clipboard support (#9976)
* Add more lint coverage (#10049)
* Add desktop_clipboard role option (#10165)
* update `github.com/gravitational/trace` to `v1.1.17` (#10079)
* [auto] Update webassets in master (#10161)
* x11 forwarding (#9897)
* Document docs labels (#9537)
* Update Docker image tags in docs (#9400)
* Modified FedRamp to FedRAMP in docs for proper acronym (#10114)
* Implement resource boolean expression parser (#10008)
* Add xauth binary to buildbox for X11 forwarding. (#10164)
* docs: Add extra commands and reference for AWS Managed AD to Desktop Access docs (#9669)
* Add role option for record_desktop_session (#9523)
* Fixes DocTest CI (#10117)
* [auto] Update AMI IDs for 8.1.3 (#10144)
* Update Documentation for GCP Cloud SQL Client Authentication (#10092)
* Update version-check paths (#10118)
* Fix.
* Removed `TestProxyReverseTunnel`.
* RFD 49: desktop access clipboard (#9868)
* Backward compatible kubernetes_labels behaviour for v3 and v4 roles (#10122)
* RFD 51: X11 forwarding (#10009)
* Remove broken links to /admin-guide/#public-addr (#10057)
* Use correct unmarshaller for json durations (#10124)
* Dynamically resolve reverse tunnel address (#9958)
* Updated assign and check logic for Cloud.
* fix tests - forwarder is not set during cluster session init anymore
* remove unnecessary file
* unfix test case
* tests
* address comments
* clean import
* diable http2 for kube streaming endpoints
* Update S3 canned ACL docs (#10072)
* Add teleport_reverse_tunnels_connected Prometheus metric (#9698)
* Log when App Service fails due to empty `proxy_service.public_addr` (#10056)
* Add metric tracking number of Teleport agents joined to cluster (#9749)
* Modify verbiage on AWS CLI (#10029)
* Fix docker-compose Getting Started guide issues (#9709)
* Add guide for Azure Postgres/MySQL database access (#9729)
* Refactor database engines registration (#10074)
* Add backporting tool. (#9568)
* Clarify token.file usage in server access getting started guide. (#10060)
* Updated the description of the location of the built binaries (#9885)
* Documentation update for Redshift auto discovery support (#9990)
* RFD 50: Cluster Join Methods and Endpoints (#9871)
* Client Certificate Authentication for GCP Cloud SQL (#9991)
* Fix tsh tctl do not load all CAS (#9357)
* Use SDK Cloud script to install gcloud (#9941)
* RFD 55: WebUI server-side paginating and filtering (#9633)
* Add teleport proxy addr to the kubeconfig exec args when specified (#9899)
* Add MatchSearch to resources for fuzzy search (#9892)
* Removes diagnosis address from being hidden (#9975)
* Update to Rust 1.58.1 (#9985)
* Update golang.org/x/crypto to v0.0.0-20220126234351-aa10faf2a1f8 (#9984)
* Respect errors from UserInfo (#9951)
* support for redshift auto discovery (#9851)
* add desktop and tip on assigned ports for networking ref (#9957)
* Add a Cargo workspace (#9960)
* Update teleport-agent readme links (#9963)
* add extra checks to avoid getSigninToken failure (#9792)
* Properly cleanup the connection monitor for desktop sessions (#9913)
* Fix k8 access - respect kube service labels (#9759)
* Updated docs for the improved Google OIDC connector (#9907)
* Include uid in session.start & upload events (#9791)
* Ignore artifact failures in remaining pipelines (#9932)
* Add diag addr, web idle timeout, token clarification (#8489)
* add ping oidc workaround documentation (#8486)
* Add access requests to audit events (#9758)
* Ignore failures for artifact registration step (#9921)
* feat: add KubeService and Node to ListResources (#9613)
* Add access request locks to the docs (#9866)
* Auto discovery aurora reader and custom endpoints (#9668)
* Access request locks (#9478)
* make protoc generation compatible with api v2+ (#9673)
* update RDS and Redshift CA URL (#9890)
* Add github teams to available traits
* Fix TLS Router serverName 'kube.' prefix based routing logic (#9777)
* Put note about skipping TLS verification in a <Details> box
* Check if the legacy password_file config field is set
* Run LDAP initialization in a retry loop
* Remove mention of LDAP password from docs
* authenticate to LDAP with client certificates
* Fix docs typo
* Add email parameter to example (#9850)
* Improved Google OIDC connector (#9697)
* Reject TDP ClientUsername messages that are too long
* [Breaking] Default to mongosh when connecting to MongoDB. (#8472) (#9754)
* Fix docs and config newline outputs
* Fix inclusion of non-existant gcp-credentials secret and credentialsPath when credentialSecretName is empty
* [auto] Update webassets in master (#9870)
* Update e-ref (#9843)
* Cleanup of minor bot issues.
* Remove devbox - build box now supports AMR64. (#9847)
* use google/uuid instead of pborman/uuid (#9793)
* Replace cluster periodics with watchers (#9609)
* Tweak the PNG encoder (#9817)
* make the switch in dynamic.go easier to read (#9836)
* Retry with re-login ignores TELEPORT_HOME. (#9436)
* Database auto discovery to be more tolerable to find as many as it can (#9426)
* Treat EC2 Node IDs as UUIDs (#9722)
* fix: removing new line convergance (#9579)
* Add an Error message to TDP (#9586)
* helm: Allow setting issuer group for certificate in teleport-cluster (#9138)
* helm: Add logging configuration to teleport-kube-agent chart (#9632)
* [docs] Add region and use of SSM decryption to Terraform docs (#8907)
* Allow impersonation of roles without users (#9561)
* Fix first desktop discovery reconcile loop (#9654)
* Naji/force http2 kubernetes (#9294)
* fix nindent of `service.spec` in teleport-cluster chart (#9645)
* Conditionally publish deb packages (#9496)
* docs: recommend a highly available LDAP endpoint. (#9744)
* Clean up system role parsing (#9756)
* Emit event when connecting to non-Teleport server (#9370)
* feat: app server requests failover (#9288)
* Don't shell out to `go list` when not needed (#9776)
* Fix reverse tunnel dialing for Windows Desktops
* omit invalid aws tags in rds autodiscovery (#9742)
* Covert password_test.go from gocheck to std test
* Run gpg in batch mode (#9728)
* Use teleport logger instead of gravitational/trace (#9738)
* Revert bot changes for `vendor/` (#9743)
* Add the `access_request.delete` event (#9552)
* Add support for MariaDB (#9409)
* Add Videos to Teleport Desktop Access (#9373)
* Update `google.golang.org/grpc` to v1.43.0 (#9656)
* Upgrade from `go.etcd.io/etcd` v3.4.14 to `go.etcd.io/etcd/{api,client}/v3` v3.5.1 (#9607)
* Add "limiter" support to database service (#9087)
* Fix log file location for vendorless (#9689)
* Move GOMODCACHE out of workspace
* Disable make target update-api-module-path.
* Mark RFD 47 as implemented
* Remove vendor
* Sign rpm repo metadata (#9027)
* Update e-ref (#9682)
* do not register Aurora serverless db clusters (#9386)
* truncate Labels for tsh db ls (#9671)
* Disable RDP client on ARM 32 bit (#9667)
* Adds Desktops to license (#9576)
* Remove unused context from sqlite backend (#9658)
* Update Postgres audit events (#9435)
* Add note about TLS routing backwards compatibility (#9630)
* Clean up dynamicLabels ssh server goroutines when server is closed
* Restrores CI lint for non-go files (#9663)
* Close all SQL statements (#9614)
* Fix race condition in multiplexer tests (#9660)
* Fall back to "/" when home directory doesn't exist for `tsh ssh` (#9413)
* Add teleport_build_info Prometheus metric to Teleport (#9595)
* Add note about testing local dependency changes
* RFD 47 - remove the vendor directory from source control
* bot: label PRs that touch lib/events with "audit-log"
* Fix Flaky Retry Tests (#9516)
* Specify level of TLS verification for database connections (#9197)
* Truncate label output in tsh ls and tsh app ls commands
* Dead code removal + extra commentry & logging in build script (#9509)
* Attempts to make CI integration test logs more useful (#9626)
* Log when connecting to potentially incompatiable authservers
* Only allow access request deletion through static roles' permissions (#9540)
* Upload release binaries to new release infrastructure (#8722)
* Add access requests to TLS certificates (#9501)
* Update API client: dial auth service with TLS Routing (#9498)
* Improve TestTwoClustersTunnel troubleshooting
* Remove utils.BroadcastWriter
* Use require.Eventually to avoid flakiness in TestAPILOckedOut
* fix dynamo error types
* fixes mdx comment style (#9599)
* Forward TELEPORT_HOME to kubeconfig (#9546)
* Adds the windows_desktop_service section to the meta teleport.yaml (#9573)
* Add ARM64 support for buildbox docker image (#9572)
* Emit the correct session ID for SessionLeave events
* Update locking guide to include Windows Desktops
* Allow locking a desktop
* Fixed missing reviewers issue.
* Added support for automatic labeling of PRs.
* Fix goroutine/socket leak in multiplexer (#9507)
* tweak test timeout
* fix typed nil panic
* fallback to calling origin if rc is missing from cache
* docs: update cloud roadmap and faq (#9479)
* Fix tsh db connect mongo dbuser logic (#9196)
* Restart teleport-kube-agent can't join cluster.
* add TLS routing support to helm chart
* Added log configuration to teleport-cluster chart.
* Added support for service.spec.loadBalancerIP.
* updted Helm install guide in installation page. - link to getting started with kubernetes access page to refer Helm which is more up to date guide - removed which shows deprecated warning
* Fix the UI to correctly determine if a user has access to a resource (#9473)
* Update rdp-rs (#9344)
* removes experimental note from example config (#9195)
* Skip tests on a docs-only PR (#9416)
* Update aws-console.mdx (#9477)
* [auto] Update webassets in master (#9504)
* Fix initKube: broadcast KubeReady event (#9418)
* Session locking tweaks
* Deduplicate access request IDs before signing certificates (#9453)
* Fix devbox on AMD64 (#9462)
* Clean up `make grpc` and .pb.go generation (#9432)
* Add jitter and backoff to prevent thundering herd on auth (#9133)
* Escape access request and access resolution reasons in tctl (#9381)
* Prevent Linear Retry from converging on Max (#9393)
* Allow loadtest teleport image to be configurable (#9398)
* tool/tsh: support ID for `tsh play -f json`
* Exclude Jitter from logging
* Update README.md (#9378)
* Fix flaky TestWebsocketPingLoop test (#9326)
* Split dev tools into a seperate docker container (#9410)
* update doc examples to change from admin role to editor,access (#9334)
* Do not parse MySQL server packets (#9423)
* feat: ListResources gRPC rpc (#9096)
* Clarify the Linux Getting Started guide (#9346)
* Create a blast radius reduction guide (#9189)
* Fix NO_PROXY addr logic (#9287)
* Port fixes from v8 (#9397)
* Fixed IsInternal issue in Check workflow.
* Updated checking logic for code owners.
* Enable canned ACL for S3 (#9042)
* Doc update mongo postgres separate listeners (#9340)
* Allow a configurable event TTL in DynamoDB (#8840)
* Add ability to run Mongo proxy on separate listener (#9194)
* Include --insecure options for teleport {db|app}
* Fix app server goroutine leak (#9332)
* Add ability to run Postgres proxy on separate listener (#8323)
* Ensure we don't miss the resolution of an access request (#9193)
* Run tsh play requests with correct CLI context
* Delete extra % sign
* [auto] Update webassets in master
* Update example username desktop service to single quotes
* Correct Dismiss function spelling.
