Accepting request 1163720 from home:ojkastl_buildservice:Branch_devel_kubic

update to 15.2.0

OBS-URL: https://build.opensuse.org/request/show/1163720
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/teleport?expand=0&rev=198

_service

@@ -4,7 +4,7 @@
     <param name="scm">git</param>
     <param name="submodules">disable</param>
     <param name="exclude">.git</param>
-    <param name="revision">v15.1.10</param>
+    <param name="revision">v15.2.0</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">disable</param>
     <param name="versionrewrite-pattern">v(.*)</param>

teleport-15.1.10.obscpio

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f28e0a46b55eb52c177bb1af70034a32a1c0a13266df4e707b46b8c0dfa96d88
-size 247076366

teleport-15.2.0.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d6dac1592104c5a004948a5afa868a925ff1677ac9a01e8c95a13fecb19b6660
+size 247606798

teleport.changes

@@ -1,3 +1,116 @@
+-------------------------------------------------------------------
+Sat Mar 30 17:16:29 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- update to 15.2.0:
+  * Improved Access Requests UI
+    The access requests page of the web UI will be backed by a
+    paginated API, ensuring fast load times even on clusters with
+    many access requests.
+    Additionally, the UI allows you to search for access requests,
+    sort them based on various attributes, and includes several new
+    filtering options.
+  * Zero-downtime web asset rollout
+    Teleport 15.2 changes the way that web assets are served and
+    cached, which will allow multiple compatible versions of the
+    Teleport Proxy to run behind the same load balancer.
+  * Workload Identity MVP
+    With Teleport 15.2, Machine ID can bootstrap and issue identity
+    to services across multiple computing environments and
+    organizational boundaries. Workload Identity issues
+    SPIFFE-compatible x509 certificates that can be used for mTLS
+    between services.
+  * Support for Kubernetes 1.29+
+    The Kubernetes project is deprecating the SPDY protocol for
+    streaming commands (kubectl exec, kubectl port-forward, etc)
+    and replacing it with a new websocket-based subprotocol.
+    Teleport 15.2.0 will support the new protocol to ensure
+    compatibility with newer Kubernetes clusters.
+  * Automatic database access requests
+    Both tsh db connect and tsh proxy db will offer the option to
+    submit an access request if the user attempts to connect to a
+    database that they don't already have access to.
+  * GCP console access via Workforce Identity Federation
+    Teleport administrators will be able to setup access to GCP web
+    console through Workforce Identity Federation using Teleport as
+    a SAML identity provider.
+  * IaC support for OpenSSH nodes
+    Users will be able to register OpenSSH nodes in the cluster
+    using Terraform and Kubernetes Operator.
+  * Access requests start time
+    Users submitting access requests via web UI will be able to
+    request specific access start time up to a week in advance.
+  * Terraform and Operator support for agentless SSH nodes
+    The Teleport Terraform provider and Kubernetes operator now
+    support declaring agentless OpenSSH and OpenSSH EC2 ICE
+    servers. You can follow this guide to register OpenSSH agents
+    with infrastructure as code.
+    Setting up EC2 ICE automatic discovery with IaC will come in a
+    future update.
+  * Operator and CRDs can be deployed separately
+    The teleport-operator and teleport-cluster charts now support
+    deploying only the CRD, the CRD and the operator, or only the
+    operator.
+    From the teleport-cluster Helm chart:
+      operator:
+        enabled: true|false
+        installCRDs: always|never|dynamic
+    From the teleport-operator Helm chart:
+      enabled: true|false
+      installCRDs: always|never|dynamic
+    In dynamic mode (by default), the chart will install CRDs if
+    the operator is enabled, but will not remove the CRDs if you
+    temporarily disable the operator.
+  * Operator now propagates labels
+    Kubernetes CR labels are now copied to the Teleport resource
+    when applicable.
+    This allows you to configure RBAC for operator-created
+    resources, and to filter Teleport resources more easily.
+  * Terraform provider no longer forces resource re-creation on
+    version change
+    Teleport v15 introduced two Terraform provider changes:
+    - setting the resource version is now mandatory
+    - a resource version change triggers the resource re-creation
+      to ensure defaults were correctly set
+    The second change was too disruptive, especially for roles, as
+    they cannot be deleted if a user or an access list references
+    them. Teleport 15.2 lifts this restriction and allows version
+    change without forcing the resource deletion.
+    Another change to ensure resource defaults are correctly set
+    during version upgrades will happen in v16.
+  * Other improvements and fixes
+    - Fixed "Invalid URI" error in Teleport Connect when starting
+      mongosh from database connection tab. #40033
+    - Adds support for easily exporting the SPIFFE CA using tls
+      auth export --type tls-spiffe and the /webapi/auth/export
+      endpoint. #40007
+    - Update Rust to 1.77.0, enable RDP font smoothing. #39995
+    - The role, server and token Teleport operator CRs now display
+      additional information when listed with kubectl get. #39993
+    - Improve performance of filtering resources via predicate
+      expressions. #39972
+    - Fixes a bug that prevented CA import when a SPIFFE CA was
+      present. #39958
+    - Fix a verbosity issue that caused the
+      teleport-kube-agent-updater to output debug logs by default.
+      #39953
+    - Reduce default Jamf inventory page size, allow custom values
+      to be provided. #39933
+    - AWS IAM Roles are now filterable in the web UI when launching
+      a console app. #39911
+    - The teleport-cluster Helm chart now supports using the Amazon
+      Athena event backend. #39907
+    - Correctly show the users allowed logins when accessing leaf
+      resources via the root cluster web UI. #39887
+    - Improve performance of resource filtering via labels and
+      fuzzy search. #39791
+    - Enforce optimistic locking for AuthPreferences,
+      ClusterNetworkingConfig, SessionRecordingConfig. #39785
+    - Fix potential issue with some resources expiry being set to
+      01/01/1970 instead of never. #39773
+    - Update default access request TTLs to 1 week. #39509
+    - Fixed an issue where creating or updating an access list with
+      Admin MFA would fail in the WebUI. #3827
+
 -------------------------------------------------------------------
 Fri Mar 29 19:31:04 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
 

teleport.obsinfo

@@ -1,4 +1,4 @@
 name: teleport
-version: 15.1.10
+version: 15.2.0
-mtime: 1711505103
+mtime: 1711746250
-commit: fc3b2b31dec65d28be34866ff2e40b88d232ac17
+commit: bb8bd77625f4e82178d068da6f0f4756d043e37c

teleport.spec

@@ -19,7 +19,7 @@
 %define __arch_install_post export NO_BRP_STRIP_DEBUG=true
 
 Name:           teleport
-Version:        15.1.10
+Version:        15.2.0
 Release:        0
 Summary:        Identity-aware, multi-protocol access proxy
 License:        Apache-2.0

vendor.tar.gz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:4251145b846b985eff9a0c9b8b27b282a946a6054d70366ac8f218bfd0984df2
+oid sha256:7044d9dec404dc6300dc472a5b990809720c12810a4691c08eef54f3c2196a81
-size 44109943
+size 44221695