From f91c8a1b21bdaaccf5350be965f2da094f293f28c5e909853050764225c92b2c Mon Sep 17 00:00:00 2001 From: Johannes Kastl Date: Sun, 13 Mar 2022 14:57:40 +0000 Subject: [PATCH] Accepting request 961459 from home:ojkastl_buildservice:Branch_devel_kubic update to 9.0.0 OBS-URL: https://build.opensuse.org/request/show/961459 OBS-URL: https://build.opensuse.org/package/show/devel:kubic/teleport?expand=0&rev=9 --- _service | 4 +- _servicedata | 2 +- teleport-8.3.4.tar.gz | 3 - teleport-9.0.0.tar.gz | 3 + teleport.changes | 636 ++++++++++++++++++++++++++++++++++++++++++ teleport.spec | 2 +- vendor.tar.gz | 4 +- webassets.tar.gz | 4 +- 8 files changed, 647 insertions(+), 11 deletions(-) delete mode 100644 teleport-8.3.4.tar.gz create mode 100644 teleport-9.0.0.tar.gz diff --git a/_service b/_service index 74d87d3..3960d1b 100644 --- a/_service +++ b/_service @@ -4,7 +4,7 @@ git disable .git - v8.3.4 + v9.0.0 @PARENT_TAG@ enable v(.*) @@ -25,6 +25,6 @@ gz - teleport-8.3.4.tar.gz + teleport-9.0.0.tar.gz diff --git a/_servicedata b/_servicedata index 55a1d13..433f87d 100644 --- a/_servicedata +++ b/_servicedata @@ -1,4 +1,4 @@ https://github.com/gravitational/teleport - 010bea10d531dfdf5d6c946d36f2534566212759 \ No newline at end of file + 1fa8857aa2de7a75f0bfb80a6eb3a7e41cf14bb4 \ No newline at end of file diff --git a/teleport-8.3.4.tar.gz b/teleport-8.3.4.tar.gz deleted file mode 100644 index be05a91..0000000 --- a/teleport-8.3.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7805c4eff663cbe2dca96f63444309a7c3e09db25e87765e72dd7ac39b8860b3 -size 54791481 diff --git a/teleport-9.0.0.tar.gz b/teleport-9.0.0.tar.gz new file mode 100644 index 0000000..ce6d6ff --- /dev/null +++ b/teleport-9.0.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:03e2f020f9fffb1e8cabc3c7c39761a699faa7cee4a484f1c4f2c05959befd8c +size 46062543 diff --git a/teleport.changes b/teleport.changes index 7661202..843e607 100644 --- a/teleport.changes +++ b/teleport.changes @@ -1,3 +1,639 @@ +------------------------------------------------------------------- +Sat Mar 12 20:35:40 UTC 2022 - kastl@b1-systems.de + +- Update to version 9.0.0: + * Release 9.0.0 (#11067) + * Add Redis docs (#11073) + * Fix NLB Mongo/Postgres errors spam (#11059) + * [auto] Update webassets in branch/v9 (#11055) + * Added Machine ID docs. + * Release 9.0.0-rc.2 (#11038) + * UX improvements for tbot (#10833) (#11046) + * Moderated Sessions improvements (#10991) (#11051) + * Fix meaning of `bot_name` in bot join tokens (#11039) (#11047) + * Backport of #10289 (#11030) + * Better Semaphore Lease Contention Handling (#10666) (#10877) + * V9 backport 10871 (#11031) + * Prevent panic caused by nil session recorder (#10792) (#10874) + * (v9) Missing v9 backports (#11033) + * Fixed incorrectly named RPMs (#11029) + * Fix quadratic complexity in Reconciler.Reconcile(). (#10989) (#11023) + * Fix ACME instructions in start-auth-proxy.mdx (#11013) + * Update suggested systemctl command (#10733) (#11025) + * Switch to warning in case of resource origin clash. (#10947) (#11024) + * Regenerate server identity if APIDomain not present (#10944) + * Release 9.0.0-rc.1 (#11018) + * Fix RPMs using a too-new version of glibc (#11008) + * [v9] Disable automatic updating of API import path (#11010) + * Update database guides with database configurator. (#10451) (#10995) + * Add MariaDB to AWS RDS auto discovery (#10994) + * Update go-mysql package (#10997) + * Enable desktop access in Web UI in Cloud clusters (#10970) + * Handle case where display is itself a unix socket #10719 (#10985) + * [auto] Update webassets in branch/v9 (#10988) + * Release v9.0.0-beta.2 (#10982) + * (v9) Update e (#10964) + * flaky test: TestDatabaseAccessMongoConnectionCount (#10869) (#10955) + * skip databases that are not available during auto discovery (#10699) (#10870) + * feat(app): consider reverse tunnel errors in apps HA mechanism (#10734) (#10906) + * [v9] backport 10915 (memory leak) (#10927) + * Default to `https` scheme for `--proxy` argument in `tctl auth sign` (#10844) (#10911) + * Open parts files one at a time + * Fix Windows session uploads + * Complete empty uploads + * [v9] backport #10765 and #10766 (#10855) + * Include tbot binary in Teleport packages and installs (#10646) (#10802) + * Add desktop access to front page (#10894) + * Add sorting for kube cluster (#10702) (#10921) + * Add `KindWindowsDesktops` to `ListResources` (#10769) (#10912) + * Fix missing identity in certs logic (#10822) + * Fix DynamoDB getAllRecords logic when 1MB query limit is reached (#10726) (#10845) + * Fix panic in MSSQL when Login7 package is invalid (#10709) + * Add support for more Redis Cluster commands (#10760) + * Backport #9470 to branch/v9 (#10823) + * Backport #9556 to branch/v9 (#10824) + * Update dronegen to fix build-darwin-amd64-pkg-tsh artifacts path (#10862) + * Fix panic in MongoDB message reader (#10710) + * Backport #9969 to branch/v9 (#10826) + * Backport #10061 to branch/v9 (#10827) + * Fix large clipboard copy/paste (#10670) + * Backport #10621 to branch/v9 (#10829) + * [v9] Sanitize leaf cluster CA (#10742) + * Fix ALPN panic on empty db handler (#10662) + * Do not block apt publishing if there is a more current pre-release (#10805) + * Restore docs deploy hook (#10838) + * Fix V5 role in getting started guide. (#10837) + * Tweaks in getting started guides. (#10780) + * docs: update CA rotation page (#10419) + * Improve HA behavior of database agents in leaf clusters (#10641) (#10771) + * Partial revert of session.connect event + * Print proxy server on instructions on nodes add command for cloud (#10750) + * Display correct error message when host is missing in `tctl auth sign` (#10739) + * [v9] Fix Mongo topology resource release (#10731) + * [v9] Backport #10460 to branch/v9 (#10616) + * Fix desktop session playback RBAC (#10570) (#10679) + * TF provider configuration environment variables (#10417) (#10548) + * Update CI to teleport9 buildbox (#10715) + * IAM join method support for tbot (#10535) (#10685) + * Add documentation for static windows hosts + * [auto] Update webassets in branch/v9 (#10712) + * Tag buildbox and upgrade to go1.17.7 (#10605) + * Change get resources webapi response (#10598) (#10683) + * Return filtered total count with ListResources (#10573) (#10682) + * Fix crash when AWS Redshift does not have Endpoint info (#10597) (#10675) + * helm: Fix enabled clause for db_service when using awsDatabases only (#10644) + * Disable BPF tests in CI (#10654) (#10691) + * [Docs update] Mention unsupported scenarios for IAM join method (#10530) (#10652) + * helm: Fix indenting on database autodiscovery (#10624) + * Update desktop access docs for 9.0 (#10406) (#10545) + * Fix artifacts path for build-darwin-amd64-pkg-tsh drone pipeline (#10600) + * docs: fix code block (#10495) (#10555) + * Restore teleport-private deb/rpm gating (#10536) + * [v9] Backport "helm: Revert PodSecurityPolicy change" (#10565) + * Release 9.0.0-beta.1 (#10508) + * Update e (#10505) + * [auto] Update AMI IDs for 8.3.1 + * Certificate renewal bot (#10099) + * [auto] Update webassets in master (#10482) + * CertAuthority watcher filtering (#10020) + * Adds a `DesktopSessionRecording` flag to the ACL (#10365) + * Add SQL Server guide (#10293) + * Update x11 sshserver test to test concurrent sessions and requests. (#10470) + * Add MFA for Windows Desktop web access (#10271) + * Reduce concurrent connections in TestRedisTransaction (#10472) + * feat: aws database configurator (#9145) + * Add missing action VerbRead to ListResources (#10422) + * Re-sign .drone.yml (#10469) + * Remove drone step to publish centos6 buildbox (#10432) + * Fix server compare to check expiry last (#10380) + * Add teleport_audit_emit_event prometheus metric (#9134) + * Use tdr in Dronegen (#10453) + * helm: Add AWS database auto-discovery to teleport-kube-agent (#10344) + * Add support for windows desktop services proxying different desktops (#10101) + * Address Cloud users in guides (#9962) + * Mention Teleport Cloud in some of our guides (#9989) + * docs: Updated path to tctl/tsh for Enterprise binaries (#10428) + * Add a Cloud compatibility warning to Helm guides (#10023) + * Add a prominent warning to the config reference (#9558) + * [auto] Update webassets in master (#10427) + * IAM Joining Docs: Set join_method in token.yaml (#10433) + * Clear terminal when auth server is in FIPS mode (#10095) + * Update version thresholds (#10426) + * Add support for configurable ssh key extensions + * Fix HSM flaky