* Tweak LDAPS troubleshooting docs
* Improve error message when TOPT is not valid
* fix racy test
* bump nginx1.12 to nginx1
* Use in-memory cache for autoscale HA cluster
* Add PDB to teleport-kube-agent chart
* Optionally allow cluster_name to override public_address being used for cluster_name
* Disable drone triggers (#9313)
* Check If HEAD Branch Is A Fork (#9302)
* Fix the CRL distribution point in Windows certs (#9299)
* improve lock tests
* improve Cache.ListNodes perf
* improve concurrent watcher registration perf
* bump backend limit
* Remove uploadCtx/uploadDone as these are automatically reflected with uploadLoopDoneCh
* Do not use the server's context to complete the stream - it might have been already cancelled. Proto stream to make sure the streams have been completely written before exiting from Close.
* Fix CryptoRandomHex function (#9186)
* Fix panic running TestIntegration/RotateChangeSigningAlg (#9316)
* Add `--cluster` flag to all `tsh db` subcommands, Add "--diag_addr" flag to `teleport db/app start` (#9220)
* tool/tctl: Log when requested ttl isnt granted for a cert
* Replace "loose" with "lose" (#9284)
* Avoid "Entering/Leaving directory" output in Make (#9246)
* Update docker-compose.yml
* Add thredUP case study to adopters page
* Fix confusing port example in standalone docs
* Add scopes description to the docs
* Remove duplicate YouTube link
* Add missing parenthesis in README
* remove sudo from yum install
* Update check.yaml
* Improve docs for per-session MFA
* Check if PR is from a fork before dismissing runs. (#9300)
* Add Security and UX sections to the canonical RFD (#9251)
* Fix CheckAndSetDefaults for UserTokenSecretsV3 (#9290)
* Trigger Assign workflow on opened and ready_for_review events. (#9272)
* Fix custom tsh home dir for some tsh commands. (#9240)
* simplify desktop access getting started guide (#9100)
* Prevent infinite dialing to Auth (#9254)
* Added more log lines to dismiss workflow.
* Add Teleport loadtest infrastructure and grafana dashboard (#9023)
* Fix sessions endpoint and remove namespaces (#9217)
* Fix make grpc (#9252)
* Add support for configurable KMS CMK keys for S3 SSE (#8354)
* Fix tsh ssh proxy for openssh client (#9219)
* `tsh db connect` do not respect TELEPORT_HOME (#9226)
* Fix incorrect paths in docker/Dockerfile. (#9164)
* Fixed error in assignment logic.
* Added extra logging to bot assignment.
* Bump x/crypto (#9205)
* Updated logic to find workflow by path.
* Updated code review assignment logic.
* Clear web terminal when session ends (#8850)
* Do not prompt for hardware MFA using `tsh` on Windows (#9081)
* Update e ref
* Create separate builds for CentOS7 (+fips)
* simplify connection establishment (#9098)
* Enhance LDAP desktop discovery (#9152)
* Add Azure access token auth support for Postgres/MySQL (#8951)
* docs: Fixes for pam_exec user creation script (#9001)
* Use t.Setenv in tests (#9154)
* Fix MySQL proxy handshake (#9161)
* Update fluentd.mdx
* Forwarding Access Logs using FluentD Video
* Google CloudBuild support (#9090)
* RFD 42 - S3 KMS Encryption (#8344)
* Fix misspelling
* Resolve potential data race (#9118)
* Resolve race in db tests (#9117)
* Clean up temp dir after app tests (#9119)
* Make the `tctl users update` command visible (#9080)
* Add public docs for active and recorded sessions "where" (#9084)
* Don't Dismiss Dismissed Reviews (#9094)
* Add Bot Logging (#9099)
* Refresh getting started guide to use TLS routing (#8988)
* Update docs for TLS routing (#9048)
* Keep Valid Reviews For External Contributors (#9067)
* Make Teleport startup resilient to invalid roles (#9062)
* docs: LDAP service account setup (#8875)
* teleport configure: generate web_listen_addr (#9066)
* Implement where conditions for active sessions (#9040)
* add --publid-addr --cert-file --key-file for teleport configure (#9033)
* Update reviewers (#9050)
* Update vendor
* Bump e (#9022)
* Expose endpoint for fetching single desktop (#9041)
* Add app metatada to app audit events (#8930)
* Updated Docker Quickstart/Labs.
* Request keypair from pool rather than directly.
* Move unimplemented client methods out of the api client. (#8972)
* Re-Request Reviews When Approvals Are Invalidated (#9037)
* Fixed Helm publishing.
* Updated Drone pipeline to build Teleport 8 images.
* Clean up DB integration test output
* [auto] Update AMI IDs for 8.0.0 (#9025)
* make update-vendor (#9017)
* Restart entire node on tunnel collapse (#8102)
* update gosaml2 dep (#8937)
* Fix dialing kube trusted cluser in v2 telport config (#8993)
* teleport.cluster.local cleanup (#7922)
* role labels use key instead of name
* update docs to reflect terraform provider changes
* Fix tunnel address for TLS routing if public tunnel address is present (#8961)
* [pr-buddy] helm: Add support for annotation on secrets generated by cert-manager (#8872)
* Updated build-darwin-* pipeline.
* Remove explicit "deny" from preset "auditor" role, make preset roles V4 (#8959)
* Update CODEOWNERS
* replace dgrijalva/jwt-go with golang-jwt/jwt (#8939)
* Prevent system roles from being created by a user (#8924)
* RFD 43: Database access configurator (#8896)
* Fix KUBECONFIG server name (#8940)
* [auto] Update webassets in master (#8963)
* Update username (#8968)
* windows ldaps port (#8932)
* RFD 45: RBAC where conditions for active sessions list/read (#8962)
* Assign Doc Reviewers to Pull Requests with Changes to `docs/` (#8938)
* Merge 'config-proxy' and 'proxy ssh' commands logic (#8920)
* Add brief TLS routing description
* Update CHANGELOG.md
* Bypass required reviewers (#8901)
* Add meta redirect for some routes (#8293)
* tctl: allow issuing app access certificates via `tctl auth sign` (#8717)
* Update check.go
* Use Hardcoded Map to Get Reviewers for Authors (#8928)
* Add user-facing documentation for WebAuthn (#8479)
* Improve SSH agent forwarding error message in proxy mode (#8829)
* Do Not Dismiss Commented Pull Request Reviews (#8912)
* Add space between reviewer usernames (#8905)
* remove checking if users exist
* RFD 44: RBAC `where` conditions for session recordings list/read (#8084)
* [auto] Update webassets in master (#8909)
* Fix race condition in integration tests. (#8888)
* Link libatomic on Linux
* RFD 9 (Locking): Update with latest developments (#7860)
* Update test plan (#8897)
* Fix the buildbox (again) (#8892)
* Fix ACME strict ALPN (#8869)
* Add RFD 43: Kubernetes Access Multiparty Sessions (#8510)
* Don't allow running Desktop Access in FIPS mode.
* Fix Rust buildbox (#8881)
* Rust & Desktop Access fixes (#8822)
* Use cgo.Handle for passing client refs between Rust/Go
* clarifying facet examples (#8705)
* Fix heartbeat for LDAP hosts
* Disable desktop access in Web UI in Cloud clusters (#8858)
* Fix tsh ssh proxy (#8826)
* Fix MFA for DB Access (#8796)
* Add dynamic registration and discovery guides (#8694)
* integration: name our subtests
* Fix typo in error check. (#8810)
* output of config is being included in copy/paste (#8855)
* Split auth.AccessPoint into variant specific interfaces (#8471)
* Update workflow files to run workflows in the context of master (#8728)
* Bring back previous u2f challenge response for web terminal (#8830)
* Update Go badge to 1.17 (#8841)
* Fix the client idle disconnect audit event for desktops
* Fix trailing whitespace
* Adds a test for scroll wheel
* updates keyboard test plan
* Include desktop access in test plan
* Fix mongo access with mfa and add tests (#8799)
* Fix reverse tunnel web ping call log severity (#8775)
* Update e-ref (#8819)
* Remove checking for error from session end in web terminal (#8797)
* Update rdp-rs to fix horizontal scroll + extended keys
* update to syntax change in terraform provider (#8782)
* [helm] Change path -> mountPath under extraVolumeMounts (#8806)
* [ami] Get wildcard DNS cert when using certbot/Letsencrypt with Terraform AMI (#8792)
* URL-encode Postgres username in connection string (#8771)
* Return created date with new recovery codes (#8777)
* [auto] Update AMI IDs for 7.3.2
* Update mac builds
* Update test plan (#8794)
* Set user verification to "discouraged" for WebAuthn (#8759)
* Add '+' to key sanitizer whitelist (#8396)
* flips struct ordering to match with tdp spec (#8753)
* Fix error message when direct dial fails (#8678)
* set packer version
* API release automation with go script (#8484)
* Fix race condition in PipeNetCon (#8643)
* Update e
* Ensure that Rust libraries are cleaned
* Update and mark WebAuthn RFD as implemented (#8751)
* Update TLS routing test plan scenarios (#8731)
* Make RegisterUsingTokenRequest a Protobuf type (#8690)
* Stop linking lcrypto and lssl
* Update e
* Add Rust to buildbox
* Add link to Teleport Changelog in helm chart repository site. (#8734)
* Include package-level failures in formatted test output (#8698)
* Fix event code duplication for PrivilegeTokenCreateCode (#8733)
* Update AWS CLI application access docs ref (#8634)
* Update docs per-connection MFA DB access (#8682)
* Add RFD 38 (#7769)
* RFD 31: Dynamic registration for apps and databases (#6787)
-------------------------------------------------------------------
Sat Mar 05 13:06:11 UTC 2022 - kastl@b1-systems.de
- Update to version 8.3.4:
* Release 8.3.4 (#10859)
* Backport #9556 to branch/v8 (#10825)
* Fix DynamoDB getAllRecords logic when 1MB query limit is reached (#10726) (#10847)
* Backport #10061 to branch/v8 (#10828)
* Open parts files one at a time
* Complete empty uploads
* Restore docs deply hook (#10839)
* Do not block apt publishing if there is a more current pre-release (#10806)
* Improve HA behavior of database agents in leaf clusters (#10641) (#10770)
* docs: update CA rotation page (#10419)
* Backport #10460 to branch/v8 (#10617)
* Print proxy server on instructions on nodes add command for cloud (#10749)
* Fix broken link
* Fix nindent of `service.spec` in teleport-cluster chart
* Update upcoming-releases.mdx
* TF provider configuration environment variables (#10417) (#10547)
-------------------------------------------------------------------
Thu Mar 03 08:20:49 UTC 2022 - kastl@b1-systems.de
- skip non-existing release 8.3.2
- Update to version 8.3.3:
* Release 8.3.3 (#10756)
* Clear terminal when auth server is in FIPS mode (#10095)
* Fix x11 server config issues (#10471) (#10758)
* [v8] Fix Mongo topology resource release (#10730)
* [v8] Sanitize leaf cluster CA (#10743)
* Fix artifacts path for build-darwin-amd64-pkg-tsh drone pipeline (#10601)
* Backport fixes to apt publishing logic (#10436)
* Add missing read verb to ListResources (#10421)
* [auto] Update webassets in branch/v8 (#10490)
* Add documentation for static windows hosts
* Disable BPF tests in CI (#10654) (#10680)
* [Docs update] Mention unsupported scenarios for IAM join method (#10530) (#10651)
* backport severity (#10667)
* update enterprise getting started (#10606)
* helm: Fix indenting on database autodiscovery (#10623)
* Update x11 sshserver test to test concurrent sessions and requests. (#10473)
* Add a Cloud compatibility warning to Helm guides (#10525)
* Restore teleport-private deb/rpm gating (#10537)
* Add a prominent warning to the config reference (#10524)
* Mention Teleport Cloud in some of our guides (#10526)
* [v8] Backport "helm: Revert PodSecurityPolicy change" (#10564)
* Ensure docs nav titles use title case consistently (#10353) (#10523)
* Address Cloud users in guides (#10527)
* docs: fix code block (#10495) (#10556)
* add teleport_connected_resources metric (#9603) (#10461)
* Add teleport_audit_emit_event prometheus metric (#9134) (#10462)
* helm: Add AWS database auto-discovery to teleport-kube-agent (#10344) (#10544)
* Expose tunnel public addr to config.js (#10514)
* Update config.json
* Fix server compare to check expiry last (#10464)
* Add PDB to teleport-kube-agent chart
-------------------------------------------------------------------
Sat Feb 19 21:00:05 UTC 2022 - Johannes Kastl <kastl@b1-systems.de>
- add webassets, change %build section to build with flags and include webassets
-------------------------------------------------------------------
Fri Feb 18 07:37:52 UTC 2022 - kastl@b1-systems.de
- Update to version 8.3.1:
* Release 8.3.1.
