diff --git a/_service b/_service
index 3ef9655..3e13dc2 100644
--- a/_service
+++ b/_service
@@ -4,7 +4,7 @@
git
disable
.git
- v15.1.10
+ v15.2.0
@PARENT_TAG@
disable
v(.*)
diff --git a/teleport-15.1.10.obscpio b/teleport-15.1.10.obscpio
deleted file mode 100644
index b04e792..0000000
--- a/teleport-15.1.10.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f28e0a46b55eb52c177bb1af70034a32a1c0a13266df4e707b46b8c0dfa96d88
-size 247076366
diff --git a/teleport-15.2.0.obscpio b/teleport-15.2.0.obscpio
new file mode 100644
index 0000000..1fcfc80
--- /dev/null
+++ b/teleport-15.2.0.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d6dac1592104c5a004948a5afa868a925ff1677ac9a01e8c95a13fecb19b6660
+size 247606798
diff --git a/teleport.changes b/teleport.changes
index b50eb3b..4246426 100644
--- a/teleport.changes
+++ b/teleport.changes
@@ -1,3 +1,116 @@
+-------------------------------------------------------------------
+Sat Mar 30 17:16:29 UTC 2024 - Johannes Kastl
+
+- update to 15.2.0:
+ * Improved Access Requests UI
+ The access requests page of the web UI will be backed by a
+ paginated API, ensuring fast load times even on clusters with
+ many access requests.
+ Additionally, the UI allows you to search for access requests,
+ sort them based on various attributes, and includes several new
+ filtering options.
+ * Zero-downtime web asset rollout
+ Teleport 15.2 changes the way that web assets are served and
+ cached, which will allow multiple compatible versions of the
+ Teleport Proxy to run behind the same load balancer.
+ * Workload Identity MVP
+ With Teleport 15.2, Machine ID can bootstrap and issue identity
+ to services across multiple computing environments and
+ organizational boundaries. Workload Identity issues
+ SPIFFE-compatible x509 certificates that can be used for mTLS
+ between services.
+ * Support for Kubernetes 1.29+
+ The Kubernetes project is deprecating the SPDY protocol for
+ streaming commands (kubectl exec, kubectl port-forward, etc)
+ and replacing it with a new websocket-based subprotocol.
+ Teleport 15.2.0 will support the new protocol to ensure
+ compatibility with newer Kubernetes clusters.
+ * Automatic database access requests
+ Both tsh db connect and tsh proxy db will offer the option to
+ submit an access request if the user attempts to connect to a
+ database that they don't already have access to.
+ * GCP console access via Workforce Identity Federation
+ Teleport administrators will be able to setup access to GCP web
+ console through Workforce Identity Federation using Teleport as
+ a SAML identity provider.
+ * IaC support for OpenSSH nodes
+ Users will be able to register OpenSSH nodes in the cluster
+ using Terraform and Kubernetes Operator.
+ * Access requests start time
+ Users submitting access requests via web UI will be able to
+ request specific access start time up to a week in advance.
+ * Terraform and Operator support for agentless SSH nodes
+ The Teleport Terraform provider and Kubernetes operator now
+ support declaring agentless OpenSSH and OpenSSH EC2 ICE
+ servers. You can follow this guide to register OpenSSH agents
+ with infrastructure as code.
+ Setting up EC2 ICE automatic discovery with IaC will come in a
+ future update.
+ * Operator and CRDs can be deployed separately
+ The teleport-operator and teleport-cluster charts now support
+ deploying only the CRD, the CRD and the operator, or only the
+ operator.
+ From the teleport-cluster Helm chart:
+ operator:
+ enabled: true|false
+ installCRDs: always|never|dynamic
+ From the teleport-operator Helm chart:
+ enabled: true|false
+ installCRDs: always|never|dynamic
+ In dynamic mode (by default), the chart will install CRDs if
+ the operator is enabled, but will not remove the CRDs if you
+ temporarily disable the operator.
+ * Operator now propagates labels
+ Kubernetes CR labels are now copied to the Teleport resource
+ when applicable.
+ This allows you to configure RBAC for operator-created
+ resources, and to filter Teleport resources more easily.
+ * Terraform provider no longer forces resource re-creation on
+ version change
+ Teleport v15 introduced two Terraform provider changes:
+ - setting the resource version is now mandatory
+ - a resource version change triggers the resource re-creation
+ to ensure defaults were correctly set
+ The second change was too disruptive, especially for roles, as
+ they cannot be deleted if a user or an access list references
+ them. Teleport 15.2 lifts this restriction and allows version
+ change without forcing the resource deletion.
+ Another change to ensure resource defaults are correctly set
+ during version upgrades will happen in v16.
+ * Other improvements and fixes
+ - Fixed "Invalid URI" error in Teleport Connect when starting
+ mongosh from database connection tab. #40033
+ - Adds support for easily exporting the SPIFFE CA using tls
+ auth export --type tls-spiffe and the /webapi/auth/export
+ endpoint. #40007
+ - Update Rust to 1.77.0, enable RDP font smoothing. #39995
+ - The role, server and token Teleport operator CRs now display
+ additional information when listed with kubectl get. #39993
+ - Improve performance of filtering resources via predicate
+ expressions. #39972
+ - Fixes a bug that prevented CA import when a SPIFFE CA was
+ present. #39958
+ - Fix a verbosity issue that caused the
+ teleport-kube-agent-updater to output debug logs by default.
+ #39953
+ - Reduce default Jamf inventory page size, allow custom values
+ to be provided. #39933
+ - AWS IAM Roles are now filterable in the web UI when launching
+ a console app. #39911
+ - The teleport-cluster Helm chart now supports using the Amazon
+ Athena event backend. #39907
+ - Correctly show the users allowed logins when accessing leaf
+ resources via the root cluster web UI. #39887
+ - Improve performance of resource filtering via labels and
+ fuzzy search. #39791
+ - Enforce optimistic locking for AuthPreferences,
+ ClusterNetworkingConfig, SessionRecordingConfig. #39785
+ - Fix potential issue with some resources expiry being set to
+ 01/01/1970 instead of never. #39773
+ - Update default access request TTLs to 1 week. #39509
+ - Fixed an issue where creating or updating an access list with
+ Admin MFA would fail in the WebUI. #3827
+
-------------------------------------------------------------------
Fri Mar 29 19:31:04 UTC 2024 - Johannes Kastl
diff --git a/teleport.obsinfo b/teleport.obsinfo
index 7ede389..50c7c97 100644
--- a/teleport.obsinfo
+++ b/teleport.obsinfo
@@ -1,4 +1,4 @@
name: teleport
-version: 15.1.10
-mtime: 1711505103
-commit: fc3b2b31dec65d28be34866ff2e40b88d232ac17
+version: 15.2.0
+mtime: 1711746250
+commit: bb8bd77625f4e82178d068da6f0f4756d043e37c
diff --git a/teleport.spec b/teleport.spec
index 5ce266c..50756f9 100644
--- a/teleport.spec
+++ b/teleport.spec
@@ -19,7 +19,7 @@
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
Name: teleport
-Version: 15.1.10
+Version: 15.2.0
Release: 0
Summary: Identity-aware, multi-protocol access proxy
License: Apache-2.0
diff --git a/vendor.tar.gz b/vendor.tar.gz
index dbd7000..6f0aa8b 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:4251145b846b985eff9a0c9b8b27b282a946a6054d70366ac8f218bfd0984df2
-size 44109943
+oid sha256:7044d9dec404dc6300dc472a5b990809720c12810a4691c08eef54f3c2196a81
+size 44221695