integration tests (#10390) + * Install gcloud in /opt, so it can be accessed by non root (#10400) + * add where option with sessions so Access role by default can see their own session recordings (#10376) + * Add SQL Server support for database access (#10097) + * [auto] Update webassets in master (#10409) + * Switch shell to golang for latest version detection (#10295) + * Add a command to query the latest release + * Switch to testify + * Exclude draft releases from latest version logic + * Fix release sorting + * Add an lexicographic test case + * Integrate version-check into build.assets/tooling + * Implement resource sorter for server, appserver, dbserver (#10243) + * Check for shell user's home directory as that user (#10321) + * Update e submodule. (#10413) + * add teleport_connected_resources metric (#9603) + * MySQL prepared statement support (#10283) + * Fix TestHandleConnection directory not empty error (#10407) + * Add Redis integration (#10053) + * Only request CF_OEMTEXT clipboard data + * Add audit events for desktop clipboard access + * Increase GCB UT timeout (#10398) + * Remove the legacy JSON API for requesting host certs + * Remove CentOS 6 builds for Teleport 9 + * docs: add warning about auditor role (#10258) + * Label active directory domain controllers (#10334) + * Fix Reverse Tunnels Not Properly reconnecting (#10368) + * Add TestModules (#10369) + * Ensure docs nav titles use title case consistently (#10353) + * Deflake TestFnCacheSanity (#10250) + * Clarify Kubernetes Getting Started guide (#9580) + * Fix db configure (#10349) + * Migrate the joined-tokens code to the OSS release. (#10288) + * Implement Moderated Sessions (#8563) + * Fix tctl insecure flag when TLS Routing is enabled (#10297) + * DigitalOcean 1-click Droplet and Kubernetes getting started guides (#8773) + * Return desktop events in SearchSessionEvents (#10325) + * Save unit test logs (#10076) + * Fix TestProcessKubeCSR (#10355) + * Implement global SessionData storage (#10287) + * Don't open clipboard static channel when clipboard is disabled (#10348) + * Synch Teleport preview updates (#10318) + * Replace /tmp with os.TempDir(). (#10322) + * Generate/validate a PIN for our virtual smartcard (#9919) + * Add passwordless-related information to protos (#10281) + * Expose reverse tunnel address to web ui (#10133) + * Fix fake streamer implementation to match the real one (#10330) + * Desktop session recording/playback (#9583) + * RFD 48: Desktop Session Recording (#9864) + * Ensure clipboard data is shared in the format Windows expects (#10284) + * Add docs for IAM join method (#8899) + * Add Prometheus metrics cache events and stale events (#9826) + * Add Teleport Cloud instructions to 3 guides (#9681) + * RFD 52/53/54: Passwordless (#9296) + * Add documentation for moderated sessions (#9425) + * Don't return `nil, nil` in (*AuditWriter).tryResumeStream (#10254) + * Trusted clusters doc: Use wildcard for spec.allow.cluster_labels.env + * Improve node labels example in roles docs (#9385) + * Fix interpolation example in role templates docs (#9382) + * Add missing DatabasesReady event to DB proxy (#10152) + * active node inventory cleanup + * Authentication options doc: wrap `on` in quotes + * Add keepalive heartbeat to kubernetes service (#9584) + * commit forgotten "make grpc" (#10280) + * feat: add create database config command (#9618) + * Convert auth test from gocheck to standard lib + * Document desktop role options for Teleport 9 (#10227) + * Replace testify/assert with testify/require (#9925) + * Adds Application certificate path to profile (#10043) + * [auto] Update AMI IDs for 8.2.0 + * IAM Join Method (gRPC service) (#10087) + * Make our docs guidance discoverable (#10155) + * Use an apt-key alternative in install instructions (#10084) + * docs: add steps for joining w_d_s to a cloud cluster (#10219) + * Clean up desktop session error logging (#10232) + * [auto] Update webassets in master (#10235) + * Use buildbox images from quay.io (#10179) + * Remove Teleport DB Users only message for tctl users ls that is incorrect (#10181) + * Cleaned up NewClient in integration tests. + * Fixed TestSessionStartContainsAccessRequest. + * Fixed TestDisconnection + * Expand cloud in production