* Updated CHANGLOG.md.
* Revert "Add list,read for session to access role preset (#10382)"
* Add missing DatabasesReady event to DB proxy (#10152) (#10306)
* docs: Updated path to tctl/tsh for Enterprise binaries (#10429)
* [Backport v8] IAM Joining Docs: Set join_method in token.yaml (#10435)
* Update teleport docs to use 8.3.0 version (#10437)
* docs: add warning about auditor role (#10258) (#10395)
* Check for home dir as user. (#10418)
* Add Prometheus metrics cache events and stale events (#9826) (#10312)
* [v8] Revert Moderated Sessions docs (#10399)
* Update upcoming-releases.mdx
* Add list,read for session to access role preset (#10382)
-------------------------------------------------------------------
Wed Feb 16 08:03:42 UTC 2022 - kastl@b1-systems.de
- switch to 8.x.x line of releases
- Update to version 8.3.0:
* Release 8.3.0.
* Updated CHANGELOG.md.
* [v8] Desktop backports for 8.3.0 (#10357)
* backport #10368 to branch/v8 (#10377)
* Add Teleport Cloud instructions to 3 guides (#10308)
* Fix docker-compose Getting Started guide issues (#9709) (#10167)
* Fix tctl insecure flag when TLS Routing is enabled (#10361)
* improve lock tests
* improve Cache.ListNodes perf
* improve concurrent watcher registration perf
* bump backend limit
* Set role examples to v4 and add detail warnings (#10345)
* Sync cloud preview plans (#10317)
* Add the `cert.create` event (#9822) (#10222)
* [auto] Update webassets in branch/v8 (#10303)
* Add documentation for moderated sessions (#9425) (#10302)
* Add docs for IAM join method (#8899) (#10310)
* Don't return nil, nil in (*AuditWriter).tryResumeStream (#10298)
* Use an apt-key alternative in install instructions (#10276)
* Make our docs guidance discoverable (#10278)
* Document docs labels
* [Backport v8] IAM Join Method (#10263)
* Truncate label output in tsh ls and tsh app ls commands
* Add github teams to available traits
* Update config.json
* Update Docker image tags in docs (#9402)
* Update upcoming-releases.mdx
* Remove Teleport DB Users only message for tctl users ls (#10240)
* Modified FedRamp to FedRAMP in docs for proper acronym (#10116)
* Fix Doctests CI (#10117) (#10149)
* Release 8.2.0.
* Updated CHANGELOG.md.
* Removed `TestProxyReverseTunnel`.
* x11 forwarding (#9897)
* Cleaned up NewClient in integration tests.
* Fixed TestSessionStartContainsAccessRequest.
* Fixed TestDisconnection
* Add teleport_reverse_tunnels_connected Prometheus metric (#9698) (#10224)
* Expand cloud in production usage (#10221)
* Clarify `tsh config` usage docs on Windows (#10208)
* Restore DEVBOX in build.assets/Makefile (#10220)
* [v8] Use buildbox image from quay.io (#10178)
* Restore root user in CI buildbox (#10215)
* Tag build images with teleport8 instead of go version (#10211)
* (v8) Update config.json for 8.1.5 (#10200)
* Add metric tracking number of Teleport agents joined to cluster (#9749) (#10162)
* Backport #9907 to branch/v8 (#10198)
* Release 8.1.5 (#10194)
* Add xauth binary to buildbox for X11 forwarding. (#10164) (#10174)
* [v8] Update Documentation for GCP Cloud SQL Client Authentication (#10140)
* Release 8.1.4 (#10157)
* Dynamically resolve reverse tunnel address (#9958) (#10139)
* Revert "Emit event when connecting to non-Teleport server (#9370)" (#10156)
* Add teleport_build_info Prometheus metric to Teleport (#9595) (#10135)
* Update config.json (#10145)
* Backport #10124 (#10125)
* Release 8.1.3 (#10120)
* Backward compatible kubernetes_labels behaviour for v3 and v4 roles (#10127)
* helm: Allow setting issuer group for certificate in teleport-cluster (#9138) (#9812)
* Fix panic running TestIntegration/RotateChangeSigningAlg (#10048)
* Update version-check paths (#10119)
* Release 8.1.2.
* Updated CHANGELOG.md.
* fix tests - forwarder is not set during cluster session init anymore
* Turned http2 off for kube streaming endpoints.
* backport aws guide changes (#10106)
* Add guide for Azure Postgres/MySQL database access (#9729) (#10096)
* Respect errors from UserInfo (#9951)
* Enable canned ACL for S3 (#9042)
* [v8] Client Certificate Authentication for GCP Cloud SQL (#10059)
* Replace cluster periodics with watchers (#9609) (#9998)
* Make diag-addr in teleport help start unhidden (#9981)
* Update golang.org/x/crypto to v0.0.0-20220126234351-aa10faf2a1f8 (#9984) (#10015)
* Emit event when connecting to non-Teleport server (#9370)
* [v8] backport #9758 (access requests in audit log) (#9933)
* Add access request locks to the docs (#9983)
* [v8] backport #9697 (improved Google OIDC) (#9926)
* add extra checks to avoid getSigninToken failure (#9792) (#9964)
* backport #9133 to branch/v8 (#9867)
* Access request locks (#9478) (#9930)
* Fix k8 access - respect kube service labels (#9759) (#9955)
* [v8] Auto discovery aurora reader and custom endpoints (#9668) (#9965)
* tip on cloud and getting ports, added desktop port (#9971)
* [v8] backport #9501 (access requests in TLS certs) (#9922)
* Update upcoming-releases.mdx
* helm: Add logging configuration to teleport-kube-agent chart (#9632) (#9814)
* do not register Aurora serverless db clusters (#9386) (#9934)
* Fix TLS Router serverName 'kube.' prefix based routing logic (#9777) (#9902)
* Ignore artifact failures in remaining pipelines (#9932) (#9940)
* [auto] Update webassets in zmb3/v8-backports (#9906)
* Tweak the PNG encoder (#9817)
* Add an Error message to TDP (#9586)
* Reject TDP ClientUsername messages that are too long
* Fix first desktop discovery reconcile loop (#9654)
* docs: recommend a highly available LDAP endpoint. (#9744)
* Clean up system role parsing (#9756)
* Fix reverse tunnel dialing for Windows Desktops
* Ignore failures for artifact registration step (#9921) (#9927)
* Database auto discovery to be more tolerable to find as many as it can (#9426) (#9903)
* update RDS and Redshift CA URL (#9890) (#9904)
* feat: app server requests failover (#9288) (#9819)
* omit invalid aws tags in rds autodiscovery (#9742) (#9766)
* [auto] Update webassets in branch/v8 (#9872)
* Release 8.1.1.
* Updated CHANGELOG.md.
* Conditionally publish deb packages (#9783)
* [auto] Update webassets in branch/v8
* fix: removing new line convergance (#9579) (#9816)
* [docs] Add region and use of SSM decryption to Terraform docs (#8907) (#9813)
* Upload release binaries to new release infrastructure (#8722) (#9615)
* Add the `access_request.delete` event (#9552) (#9787)
* Fall back to "/" when home directory doesn't exist for `tsh ssh` (#9413) (#9662)
* [Backport V8] Treat EC2 Node IDs as UUIDs (#9833)
* Add info about upcoming databases to previews page (#9832)
* Forward TELEPORT_HOME to kubeconfig (#9760)
* [backport v8] force http2 kubernetes #9294 (#9796)
* fix dynamo error types
* [v8] Restores linting of non-go files in CI (#9664)
* backport #9656 to branch/v8 (#9746)
* backport terraform provider syntax changes to v8 (#9541)
* Run gpg in batch mode (#9730)
* [v8] backport #9607 (upgrade `go.etcd.io/etcd`) (#9733)
* Release 8.1.0 (#9675)
* Update e ref
* Update previews page (#9670)
* [v8]: Desktop Access backports for 8.1.0 (#9678)
* Sign rpm repo metadata (#9623)
* (v8) Add note about TLS routing backwards compatibility (#9631)
* Specify level of TLS verification for database connections (#9197) (#9659)
* Exclude Jitter from logging
* [branch/v8] update doc examples to change from admin role to editor,access (#9335)
* Update API client: dial auth service with TLS Routing (#9578)
* removes experimental note from example config (#9195) (#9526)
* Sign dronefile
* [v8] Disable drone triggers (#9313) (#9532)
* Add `--cluster` flag to all `tsh db` subcommands, Add "--diag_addr" flag to `teleport db/app start` (#9220) (#9518)
* Fix the UI to correctly determine if a user has access to a resource (#9473) (#9525)
* Fix tsh db connect mongo dbuser logic (#9445)
* Update config.json
* [v8] Skip tests on a docs-only PR (#9416) (#9510)
* Prevent Linear Retry from converging on Max (#9449)
* [v8] Use t.Setenv in tests (#9154) (#9428)
* Escape access request and access resolution reasons in tctl (#9381) (#9455)
* Release 8.0.7.
* Updated CHANGELOG.md.
* [helm] Re-add space after type in service definition (#9503)
* Fix initKube: broadcast KubeReady event (#9444)
* tool/tsh: support ID for `tsh play -f json`
* Added 12/17 Release Update.
* Restart teleport-kube-agent can't join cluster.
* add TLS routing support to helm chart
* Added log configuration to teleport-cluster chart.
* Added support for service.spec.loadBalancerIP.
* updted Helm install guide in installation page. - link to getting started with kubernetes access page to refer Helm which is more up to date guide - removed which shows deprecated warning
* Remove dronegen from Teleport 8.
* Update Drone pipeline to fix CentOS 7 repository.
* Added support for buildings CentOS 7 RPMs.
* Updated Enterprise reference.
* Update aws-console.mdx (#9480)
* simplify desktop access getting started guide (#9100) (#9467)
* Fix CryptoRandomHex function (#9186) (#9433)
* Fix app server goroutine leak (#9332) (#9459)
* feat: ListResources gRPC rpc (#9096) (#9458)
* [branch/v8] Backport #8840 (#9395)
* [Backport v8] Create a blast radius reduction guide (#9430)
* Clarify the Linux Getting Started guide (#9429)
* Avoid "Entering/Leaving directory" output in Make (#9246) (#9424)
* Add Videos to Teleport Desktop Access (#9374)
* [v8] Prevent infinite dialing to Auth (#9403)
* Do not parse MySQL server packets (#9411)
* Fix NO_PROXY addr logic (#9287) (#9394)
* Change invalid TOTP message
* Clear web terminal when session ends (#8850)
* Add synchronize event
* Trigger on ready_for_review event
* Don't run workflows on draft PRs
* Update which pull request events to trigger workflow on
* Fix confusing port example in standalone docs
* Release 8.0.6.
* Updated CHANGELOG.md.
* Update AWS CLI application access docs ref (#8634) (#9396)
* [auto] Update webassets in branch/v8
* Add WebAuthn and Active Session docs (#9390)
* [v8] Add ability to run Postgres and Mongo proxy on separate listeners (#9341)
* Post Release 1/4 (#9005)
* Ensure we don't miss the resolution of an access request (#9193) (#9338)
* Release 8.0.5
* Fix the CRL distribution point in Windows certs (#9299)
* Drone fix (#84)
* Release 8.0.4 (#9368)
* Add support for configurable KMS CMK keys for S3 SSE (#8354) (#9262)
* [backport v8] Fix sessions endpoint and remove namespaces (#9360)
* Fix tsh ssh proxy for openssh client (#9249)
* Release 8.0.1 (#9223)
* [v8]: desktop access backports (#9201)
* Do not prompt for hardware MFA using `tsh` on Windows (#9081) (#9198)
* Bump x/crypto (#9203)
* Update Workflow Config Files (#9207)
* Add Azure access token auth support for Postgres/MySQL (#9185)
* [Backport] Google CloudBuild support (#9090) (#9165)
* Fix MySQL proxy handshake (#9162)
* Refresh getting started guide to use TLS routing (#8988) (#9101)
* Add '+' to key sanitizer whitelist (#8396)
* Implement where conditions for active sessions (#9040) (#9076)
* Make Teleport startup resilient to invalid roles (#9062) (#9105)
* Update docs for TLS routing (#9097)
* Add app metatada to app audit events (#9056)
* Update CODEOWNERS (#9058)
* Restart entire node on tunnel collapse (#8102) (#9043)
* teleport configure: generate web_listen_addr (#9071)
* Add --public-addr --cert-file --key-file for teleport configure (#9049)
* Add meta redirect (#8980)
* Updated Docker Quickstart/Labs.
* Fixed Helm publishing.
* [pr-buddy] helm: Add support for annotation on secrets generated by cert-manager (#8872) (#9013)
* Release 8.0.0.
* Release 8.0.0-rc.3.
* Fix dialing kube trusted cluser in v2 telport config (#8996)
* Fix tunnel address for TLS routing if public tunnel address is present (#8995)
* Updated build-darwin-* pipeline.
* Remove explicit "deny" from preset "auditor" role, make preset roles V4 (#8959) (#8998)
* Release 8.0.0-rc.2.
* Updated CHANGELOG.md.
* backport bot improvements
* Merge 'config-proxy' and 'proxy ssh' commands logic (#8920) (#8958)
* Fix KUBECONFIG server name (#8940) (#8971)
* [auto] Update webassets in branch/v8 (#8965)
* windows ldaps port (#8932)
* tctl: allow issuing app access certificates via `tctl auth sign` (#8717) (#8941)
* Update e-ref (#8927)
* Improve SSH agent forwarding error message in proxy mode (#8832)
* [auto] Update webassets in branch/v8 (#8911)
* Link libatomic on Linux
* Fix the buildbox (again) (#8892)
* fix buildbox
* remove roletester toolchain
* Rust & Desktop Access fixes (#8822)
* Use cgo.Handle for passing client refs between Rust/Go
* Fix heartbeat for LDAP hosts
* Fix the client idle disconnect audit event for desktops
* Return created date with new recovery codes (#8777) (#8903)
* Release 8.0.0-rc.1.
* Fix ACME strict ALPN (#8869) (#8889)
* Don't allow running Desktop Access in FIPS mode.
* Fix tsh ssh proxy (#8826) (#8871)
* Fix MFA for DB Access (#8796) (#8870)
* Disable desktop access in Web UI in Cloud clusters (#8858) (#8873)
* Split auth.AccessPoint into variant specific interfaces (#8471) (#8859)
* Release 8.0.0-beta.3.
* Update Enterprise reference.
* Updated Go to 1.17.3.
* Add dynamic registration and discovery guides (#8862)
* comment out teleport configure output example (#8856)
* flips struct ordering to match with tdp spec (#8753) (#8814)
* Bring back previous u2f challenge response for web terminal (#8830) (#8844)
* Fix mongo access with mfa and add tests (#8800)
* Update rdp-rs to fix horizontal scroll + extended keys
* [helm] Change path -> mountPath under extraVolumeMounts (#8806) (#8825)
* [ami] Get wildcard DNS cert when using certbot/Letsencrypt with Terraform AMI (#8792) (#8809)
* Set user verification to "discouraged" for WebAuthn (#8759) (#8801)
* Fix reverse tunnel web ping call log severity (#8776)
* Remove checking for error from session end in web terminal (#8797) (#8816)
* Update mac builds
* Add link to Teleport Changelog in helm chart repository site. (#8780)
* URL-encode Postgres username in connection string (#8772)
* Release 8.0.0-beta.2.
* Update e
* Ensure that Rust libraries are cleaned
* Release 8.0.0-dev.33
* Update e to match branch/v8
* Stop linking lcrypto and lssl
* Add Rust to buildbox
* Fix event code duplication for PrivilegeTokenCreateCode (#8733) (#8743)
* Release 8.0.0-beta.1.
* Pin Packer version to 1.7.6
* Updated webassets reference.
* Update GH Actions Workflow Commands (#8724)
* Development Workflow Automation (#8116)
* Update app and database access test plan scenarios (#8718)
* Add missing aws certs (#8704)
* Fixed CentOS 6 builds.
* Add priority class name (#8669)
* add routing_strategy to config docs
* use RoutingStrategy enum instead of boolean flag
* Route to the most recently heartbeated node when there are duplicates
* improve tests
* fix nits
* remove OnlyRecent behavior
* ttl-based fallback caching
* server-side filtering
* Updated go.mod and re-vendored.
* Update Enterprise reference.
* Updated Go to 1.17.2.
* Make LDAP desktop discovery disabled by default
* Add timeout for RDP connections
* Fix missing webauthn json field (#8701)
* Align SNI routing logic (#8689)
* Align the user message printed during the 'tsh proxy db' command (#8681)
* [auto] Update webassets in master (#8697)
* Enable the Rust logger at the same level as the Go logger
* Ensure there are no '.' characters in dynamic desktop names
* Add Proxy listener mode and proxy v2 configuration (#8511)
* update certification link for boring crypto (#8676)
* Correct terraform guide example (#8630)
* Set expiry on LDAP-discovered desktops
* Allow tctl admin user to delete windows desktops
* Use a consistent, human-readable convention for static hosts
* Return obscured user locked error message (#8596)
* Fix port for listen_addr (#8624)
* userACL (#8560)
* Ensure that teleport start --roles=windowsdesktop works
* Fix mysql log spam (#8654)
* kubectl exec and port-forward requests use the right dialer (#8601)
* Fix ALPN SNI Proxy errors logs (#8506)
* Replace golint with revive (#8613)
* Fix ALPN protocol routing (#8526)
* Cleanup lint targets
* docs: updates for desktop access
* fix web_listen_addr example (#8650)
* AWS CLI access (#8151)
* Add constants for Windows-related timeouts
* Include RDP port for desktops discovered via LDAP
* Increase heartbeat period for Windows Desktops
* Label Windows Desktops correctly
* Label Windows hosts with teleport.dev/origin
* Implement AD host discovery
* Revert "Adds Rust 1.55.0 to CI buildbox (#8606)" (#8652)
* Add KindAuthConnector permission to editor role.
* Remove webassets before Enterprise images.
* Adds Rust 1.55.0 to CI buildbox (#8606)
* Add webauthn support for web terminal mfa prompt (#8642)
* Add agent support to Teleport AMIs for use with Terraform (#8387)
* Add CockroachDB guide (#8554)
* Added metrics for missing SSH tunnels.
* Automatically import RDS databases (#8481)
* fileconf: change LDAP config from password to password_file
* Use a separate event code for desktop session start failure
* Make unit tests write JSON test logs (#8351)
* Fix race condition in LoadBalancer (#8608)
* Include event type filter in Firestore query (#8403)
* Updated slack plugin instructions to allow for Teleport Cloud (#8540)
* tctl: allow comma-separated --windows-logins
* Misc desktop access cleanup
* Fix ExtractConditionForIdentifier handling of verbs, empty where (#8552)
* desktop access: add session start/end audit events
* Consistent webauthn JSON field naming for web (#8559)
* add watcher event metrics to docs and sort metrics alphabetically (#8491)
* Support traits for Windows Logins (#8585)
* Add CockroachDB support (#8505)
* Add RBAC for Windows desktop access (#8520)
* [auto] Update AMI IDs for 7.3.0
* fixed link, renamed img (#8573)
* Added joining nodes in AWS documentation.
* Desktop Access Beta documentation (#8504)
* Throttle DynamoDB event migration based on provisioned capacity (#8468)
* Desktop Access notes and comments (#8530)
* Refresh locking article (#8542)
* [auto] Update AMI IDs for 7.2.1
* Allow second_factor 'on' and 'optional' without U2F (#8498)
* Do careful nil handling on Webauthn proto conversions (#8501)
* Implement Simplified Node Joining (#8250)
* Implement where conditions for session recordings list/read (#8289)
* Expose SearchSessionEvents via proxy webapi (#8445)
* ALPN DB Proxy fix insecure flag (#8440)
* Notice on requiring kubernetes access enabled for agent (#8369)
* TDP: add mouse scroll support
* Publish Teleport CA to NTAuth store over LDAP (#8438)
* add IDs to upload events (#8453)
* Kube Proxy Forwarder handles kube services with same name (#8362)
* Add support for MFA for DB access (#8270)
* use aws sdk withcontext variants where possible (#8355)
* Fix GenerateHostCerts http fallback with LegacyCerts. (#8469)
* Adjust tsh language in regards to Webauthn (#8451)
* teleport-kube-agent: postgresql -> postgres in README (#8496)
* Update testplan for WebAuthn (#8480)
* Remove pre-v7 device migration logic (#8448)
* Remove 'deny' directive in example impersonation role. (#8399)
* Accept multiple SANs in tctl auth sign for databases (#8449)
* Release 8.0.0-alpha.1.
* Remove RoleConditions type alias from lib/services. (#8441)
* Adds OIDC logic for Ping Provider (#8308)
* Wire Webauthn disabled flag into yaml config (#8452)
* Auto-configure IAM for Redshift databases (#8348)
* Bug fix: Get user from logged in context (#8460)
* [auto] Update webassets in master (#8457)
* PIV authentication for RDP (#8408)
* Return preferred MFA method on ping endpoints (#8439)
* Auto-configure IAM for RDS databases (#8339)
* Update e-ref (#8446)
* Remove extra Audit records entry. (#8426)
* k8s misspelling (#8430)
* Update U2F App ID guidance in documentation (#8434)
* Specify platform when building our buildbox (#8429)
* Unify RBAC checking functions (#8407)
* Disable firestore tests by default (#8322)
* correct app name example (#8422)
* Implement attestation for Webauthn (#8392)
* Test Webauthn global disable flag (#8393)
* Migrate DynamoDB events to store fields as map type (#8292)
* [auto] Update AMI IDs for 7.2.0
* Set flush interval when forwarding application http requests (#8359)
* Update video to reflect RBAC changes and updates in Teleport 7 (#8301)
* Rename VerifyAccountRecovery and token ID proto fields (#8395)
* Watcher System Metrics (#8338)
* Reduce the number of tests that run in parallel.