usage faq question (#10218) + * Update the PR description for auto webassets udpates (#10212) + * IAM Join Method (backend implementation) (#10085) + * adds cliipboard to userACL (#10207) + * Add the `cert.create` event (#9822) + * [auto] Update AMI IDs for 8.1.5 + * Reconnect broken LDAP connections (#10183) + * Enable map key sorting in `utils.FastMarshal` (#10070) + * Clarify `tsh config` usage docs on Windows (#8409) + * Update MariaDB docs (#10113) + * Add additional filters to ListResources (#10180) + * Desktop Access: clipboard support (#9976) + * Add more lint coverage (#10049) + * Add desktop_clipboard role option (#10165) + * update `github.com/gravitational/trace` to `v1.1.17` (#10079) + * [auto] Update webassets in master (#10161) + * x11 forwarding (#9897) + * Document docs labels (#9537) + * Update Docker image tags in docs (#9400) + * Modified FedRamp to FedRAMP in docs for proper acronym (#10114) + * Implement resource boolean expression parser (#10008) + * Add xauth binary to buildbox for X11 forwarding. (#10164) + * docs: Add extra commands and reference for AWS Managed AD to Desktop Access docs (#9669) + * Add role option for record_desktop_session (#9523) + * Fixes DocTest CI (#10117) + * [auto] Update AMI IDs for 8.1.3 (#10144) + * Update Documentation for GCP Cloud SQL Client Authentication (#10092) + * Update version-check paths (#10118) + * Fix. + * Removed `TestProxyReverseTunnel`. + * RFD 49: desktop access clipboard (#9868) + * Backward compatible kubernetes_labels behaviour for v3 and v4 roles (#10122) + * RFD 51: X11 forwarding (#10009) + * Remove broken links to /admin-guide/#public-addr (#10057) + * Use correct unmarshaller for json durations (#10124) + * Dynamically resolve reverse tunnel address (#9958) + * Updated assign and check logic for Cloud. + * fix tests - forwarder is not set during cluster session init anymore + * remove unnecessary file + * unfix test case + * tests + * address comments + * clean import + * diable http2 for kube streaming endpoints + * Update S3 canned ACL docs (#10072) + * Add teleport_reverse_tunnels_connected Prometheus metric (#9698) + * Log when App Service fails due to empty `proxy_service.public_addr` (#10056) + * Add metric tracking number of Teleport agents joined to cluster (#9749) + * Modify verbiage on AWS CLI (#10029) + * Fix docker-compose Getting Started guide issues (#9709) + * Add guide for Azure Postgres/MySQL database access (#9729) + * Refactor database engines registration (#10074) + * Add backporting tool. (#9568) + * Clarify token.file usage in server access getting started guide. (#10060) + * Updated the description of the location of the built binaries (#9885) + * Documentation update for Redshift auto discovery support (#9990) + * RFD 50: Cluster Join Methods and Endpoints (#9871) + * Client Certificate Authentication for GCP Cloud SQL (#9991) + * Fix tsh tctl do not load all CAS (#9357) + * Use SDK Cloud script to install gcloud (#9941) + * RFD 55: WebUI server-side paginating and filtering (#9633) + * Add teleport proxy addr to the kubeconfig exec args when specified (#9899) + * Add MatchSearch to resources for fuzzy search (#9892) + * Removes diagnosis address from being hidden (#9975) + * Update to Rust 1.58.1 (#9985) + * Update golang.org/x/crypto to v0.0.0-20220126234351-aa10faf2a1f8 (#9984) + * Respect errors from UserInfo (#9951) + * support for redshift auto discovery (#9851) + * add desktop and tip on assigned ports for networking ref (#9957) + * Add a Cargo workspace (#9960) + * Update teleport-agent readme links (#9963) + * add extra checks to avoid getSigninToken failure (#9792) + * Properly cleanup the connection monitor for desktop sessions (#9913) + * Fix k8 access - respect kube service labels (#9759) + * Updated docs for the improved Google OIDC connector (#9907) + * Include uid in session.start & upload events (#9791) + * Ignore artifact failures in remaining pipelines (#9932) + * Add diag addr, web idle timeout, token clarification (#8489) + * add ping oidc workaround documentation (#8486) + * Add access requests to audit events (#9758) + * Ignore failures for artifact registration step (#9921) + * feat: add KubeService and Node to ListResources (#9613) + * Add access request locks to the docs (#9866) + * Auto discovery aurora reader and custom endpoints (#9668) + * Access request locks (#9478) + * make protoc generation compatible with api v2+ (#9673) + * update RDS and Redshift CA URL (#9890) + * Add github teams to available traits + * Fix TLS Router serverName 'kube.' prefix based routing logic (#9777) + * Put note about skipping TLS verification in a