* Revert e-ref (#8391)
* Require enterprise license for HSM support (#8370)
* Add additional context for Teleport Cloud users on how they can add the impersonator role to the user. (#8364)
* HSM Docs (#8000)
* Implement AddMFADeviceSync and GetAccountRecoveryCodes (#8287)
* Unify creating u2f, totp, and webauthn MFA register challenges (#8342)
* Fix ALPN SNI Proxy TLS termination for DB connections (#8303)
* Remove ClusterConfig resource (#8150)
* Add Webauthn support to ChangePassword and Ping (#8337)
* Bump version to 8.0.0-dev
* Update version.mk to set Helm chart versions.
* [forward-port] Teleport lab - open 3024 port in and copy changes.
* Implement User Privilege Token (#8076)
* RDPDR virtual channel implementation for smartcards (#8282)
* Add the DeviceType proto to Auth Service (#8336)
* Simplify MFA testing and favor Webauthn over U2F (#8334)
* Add a toy Webauthn web interface (#8326)
* Replace `log` with `logrus` in Webclient (#8328)
* move production and user manuals (#8341)
* improve graceful restart behavior
* [auto] Update AMI IDs for 7.1.3
* Add Webauthn devices via tsh mfa add (#8310)
* Splits admin guide into setup sections (#8324)
* Add app resource watcher/reconciler (#8228)
* Add API and CLI for managing application resources (#8185)
* ignore concurrent updates during tc load
* add .idea to .gitignore for jetbrains (#8311)
* fix double-init and buffer overflows
* Fixes for cert checker and Postgres config builder (#8251)
* host certs: pass the remote address along in the request (#8299)
* Tidy up Webauthn login and registration (#8283)
* Allow login over plain http in restricted situations (#7835)
* Creates ansible guide. (#8297) (#8298)
* Add support for `tsh ssh` on Windows (#7790)
* Disable colorized error formatting on Windows (#8227)
* Fix ConnectionMonitor DisconnectExpiredCert (#8288)
* Return unique error message (#8284)
* Support registration of Webauthn devices (#8278)
* Improve performance, reliability of firestore backend (#8241)
* RFD 41: Simplified Node Joining for AWS (#7292)
* Update role-templates.mdx (#8280)
* Improve FirestoreDB/KeepAlive test failure message (#8273)
* Add mysql port to config and service in Teleport Cluster Helm Chart (#8183)
* Fix node registration backwards compatibility (#8256)
* Avoid watching for new Locks with empty LockTarget (#8253)
* Update markdown table for kubeClusterName. (#8236)
* Removes line break (#8267)
* Fix linker flags in datalog CGO wrapper
* Export hasBuiltinRole and clusterFeature to use in e repo (#8261)
* Support custom paths for AWS roles in console access (#8224)
* Allow getting MFA authenticate challenge with recovery token (#8231)
* Add documentation for the nowait flag. (#8220)
* Allow deleting/listing MFA devices with recovery tokens (#8197)
* Add PublicAddr fix for kube service; Test that GetServerInfo gets kube public addr. (#8178)
* Implement Webauthn registration (#8226)
* correct role mapping in auth connector (#8242)
* Rotate Mac signing certificates (#8230)
* Introduce WebauthnDevice proto and registration messages (#8201)
* seo updates (#8247)
* Fix firestore (#8181)
* Convert GenerateServerKeys to GRPC (#8193)
* Add more context to the firestore backend test failure (#8223)
* Skip etcd prefix test if disabled (#8202)
* moves sso, labels and nodes to setup (#8216)
* Fix linter: remove unused code (#8214)
* Fix interactive sessions always exiting with code 0 (#8081)
* RFD 39: SNI and ALPN telepot proxy routing (#7280)
* ALPN SNI Proxy (#7524)
* Adds SOC2 guide from Travis and ports EC2 tags guide (#7788)
* Add VS Code guide and update docs for tsh on Windows (#8195)
* fix broken links in api client readme (#8125)
* Update the index.mdx file for Access Controls (#8129)
* New video banners for BPF work (#8130)
* Db access gui client improvements (#7950)
* correct license file name in k8s cluster getting started(#8188)
* Modified auth server example to only have one auth server (#8199)
* Add a global disable flag for Webauthn (#8191)
* Port backend tests to testify / fix racy tests (#8170)
* Expand error message on tctl enterprise usage (#8093)
* Expanded AWS Console examples (#8127)
* Account Recovery Token Getter and Create New Codes (#8177)
* Introduce app server and app resources (#8140)
* Pick a number for the Webauthn RFD (#8187)
* Support Webauthn challenges in tsh login (#8176)
* RFD: WebAuthn Support (#7808)
* LoadIdentityFileFromString (#8132)
* Implement CompleteAccountRecovery, Step 3 in Account Recovery (#8103)
* Implement ApproveAccountRecovery, Step 2 in Account Recovery (#8100)
* support empty string ca_pin (#8154)
* webclient: use the provided context (#7801)
* New videos for MongoDB Atlas and PostgreSQL (#8097)
* Require that public TLS and SSH keys are provided to register via token (#8135)
* correct port number example (#8168)
* Stop using ; as a separator in URL query strings (#8143)
* Unparallel racy test (#8142)
* Make TestLockWatcherStale more robust (#8134)
* Do not attempt to sign Windows builds on push (#8137)
* Sign tsh.exe on tag builds (#7897)
* Generate Windows-compatible OpenSSH config in `tsh config` (#7848)
* Wire Webauthn to login endpoints (#8094)
* Fix session URL displayed by `teleport status` (#8072)
* Correctly validate JWT CA on bootstrap (#8119)
* Dynamically register/unregister database resources (#7957)
* Implement StartAccountRecovery, Step 1 in Account Recovery (#8095)
* auth: remove DataDir from RegisterParams (#8110)
* Mask token in logs (#7955)
* Update Architecture Docs link in Readme (#8107)
* Cleanup docs on users and roles (#8098) (#8099)
* Access & Review request docs (#7791)
* Add kube-cluster env for tsh (#7867)
* Adapt lib/auth/webauthn to Identity and type changes (#8082)
* API workflows example (#6827)
* Connect proxy <-> windows_desktop_service <-> RDP server (#7990)
* Move newly-added Webauthn tests out of gocheck (#8074)
* Lint and fix missing license headers (#8075)
* [RC 2] Extend GetMFADevices to accept tokenID (#8036)
* Implement Account Recovery Codes (#8034)
* Update e (#8073)
* Add the WebAuthn user ID to LocalAuthSecrets (#8013)
* Implement WebAuthn login (#8009)
* Add support for WebAuthn configuration (#7949)
* Move and expand troubleshooting section (#8052)
* RFD 32: Datalog based role tester (#6818)
* Update e-ref for access tester (#8068)
* Datalog based access tester (#7543)
* Repeatable test naming (#8018)
* [auto] Update AMI IDs for 7.1.0
* Update impersonation docs (#8053)
* update e-ref
* adding environment variables (#7954)
* Add support for a profile specific kubeconfig file. (#7840)
* Add docs for the locking feature (#7967)
* update e-ref
* disable build determinism in centos6
* Exclude tar flags for non-Linux platforms.
* pipefail in make shell
* Add Webauthn SessionData persistence to Identity (#8012)
* RDP client implementation (#7824)
* Add link to Access Requests page (#8021)
* Switch bash to code component (#8019) (#8029)
* Removed 443/3080 port from tsh login examples (#8016)
* Ensure that test-root is marked as a PHONY target (#7847)
* helm: Set correct fsGroup in teleport-kube-agent chart when using persistent storage (#7804)
* Add imagePullSecrets in kube-agent chart (#6941)
* helm: Make auth type configurable (#7508)
* Add abilty to configure postStart handler for teleport-cluster chart (#7168)
* allow websocket connections to the same host (csp) (#7929)
* Update docs codeowners (#7998)
* Sasha/fwd user (#7996)
* Teleport Database Video Banners (#7977)
* fix agent forwarding test on macOS (#7784)
* fix parent shard tracking
* Add WebAuthn protocol buffers (#7923)
* Fix windows_desktop_service keepalives (#7987)
* Fix make update-vendor on macOS (#7910)
* Add support for PDB with the teleport-cluster helm chart (#7138)
* Allow teleport-cluster-agent chart to use an existing volume for the data directory (#7096)
* Add file configuration for HSMs (#7959)
* Add support for HSM CA rotation (#7862)
* Add support for multiple CA pins (#7905)
* Add support for nowait on requests. (#7895)
* Split UpsertWindowsDesktop into Create/Update
* Address review comments, batch 1
* Windows desktop service boilerplate
* [auto] Update webassets in master (#7917)
* RFD 34: clarify windows host discovery
* add conversion code for billing information update events
* Fix incorrect zero value setting for web idle timeout (#7926)
* Port Darwin CI pipelines to Dronegen (#7688)
* Add MongoDB Atlas guide (#7864) (#7951)
* Vendor our logrus fork to fix data race (#7940)
* Don't log warning for all remoteSite.periodicUpdateLocks failures (#7908)
* Allow custom webassets path if debug mode is on (#7925)
* Make TestAuthorizeWithLocks* more robust (#7909)
* correct tsh proxy alias (#7902)
* fix race in etcd test
* Make srv.TestMonitorStaleLocks more robust (#7877)
* Emit audit events on lock upsert/delete (#7752)
* Introduce `tctl lock` command (#7809)
* Send web idle timeout with new web session response (#7839)
* Update protobuf compiler release link
* Update Drone pipeline for Teleport 7.
* [auto] Update AMI IDs for 7.0.2
* Reject cert generation requests for locked-out users/hosts (#7746)
* Sasha/fwd fixes (#7881)
* API client tunnel address discovery fix (#7533)
* Check out code to use for building Teleport lab image (#7879)
* Remove initial 'v' from Teleport version tag (#7878)
* Re-add GetLock methods for auth server cache (#7861)
* Add curl for teleport-lab image build step (#7876)
* Dead code removal (#7851)
* Rename ResetPasswordToken to UserToken for general use (#7681)
* Handle stale lock views with strict/best-effort modes (#7798)
* Various fixes to SAML encryption key handling for SSO (#6767)
* Update Enterprise reference.
* Reduced shared library dependencies.
* Updated CHANGELOG.md.
* Do not exit teleport when unable to enumerate k8s cluster (#7523)
* Replicate locks to remote clusters (#7737)
* ClusterConfig fallback (#7702)
* Adding database resource API and tctl commands (#7792)
* Fix soundness issues in uacc (#7785)
* fix stale event logging
* fix memory backend mirror behavior
* Added Admonition for postgres sql and tls (#7777)
* Decouple database server from database (#7771)
* Fix client.New race condition (#7774)
* Do not deny logins in `isMFARequired` (#7739)
* Update download query param filter for mac (#7778)
* Fix CHANGELOG header indentation (#7789)
* Ensure defaults are set for DB integration tests (#7787)
* Use KeyStore instead of raw keys with CAs (#7615)
* Fix tctl db resource UT (#7760)
* Move session recording section to RFD 33
* Small tweaks based on review feedback
* RFD 33-37: Windows desktop access
* Update SSO guides (#7671)
* Reference docs for AuthPreference (#7503)
* Add Restricted Session docs (#7673)
* Update docs/pages/includes/permission-warning.mdx
* be more explicit about non-root user
* Update PAM page (#7719)
* Update DNS instructions in the AWS+EKS+Helm guide (#7672)
* rollback - Upgrade api version. (#7751)
* Add hsmKeyStore implementation (#7614)
* Reset event checkpoint key property for non sub-page breaks (#7638)
* RFD 9: Locking (#7286)
* Mount teleport-tls to the init container for the teleport-cluster helm chart (#7166)
* Add support for tctl get/rm DB resource (#7558)
* mtls metrics service (#7079)
* Updated Enterprise reference.
* Updated BPF asset embedding.
* Improved build determinism.
* [auto] Update webassets in master (#7732)
* Upgrade api version. (#7609)
* Add missing kubeClusterName value in teleport-cluster helm chart (#7620)
* Update the GCP+GKE+Helm guide (#7720)
* config: Change mentions of kubeconfig_path -> kubeconfig_file (#7646)
* clarity around ansible config for teleport (#6418)
* Update test plan (#7639)
* Enforce locks in auth.Authorize (#7625)
* [auto] Update webassets in master (#7716)
* ImplicitRole doesn't have wildcard labels (#7645)
* Add KeyStore interface with rawKeyStore implementation (#7613)
* Mark RFD 28 (ClusterConfig reorg) as implemented (#7706)
* Fix ClusterConfig caching with pre-v7 remote clusters (#7698)
* aws: Add s3:ListBucketMultipartUploads permissions to IAM policies (#7664)
* docker: Automatically build teleport-lab image nightly based on latest Teleport version (#7692)
* Add AWS console guide (#7640)
* Try mini-diagrams and update launchpad titles (#7684)
* AWS console access (#7590)
* Add MongoDB Compass GUI guide (#7658)
* Replace GenerateSelfSignedCAWithPrivateKey with GenerateSelfSignedCAWithSigner (#7612)
* Apply locks to connections tracked by srv.Monitor (#7506)
* Replace make tag with updated make update-tag. (#7627)
* Fixed performance issues with the Web UI.
* Tweaks, update and k8s agent getting started (#7656)
* [auto] Update webassets in master (#7653)
* fix init event emission
* improve shard iteration
* Removes double quotes from acme examples in docs (#7642)
* Add `tsh config` helper to generate OpenSSH client configuration (#7437)
* Tweak and add a few instructions regarding Audit Log testing (#7643)
* add support for running agent helm chart on persistent volume (#7123)
* Update test plan (#7617)
* improve etcd event processing
* concurrent queue
* [auto] Update webassets in master (#7621)
* Use web listener for web server (#7619)
* Remove GetLock methods from Cache/ReadAccessPoint (#7593)
* Tidy up trait application in `Role`. (#7562)
* Fix profile credential loader known_hosts (#7532)
* API Client UX fixes (#7521)
* Adds WebClientTimeout to config (#7497)
* Fall back to old CA schema when retrieving keys and certs (#7603)
* Fix RBAC verbs checked for SetSessionRecordingConfig (#7466)
* Adds Message of the Day (#7396)
* Updated Enterprise reference.
* Updated Makefile to fix FIPS BPF issues.
* Include O in MongoDB certs and improve some errors (#7575)
* set cluster name in lab (#7579)
* Update cloud and add U2f guide (#7585)
* Add restricted session
* [auto] Update webassets in master (#7580)
* Update upcoming-releases.mdx (#7584)
* Make reference deployments more visible (#7583)
* ListNodes limit exceeded test timeout fix (#7464)
* Make commands more obvious (#7510)
* Adds Teleport lab. (#7480)
* RFD 27: mtls metrics (#6469)
* Use descending order as default in webapi (#7550)
* [auto] Update webassets in master (#7551)
* Address security design review. (#6769)
* docker: Add libelf1 as a dependency for building Teleport container images
* Fixed vendoring issue.
* Update ssh-pam.mdx (#7536)
* libbpfgo has been moved out of tracee
* Better handling of database access IAM errors (#7525)
* Fix potential infinite loop in GetTrustedCertsPEM (#7540)
* Implement an API for exporting session events (#7360)
* aws: Add updates to AMIs for database access (#7487)
* allow overrides of the AWS config for the service in the helm chart (#7287)
* Update CODEOWNERS.
* Allow querying for audit events in either an ascending or descending order (#7425)
* Add MongoDB guide, MySQL Cloud SQL guide and other 7.0 docs updates (#7350)
* integration: Add teletest namespace and instructions for Kubernetes tests (#7447)
* [firestore] Set the cursor to empty when the end is reached (#7448)
* Generalize ProxyWatcher to monitor other resources (#7489)
* Release 7.0.0-beta.1.
* Remove unnecessary sudo commands (#7505)
* Add event handler (#7470) (#7485)
* Update CODEOWNERS
* Disable nonlocal SetClusterAuditConfig calls (#7465)
* Introduce Lock resource (#7430)
* Fixes racy backend test suite (#7481)
* Use ssh.Signer instead of raw private keys (#7438)
* Fixed issue that could cause commands to hang.
* Paginated rpcs - Replace GetNodes with ListNodes (#7415)
* [v7.0] docs: port of edit pass 7/9 (#7401)
* docs: port of 7321 (#7399)
* [v7.0] docs: update steps 2 (#7394)
* docs: port to 7.0 (#7373)
* [v7.0] docs: readme fixes (#7393)
* enable json logging in the config (#6964)
* Remove AWS OSS Guide Page (#6150)
* Update API RFD. (#6764)
* Configure env for teleport-cluster chart (#7167)
* Allow setting diagnostics address via config file (#6865)
* aws: Update reference deployments to handle timesearchV2 format (#7435)
* docs: Fix typo in MacOS Terraform provider instructions (#7426) (#7440)
* add support for dynamodb backups in helm chart (#7288)
* Reduce Flakiness in TestAgentForward (#7236)
* Bump e ref (#7434)
* Add Video guide to server access page (#7429)
* bpf: Add build support to FIPS Dockerfile (#7407)
* Fixes racey tests in `tsh` (#7416)
* Update tsh join (#7319)
* drone: Disable CentOS 6 FIPS builds for Teleport 7.0+ (#7408)
* Adds custom timeout message to SSH sessions (#7120)
* Automatically download Cloud SQL root certs (#7397)
* Make CSP more strict (#7390)
* Fix ping endpoint when proxy has multiple public addrs (#7368)
* Parse AWS info from RDS/Redshift endpoint (#7385)
* Update codeowners (#7398)
* licensed message check changed for application access
* Fixed error check
* Update kube.go
* Update db.go
* Update db.go
* db license message
* app access license message
* Update kube.go
* Modify language to say license instead of supports for features
* hsm: fix CA migration for trusted clusters (#7348)
* docs: readme updated (#6976)
* Fix occasional data race when testing dynamically configurable resources (#7374)
* Add MongoDB database access support (#7213)
* [auto] Update webassets in master (#7381)
* drone: Resign pipeline for drone.teleport.dev (#7367)
* Update e ref. (#7364)
* Relax ClusterName validation to allow ClusterID migration (#7363)
* docs: port to 7 (#7361)
* Add Cloud SQL MySQL support (#7302)
* CheckAndSetDefaults sets all defaults. (#6846)
* API version generated file (#7157)
* Remove SetTTL methods in favor of SetExpiry. (#7234)
* gRPC conversions - Auth Preference (#7220)
* Move ClusterID field from ClusterConfig to ClusterName (#7050)
* Perform event name filtering inside the database in the DynamoDB driver (#7231)
* Cleans up and moves session recording section (#7341)
* Add docs section on `provider` field in SSO connectors (#7339)
* Adds per-node ability to disable ssh TCP forwarding (#6989)
* Updated OIDC connector to return not found.
* tsh play --format (#7331)
* hsm: migrate CA storage schema (#7245)
* Add workaround for Ping SAML auth requiring signing headers (#7297)
* Limit event search responses sizes to not exceed gRPC limits (#7266)
* remove no rbac in oss admonition (#7322)
* [v7.0] docs: port of edit pass 2/9 (#7173)
* [v7.0] docs: port of edit pass 3/9 (#7187)
* [auto] Update webassets in master (#7237)
* [v7.0] docs: port of edit pass 5/9 (#7316)
* [v7.0] docs: port of edit pass 1/9 (#7158)
* Better handle database access HA scenario (#7293)
* Add gRPC conversion support for BillingCard events (#7303)
* docs: port from 6.2 (#7300)
* Downgrade V4 roles to V3 at webapi endpoints (#7289)
* Turn AuditConfig into a standalone resource (#6997)
* drone: GOCACHE and `docker:dind` fix, round 2 (#7281)
* Terraform reference (#7291)
* Update Teleport Cloud -> Teleport Pro (#7282)
* define diag ports in helm (#7212)
* grpc: call trail.ToGRPC from gRPC interceptors (#7217)
* Add V4 Roles (#7118)
* Add regexp.replace support in role templates (#7152)
* teleport-kube-agent: Support multiple installations in a single cluster (#7057)
* [v7.0] docs: fix dot (#7095)
* Get startKey from query params and return startKey for clusterSearchEvents (#7228)
* drone: Add missing GOCACHE path for `make image-ci` (#7206)
* Remove remaining API aliases (#7137)
* Make SessionRecordingConfig resource dynamically configurable (#7054)
* Moves SSH tests to testify/testing package (#7119)
* Update profile credential loader to work with tsh v6.0. (#7142)
* [backport 7.0] Correct reference to helm chart in teleport kube agent install (#7209)
* Move ClusterConfig auth fields into ClusterAuthPreference (#6876)
* Introduce modules.ValidateResource for Cloud-specific validation (#7092)
* Update terraform-provider.mdx (#7192)
* docker-compose: Update default images used to version 6 (#7055)
* OSS vs Enterprise (#7169) (#7175)
* Pin dind version and remove GOCACHE from push pipelines (#7193)
* Added GOCACHE to push pipelines.
* Remove API aliases (#6983)
* docs: port of 6871 (#7091)
* Make ClusterNetworkingConfig resource dynamically configurable (#7013)
* Emit backward compatible ClusterConfig events (#6836)
* Skip the app.session.request event from AuditEvent (#7011)
* Add support to configure `tsh` directory for data (#7035)
* Remove the need for `--proxy` for session playback (#7052)
* Expand client tests with mock server (#7004)
* makefile: explicitly set SHELL to /bin/bash
* Improve Access Request Events (#6863)
* Add delay in TestRootLeafIdleTimeout test (#7116)
* Buddy: https://github.com/gravitational/teleport/pull/6250 (#7165)
* Fix file event driver inconsistencies (#7073)
* Initial terraform guide (#7136) (#7149)
* Fix flaky DB UT (#7139)
* Updated Enterprise reference.
* bpf: Disable failing builds
* docs: port api changes (#7031)
* docs: links for gsuite (#7070)
* Couple app/db access docs updates (#7128)
* [backport v7] Describe usage of TELEPORT_CONFIG_FILE in faq and cli page for remote tctl usage #6866 (#7067)
* buddy: scp Is Not Parsing user@node Properly (#6927)
* Remove JSON schema validation (#6685)
* Fix variable shadowing error causing migration slowdown (#7097)
* rpm: Don't include build-id artifacts in packages (#7080)
* Support disconnect_expired_cert for database access (#6857)
* Updated vendoring of tracee/libbpfgo.
* Move from BCC to libbpf with CO-RE.
* docs: Update post-release checklist (#7056)
* Teleport Server Access Intro Video (#7087)
* docs: Improve label documentation for db_service via teleport-kube-agent (#7077)
* Improve RFD 24 Dynamo migration efficiency and performance (#7012)
* keypaths package (#6848)
* [v7.0] Port of 6.2 Server Access Section (#6936)
* Ports some integration tests to Testify/Subtests (#6884)
* Add Demo video to dual-auth and per session mfa (#7063)
* [auto] Update webassets in master (#6977)
* teleport-kube-agent: Add support for annotations.serviceAccount (#7060)
* Updating teleport-quickstart.yml to latest release (#6970)
* Update AMI IDs for 6.2.0 (#7037)
* Make utmp support best-effort
* Stop registering a Kubernetes cluster named after the Teleport cluster (#6786)
* Allow users impersonating database service generate database certs (#7024)
* helm: Don't package/update old teleport chart (#6902)
* Log traits to role mapping warnings on case-insensitive matches (#6209)
* docker: Restore Firestore emulator (#6901)
* changelog: add a note about DynamoDB migration performance in 6.2.0
* Return unique kube cluster names when retrieving for ui display (#7002)
* Resolve test issues and event driver bugs (#6990)
* Variable exporting fix on AWS Terraform Guide (#6973)
* docs: delay 6.2 release on upcoming releases page
* Fixed IBM Cloud AppID SSO integration.
* Fix tclt --auth-servers flag panic. (#6980)
* Update tctl docs to include new global flags and remote functionality. (#6771)
* Updated CHANGELOG.md.
* mfa: user server instead of log context.Context for audit events
* docs: improve best practices (#6809)
* RFD 28: Cluster configuration related resources (#6472)
* Add event handler for access request review event (#6966)
* helm: Fix antiAffinity in teleport-cluster (#6944)
* [v7.0] docs: update certbot section (#6697)
* [v7.0] docs: update version in install and getting started guides #6810 (#6853)
* docs: port make language consistent for versions (#6854)
* docker: Override GOMODCACHE to always use a writable location (#6899)
* Update test plan (#6934)
* Applying suggestion
* Re-enables `--k8s-users` & `--k8s-groups` in tctl users add
* Buddy: Exit non-zero on tsh status for scripting. (#6957)
* Update test plan (#6947)
* docs: Update docker tags to use latest 7.x version tag (#6911)
* mfa: strip trailing newline when reading TOTP codes (#6948)
* Handle UserUpdatedEvent in event deserialization code (#6949)
* Introduce SessionRecordingConfig extracting fields from ClusterConfig (#6708)
* [auto] Update webassets in master (#6921)
* etcd: use a separate connection to check peer versions (#6905)
* Add `tctl rm cap` for resetting cluster auth preference to defaults (#6801)
* lazy init of prometheus collectors (#6561)
* AuditLog/grpc server data race (#6170)
* Application and database access documentation updates (#6932)
* Bump e-ref (#6925)
* Add kube/db ui testing steps to test plan (#6926)
* make update-vendor: run 'go mod tidy' in api/
* Add CheckAndSetDefaults call to UnmarshalAuthPreference (#6898)
* Add missing database cli flags (#6739)
* Update e ref to master (#6906)
* Implement RFD 19: Event Iteration API (#6731)
* tsh: Return more descriptive error on unimplemented grpc server method (#6812)
* Fix typo in trusted clusters docs (#6904)
* helm: Fixes for Linux/Mac interoperability (#6891)
* Don't pull docsbox image if it's already present (#6228)
* Remove http.NoBody check for web renew token endpoint (#6893)
* RFD 21 (Cluster Routing): Mark as implemented (#6835)
* helm: Adds 'aws', 'gcp', 'standalone' and ‘custom’ modes to `teleport-cluster` chart (#6344)
* docs: Add Helm guides (#6390)
* Update lib/client/api.go
* Review feedback
* More review additions
* Review feedback
* Doc fix
* Addressing review feedback
* Addressing review feedback
* Address review feedback
* Adds concurrent default-port selection to `tsh`
* Add sudo to systemd example commands (#6603)
* Add `session_recording` field to session start and end event (#6664)
* Forbids use of --insecure in FIPS mode (#6191)
* Move CheckAndSetDefaults definition to types.Resource (#6825)
* Revert TLS cert usage for database certs
* client: set TLS certificate usage for k8s/app/db certs (#6824)
* Update admin-guide.mdx Teleport Upgrade section for clarity around the 4.4.x to 5.x transition (#6841) (#6842)
* Making log lines proper sentences. (#6772)
* YAML formatting (#5817)
* Update CODEOWNERS
* Update CODEOWNERS
* Update locks.tf (#6798)
* Gives inline info for Google Service account for SSO (#6728)
* mfa: fix startup crash when SSO users with MFA expire (#6779)
* Generate MinClientVersion based on server Version (#6018)
* docs: update merge-kubeconfigs.sh reference to master
* Emit session end event when completer finishes upload (#6756)
* Align atomics to prevent segmentation faults on ARMv7 (#6711)
* Stop changing kube context by default on tsh login (#6721)
* Introduce ClusterNetworkingConfig extracting fields from ClusterConfig (#6638)
* Add GetNode endpoint. (#6539)
* Implements RFD-0022 - OpenSSH-compatible Agent Forwarding (#6525)
* Remove whitespace
* Add configure u2f for mfa test and add switchback test
* Edits
* Edits
* Update test plan for access request and mfa
* Handle missing IdP trait in PAM interpolation. (#6558)
* Use cmp.Equal instead of manual Equals methods (#5828)
* Add app access headers rewrite (#6601)
* RFD 12: clarify that the versioning scheme is not strict (#6518)
* Fix error in docs (#6070)
* Implement RFD 24 for alternative DynamoDB event indexing (#6583)
* Delete user k8s, etc. certificates on re-issue (#6492)
* Clarify node connection debug logs. (#6722)
* Check cloud feature before setting billing access for web (#6537)
* Create GET db and kube list web handlers (#6672)
* Updated CHANGELOG.md.
* [auto] Update webassets in master (#6723)
* ami: Update InfluxDB version to 1.8.5 (#6741)
* Updated TLS handshake timeout.
* Fix non-interactive ssh output in teleport log
* Remove webassets.zip file before builds in Makefile (#6595)
* Upgrade api's trace dependency to 1.1.15 (#6341)
* mfa: only reject last device deletion of correct type (#6656)
* Update README.md (#6712)
* Delete unused RoleWeb
* Fix missing quotes in CLI Adoption Survey (#6648)
* docs: renamed (#6624)
* docs: correct tables (#6618)
* Draft account lifecycle (#6473)
* Proxy line support for mysql (#6594)
* kube: handle large number of trusted clusters in mTLS handshake (#6519)
* docs: add a version disclaimer to per-session MFA guide (#6626)
* Switch to tiles (#6611) (#6660)
* docs: bump 6.2 release date to May 21st (#6652)
* mfa: cancel TOTP prompt if U2F was used (#6542)
* k8s: add merge-kubeconfigs.sh script (#5677)
* Propagate external traits to leaf clusters (#6540)
* Teleport opt-in adoption survey (#5505)
* gRPC conversions - Nodes (#6535)
* [auto] Update webassets in master (#6646)
* Add additional Prometheus Metrics (#6511)
* docs: reword (#6629)
* mfa: prevent the user from deleting the last MFA device (#6585)
* mfa: better OTP registration flow on CLI (#6567)
* Fix test requiring gcp credentials (#6608)
* Handle `tctl get`'s input ref more strictly (#5818)
* RFD 16: Specify RBAC verbs needed for the tctl operations (#6463)
* Update descriptions for labels and diag-addr parameters for Teleport (#5762)
* Fix doc comment for Rule.HasVerb (#6598)
* [v7.0] Merge style guide into docs (#6577)
* Provide a dedicated API endpoint for app FQDN resolving (#6449)
* Add redshift auth support to database access (#6479)
* Add `tctl create cap` for dynamically configuring cluster auth preference (#5635)
* Create SECURITY.md
* Revert "Node session race (#6195)"
* Improve error message for timeout errors (#6343)
* forward-port 6.1.2 CHANGELOG (#6553)
* Node session race (#6195)
* [v7.0] Backport of editorial changes from v6.1 (#6564)
* Update Go version requirement in README (#6555)
* Adds releases preview (#6533)
* [v6.1] Editorial Pass/Review - Home (#6544)
* [auto] Update webassets in master (#6532)
* Adding postgres_public_addr and mysql_public_addr (#6426)
* docs: fix typos in sample roles in MFA guide
* Enforce strict teleport.yaml validation (#6520)
* Update Dockerfile (#6499)
* Update per-session-mfa.mdx (#6531)
* correct dir reference in build instrs for slack plugin (#6527)
* Misspelling (#6503)
* Teleport Slackbot for latest slackbot (#6522)
* Improve process connection error handling and logging (#6471)
* Refactor api package and docs to use pkg.go.dev effectively. (#6388)
* Remove teleconsole reference in README (#6509)
* Convert types.AuthPreference into a proto definition (#6510)
* Wait for key agent to stop between key agent tests to improve reentrancy (#5342)
* RFD-0022: Key Agent Forwarding (#6168)
* [web] Add ability to switchback to default roles/expiry (#6373)
* Revert "[web] Check for cloud feature before setting billing access (#6465)" (#6500)
* oidc: allow non-GSuite OIDC providers from Google (#5820)
* Update Terraform examples provider (#6332)
* set correct auditlog instead of discard (#6431)
* Update region list for AWS AMI publishing (#6282)
* RFD 0: elaborate the deprecated state (#6468)
* RFD 25: Hardware security module (HSM) support
* Fix missing $ in token example (#6482)
* [v7] cloud getting started updates (#6481)
* [web] Check for cloud feature before setting billing access (#6465)
* remove grafana pass var repeat
* Always generate user certificates with RouteToCluster (#6115)
* Implement alternative reverse tunnel address support and add a test case. (#6056)
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Phrase review the main README.md file
* Update go-client to user new API client with tsh profile loader. (#6310)
* Moves license_file to the correct section and adds unit test (#6420)
* tctl: Return error if profile key is not for the root cluster (#6450)
* Move introductions to the appropriate sections (#6456)
* Fix infinite recursion in client.Config.WebProxyHostPort
* Test flakes: use ordering tests for keep alives (#5358)
* Capture postgres extended protocol messages in audit log (#6303)
* [auto] Update webassets in master (#6436)
* Added reverse tunnel port info to teleport-kube-agent readme (#5621)
* RFD 0026 - Custom Approval Conditions (#5071)
* Update docs on oidc prompt logic for 6.1+. (#6427)
* RFD 24: DynamoDB Audit Event Overflow Handling (#6359)
* Forward-port 6.1.1 CHANGELOG (#6417)
* RFD 16: Reserve the `origin` label for system use (#6157)
* drone: allow ARM builds in reprepro config (#6392)
* Set status of RFD 18 to implemented. (#6358)
* Add new syntax description to the docs (#6384)
* Rename images to match logical pixels (#6381)
* Add OpenSSH Video (#6371)
* Documents dual authz with Mattermost (#6400)
* Updated CHANGELOG.md. (#6345)
* Update some variables and links (#6367)
* Documents impersonation (#6293) (#6365)
* Added Cloud Billing FAQ (#6363)
* docs: document per-session MFA feature (#6285)
* client: load all SSH certs when connecting to proxy
* helm: Improve linting and add log level override (#6330)
* improve cert rotation periodics
* Add DialOpts and CallOpts to API client. (#6301)
* Fix tctl profile loading logic by adding WithSSHCerts certOption. (#6336)
* Always set an AuditLog (#6326)
* Propogate user not found error from authenticater. (#6304)
* web: fix AccessRequest loading on user cert reissue (#6264)
* v7.0 syntax update (#6314)
* [auto] Update webassets in master (#6324)
* Update Google Workspace and Okta Docs (#6267)
* [auto] Update AMI IDs for 6.0.2 (#6283)
* add fix
* Remove unused * from Roles output. This was a leftover from a old message about roles and enterprise version. (#6258)
* Close leaky direct client. (#6297)
* tsh: handle missing cluster name in profile (#6257)
* Don't use OpaqueAccessDenied with CheckAccessToRule (#6246)
* Make authToken optional if secret exists (#6273)
* Revert "darwin fips builds (#5866)" (#6265)
* Delete obsolete stored keys in LocalKeyAgent.AddKey (#6251)
* Fix regression bug for DynamoDB scaling policy names (#6259)
* Adds encrypted token docs (#6266) (#6269)
* dronegen: add buildboxes (#6197)
* GitLab Instructions for SSO (#6190) (#6262)
* Ensure webassets are present when running 'make full' on a fresh clone (#6231)
* Parse all CAs in CertPoolFromCertAuthorities
* Refactor ssh.ClientConfig used by tctl and API clients to use the first valid principal as User.
* Update Architecture Overview With Link To User Roles (#6224)
* Add `lint-api` target and fix lint errors (#6169)
* ssh: fix relogin with jumphosts (#6213)
* drone: use emptyDir for /var/lib/docker filesystem and prevent repetitive docker pulls (#6145)
* Remove ARM64 FIPS builds (#6236)
* tsh Profile SSH certs fix (#6214)
* mfa: fix gRPC unimplemented check in cert reissue
* Open Sources Access Controls Docs (#6188) (#6217)
* add PAM environment with interpolation support
* Cache per-cluster SSH certificates under ~/.tsh (#5938)
* add special resource type for access plugin data
* Enable DynamoDB autoscaling on global secondary indices (#6112)
* darwin fips builds (#5866)
* kube: add kubernetes_labels to role JSON schema
* mfa: send username instead of SSH login name in MFA cert request
* fix nil slice bug
* RFD 16: Add a section on `tctl rm` resetting resources back to defaults (#5673)
* Update application access docs (#6055) (#6137)
* Bump linux FIPS builds to use go1.16.2b7 release (#6143)
* [auto] Update webassets in master (#6185)
* Convert Token CRUD endpoints to gRPC. (#6105)
* Convert Trusted Cluster CRUD endpoints to gRPC. (#6103)
* [auto] Update webassets in master (#6135)
* Embed webassets natively into teleport instead of attaching to the binary (#5935)
* gRPC conversions - GithubConnector (#6101)
* Test PR. (#6182)
* gRPC conversions - SAMLConnector (#6100)
* gRPC conversions - OIDCConnector (#6067)
* ignore dangling tunnel conns
* Added RFD for Cluster Routing. (#5566)
* Remove duplicate sshutils package from merge failure. (#6165)
* Profile credentials dialer fix (#6122)
* Combine common crud proto messages into generic messages in types.proto. (#6058)
* Allow file argument with tsh play (#5984)
* Make SSO login failure event emit more specific errors (#6108)
* mfa: per-session U2F challenge for web SSH (#6098)
* Add Kubernetes follow along video (#6134)
* Move usage of predicate package out of api. (#6136)
* Set suggested reviewers field to the UI user context struct (#5467)
* custom approval conditions
* mfa: don't check MFA for teleport services in UpsertKubeService (#6129)
* Skip enumerating keys when cluster name is empty (#5942)
* Pass context through new gRPC converted endpoints. (#6118)
* Define cloud billing event types and codes (#6037)
* Add Credential loader support for tsh profiles. (#5993)
* u2f: add optional attestation cert validation (#6057)
* drone: Add ARM/ARM64 package builds (#6106)
* API client connection overhaul (#5625)
* dronegen: drone config generator (#6071)
* Add Postgres Cloud SQL support (#5941)
* App access cli flow (#5918)
* Fix app access websockets support (#6072)
* Properly marks k8s stream complete on error exit (#6068)
* Fix an issue with impersonating SSO users (#6076)
* Enforce valid UTF8 keys on all backends.
* Adds controls for impersonation requests. (#6009) (#6073)
* Move linter config to .golangci.yml and remove surplus Makefile lines (#6052)
* Remove .bash suffix from bats includes to enable compatibility with older versions (#6053)
* Updated with 6.0 video (#6065)
* Edits to getting started guide (#6038)
* updating the reference yaml for clarity and completeness (#6040)
* mfa: handle older servers during IsMFARequired RPC from tsh (#6039)
* Address review feedback
* Avoid data race in audit writer test by syncing close with shutdown of event processing goroutine
* Augment checking stream/streamer and AuditWriter with cluster name detail to automatically populate the field upon event emission.
* mfa: add cluster-level require_session_mfa option (#5939)
* added rfd 19 add example query to rfd 19
* implement rfd 18
* Optimize images (#6019)
* Add support for building ARM/ARM64 RPM/DEB packages (#5937)
* Added benches for GetNodes and GetClusterDetails.
* Add unit tests to teleport-generate-config AMI script (#5682)
* Add empty token check for 2fa optional type for web logins(#5995)
* Fix unit-tests by updating ceritificates in fixtures (#6012)
* Format logs and remove timestamp from default log format (#5979)
* Update README.md (#5901)
* Getting started with Kubernetes (#5981)
* Updated to highlight default port for the plugin. (#5985)
* Update README.md (#5989)
* Updates starter-cluster to Terraform 0.14 (#5535)
* Update Teleport Access Workflows Docs (#5930)
* Update Helm charts to use Teleport 6 by default (#5983)
* Adding keepalive parameters to configuration file (#5910)
* Update mysql self hosted docs (#5912)
* Creates preset roles (#5960)
* Add google_service_account inline field option for Google Workspace/GSuite OIDC (#5563)
* Update VERSION on master to v7.0.0-dev (#5931)
* Address review comments
* Remove proto-based ServerV2 implementation of DeepCopy in favor of the manual implementation to avoid issues with proto-based type merge panics.
* Format Logs and add timestamp to logging output option (#5898)
* add support for encrypted saml assertions with a seperate x509 pair
* log agent forwarding failure at warn (#5907)
* Fix broken link to video in docs (#5955)
* [auto] Update webassets in master (#5957)
* Add version header check in Marshalers (#5768)
* Move redirects to docs config (#5950)
* Update application-access.mdx (#5944)
* mfa: unhide 'tsh mfa' commands and add docs (#5932)
* Add Features and PublicAddrs to PingResponse (#5742)
* Convert Role endpoints to gRPC. (#5458)
* mfa: per-session MFA certs for SSH and Kubernetes (#5564)
* Add Billing Access to default admin role (#5925)
* Add teleport:6 nightly Docker image (#5896)
* Update release table to 6.0.0 (#5851)
* Update Kubernetes Access docs (#5865) (#5933)
* grpc: use the regular buildbox and bump gogoproto version (#5879)
* Add 'make update-webassets' script (#5853)
* RFD 12: add git branching details (#5888)
* mfa: reuse the same challenge for all U2F devices (#5837)
* Run next linter on docs PRs (#5908)
* Fix --insecure-no-tls flag (#5924)
* Moves loadCredsFromProfile to OSS (#5891)
* Update getting started to 6.0.1 (#5890) (#5914)
* [auto] Update AMI IDs for 6.0.1 (#5894)
* Lint markdown files syntax for master with the new linter (#5881)
* Publish teleport-cluster Helm chart (#5895)
* Fixes ACME default configuration (#5839) (#5877)
* Fix ADFS provider and add debug message.
* Sasha/ev readme (#5884)
* mfa: add WithMFA to session-related audit events (#5833)
* docs: add homebrew version compatibility note (#5613)
* Run firestore tests as part of build.assets test target (#5830)
* [auto] Update webassets in master (#5850)
* mfa: audit events for adding/removing devices (#5665)
* Update docs structure (#5849)
* update e (#5786)
* Remove args as these can be deduced automatically
* Quote the address arguments to avoid issues with formats that use symbols that require escaping
* Use non-greedy Mkdir variant and add a test-case for non-existing remote location with intermediate directories
* Add more test coverage for sink mode
* Check whether . is a base directory directly
* Use correct target directory path. Handle target directory/file renames.
* Update CHANGELOG.md
* Fix db server test data race (#5832)
* Updated CHANGELOG.md.
* mfa: delete user MFA devices on account reset (#5805)
* Include CA cert file path in the error message
* Get rid of unnecessary var declarations
* Fix support for insecure etcd mode
* Remove support for migrating from legacy etcd prefix (#5798)
* Add "billing_information" RBAC resource (#5676)
* Fixed build failure for non-Linux platforms. (#5800)
* fix #5783 utmp regression on macos (#5784)
* Don't defer Close calls on writable files
* [auto] Update webassets in andrej/master/security-fixes
* Prevent AAP login CSRF with OAuth-style state tokens
* Set cookies with '__Host-' prefix
* Set stricter HTTP Content-Security-Policy directives
* Assemble safe FQDN values for AAP redirects
* Introduce utils.ReadAtMost to prevent resource exhaustion
* Check CA expiration status when joining a cluster
* Add obfuscation to diagnostic metrics
* Fix AAP headers injection
* Fix CLI content spoofing through access request reason
* Require initialized TLS config in utils.TLSDial
* Fix existence leak of label-restricted resources
* Propagate the mapped local user identity via auth.Context (#5794)
* fix last output timestamps on some systems
* docs: clarify why etcd doesn't store audit events
* Remove categories in favor of using labels instead.
* Update Issue Templates.
* Update ssh-kubernetes-fedramp.mdx
* [tctl] Don't explicitly set value for config path and preserve backwards compatibility (#5731)
* Fixed a typo in GCP documentation
* Added RFD 18: Agent loading.
* Update rfd/0008-application-access.md
* Update 0008-application-access.md
* Update old proxy version detection algorithm
* Sasha/newlines (#5738)
* Adds public_addr when using ACME (#5734)
* [auto] Update webassets in master (#5735)
* Make /lib/web tests more reliable (#5703)
* testplan: add MFA management tests (#5661)
* testplan: update EKS/GKE testing steps (#5662)
* Add database access manual test plan (#5664)
* utmp fix for symlinked path
* Downgrades admin OSS role (#5710)
* add utmp to manual test plan
* Adds a Slack channel and a forum
* Hide the k8s cluster defaulting error log on login
* Update CHANGELOG.md for 6.0.0-rc.1 (#5689)
-------------------------------------------------------------------
Sat Feb 12 20:48:45 UTC 2022 - Johannes Kastl <kastl@b1-systems.de>
- split up into three packages: teleport aka server/daemon, teleport-tctl and teleport-tsh
-------------------------------------------------------------------
Sat Feb 12 08:10:06 UTC 2022 - Johannes Kastl <kastl@b1-systems.de>
- new package teleport: Teleport is an identity-aware, multi-protocol access proxy which understands SSH, HTTPS, RDP, Kubernetes API, MySQL, MongoDB and PostgreSQL wire protocols.