box + * Check if the legacy password_file config field is set + * Run LDAP initialization in a retry loop + * Remove mention of LDAP password from docs + * authenticate to LDAP with client certificates + * Fix docs typo + * Add email parameter to example (#9850) + * Improved Google OIDC connector (#9697) + * Reject TDP ClientUsername messages that are too long + * [Breaking] Default to mongosh when connecting to MongoDB. (#8472) (#9754) + * Fix docs and config newline outputs + * Fix inclusion of non-existant gcp-credentials secret and credentialsPath when credentialSecretName is empty + * [auto] Update webassets in master (#9870) + * Update e-ref (#9843) + * Cleanup of minor bot issues. + * Remove devbox - build box now supports AMR64. (#9847) + * use google/uuid instead of pborman/uuid (#9793) + * Replace cluster periodics with watchers (#9609) + * Tweak the PNG encoder (#9817) + * make the switch in dynamic.go easier to read (#9836) + * Retry with re-login ignores TELEPORT_HOME. (#9436) + * Database auto discovery to be more tolerable to find as many as it can (#9426) + * Treat EC2 Node IDs as UUIDs (#9722) + * fix: removing new line convergance (#9579) + * Add an Error message to TDP (#9586) + * helm: Allow setting issuer group for certificate in teleport-cluster (#9138) + * helm: Add logging configuration to teleport-kube-agent chart (#9632) + * [docs] Add region and use of SSM decryption to Terraform docs (#8907) + * Allow impersonation of roles without users (#9561) + * Fix first desktop discovery reconcile loop (#9654) + * Naji/force http2 kubernetes (#9294) + * fix nindent of `service.spec` in teleport-cluster chart (#9645) + * Conditionally publish deb packages (#9496) + * docs: recommend a highly available LDAP endpoint. (#9744) + * Clean up system role parsing (#9756) + * Emit event when connecting to non-Teleport server (#9370) + * feat: app server requests failover (#9288) + * Don't shell out to `go list` when not needed (#9776) + * Fix reverse tunnel dialing for Windows Desktops + * omit invalid aws tags in rds autodiscovery (#9742) + * Covert password_test.go from gocheck to std test + * Run gpg in batch mode (#9728) + * Use teleport logger instead of gravitational/trace (#9738) + * Revert bot changes for `vendor/` (#9743) + * Add the `access_request.delete` event (#9552) + * Add support for MariaDB (#9409) + * Add Videos to Teleport Desktop Access (#9373) + * Update `google.golang.org/grpc` to v1.43.0 (#9656) + * Upgrade from `go.etcd.io/etcd` v3.4.14 to `go.etcd.io/etcd/{api,client}/v3` v3.5.1 (#9607) + * Add "limiter" support to database service (#9087) + * Fix log file location for vendorless (#9689) + * Move GOMODCACHE out of workspace + * Disable make target update-api-module-path. + * Mark RFD 47 as implemented + * Remove vendor + * Sign rpm repo metadata (#9027) + * Update e-ref (#9682) + * do not register Aurora serverless db clusters (#9386) + * truncate Labels for tsh db ls (#9671) + * Disable RDP client on ARM 32 bit (#9667) + * Adds Desktops to license (#9576) + * Remove unused context from sqlite backend (#9658) + * Update Postgres audit events (#9435) + * Add note about TLS routing backwards compatibility (#9630) + * Clean up dynamicLabels ssh server goroutines when server is closed + * Restrores CI lint for non-go files (#9663) + * Close all SQL statements (#9614) + * Fix race condition in multiplexer tests (#9660) + * Fall back to "/" when home directory doesn't exist for `tsh ssh` (#9413) + * Add teleport_build_info Prometheus metric to Teleport (#9595) + * Add note about testing local dependency changes + * RFD 47 - remove the vendor directory from source control + * bot: label PRs that touch lib/events with "audit-log" + * Fix Flaky Retry Tests (#9516) + * Specify level of TLS verification for database connections (#9197) + * Truncate label output in tsh ls and tsh app ls commands + * Dead code removal + extra commentry & logging in build script (#9509) + * Attempts to make CI integration test logs more useful (#9626) + * Log when connecting to potentially incompatiable authservers + * Only allow access request deletion through static roles' permissions (#9540) + * Upload release binaries to new release infrastructure (#8722) + * Add access requests to TLS certificates (#9501) + * Update API client: dial auth service with TLS Routing (#9498) + * Improve TestTwoClustersTunnel troubleshooting + * Remove utils.BroadcastWriter + * Use require.Eventually to avoid flakiness in TestAPILOckedOut + * fix dynamo error types + * fixes mdx comment style (#9599) + * Forward TELEPORT_HOME to kubeconfig (#9546) + * Adds the windows_desktop_service section to the meta teleport.yaml (#9573) + * Add ARM64 support for buildbox docker image (#9572) + * Emit the correct session ID for SessionLeave events + * Update locking guide to include Windows Desktops + * Allow locking a desktop + * Fixed missing reviewers issue. + * Added support for automatic labeling of PRs. + * Fix goroutine/socket leak in multiplexer (#9507) + * tweak test timeout + * fix typed nil panic + * fallback to calling origin if rc is missing from cache + * docs: update cloud roadmap and faq (#9479) + * Fix tsh db connect mongo dbuser logic (#9196) + * Restart teleport-kube-agent can't join cluster. + * add TLS routing support to helm chart + * Added log configuration to teleport-cluster chart. + * Added support for service.spec.loadBalancerIP. + * updted Helm install guide in installation page. - link to getting started with kubernetes access page to refer Helm which is more up to date guide - removed which shows deprecated warning + * Fix the UI to correctly determine if a user has access to a resource (#9473) + * Update rdp-rs (#9344) + * removes experimental note from example config (#9195) + * Skip tests on a docs-only PR (#9416) + * Update aws-console.mdx (#9477) + * [auto] Update webassets in master (#9504) + * Fix initKube: broadcast KubeReady event (#9418) + * Session locking tweaks + * Deduplicate access request IDs before signing certificates (#9453) + * Fix devbox on AMD64 (#9462) + * Clean up `make grpc` and .pb.go generation (#9432) + * Add jitter and backoff to prevent thundering herd on auth (#9133) + * Escape access request and access resolution reasons in tctl (#9381) + * Prevent Linear Retry from converging on Max (#9393) + * Allow loadtest teleport image to be configurable (#9398) + * tool/tsh: support ID for `tsh play -f json` + * Exclude Jitter from logging + * Update README.md (#9378) + * Fix flaky TestWebsocketPingLoop test (#9326) + * Split dev tools into a seperate docker container (#9410) + * update doc examples to change from admin role to editor,access (#9334) + * Do not parse MySQL server packets (#9423) + * feat: ListResources gRPC rpc (#9096) + * Clarify the Linux Getting Started guide (#9346) + * Create a blast radius reduction guide (#9189) + * Fix NO_PROXY addr logic (#9287) + * Port fixes from v8 (#9397) + * Fixed IsInternal issue in Check workflow. + * Updated checking logic for code owners. + * Enable canned ACL for S3 (#9042) + * Doc update mongo postgres separate listeners (#9340) + * Allow a configurable event TTL in DynamoDB (#8840) + * Add ability to run Mongo proxy on separate listener (#9194) + * Include --insecure options for teleport {db|app} + * Fix app server goroutine leak (#9332) + * Add ability to run Postgres proxy on separate listener (#8323) + * Ensure we don't miss the resolution of an access request (#9193) + * Run tsh play requests with correct CLI context + * Delete extra % sign + * [auto] Update webassets in master + * Update example username desktop service to single quotes + * Correct Dismiss function spelling. + * Tweak LDAPS troubleshooting docs + * Improve error message when TOPT is not valid + * fix racy test + * bump nginx1.12 to nginx1 + * Use in-memory cache for autoscale HA cluster + * Add PDB to teleport-kube-agent chart + * Optionally allow cluster_name to override public_address being used for cluster_name + * Disable drone triggers (#9313) + * Check If HEAD Branch Is A Fork (#9302) + * Fix the CRL distribution point in Windows certs (#9299) + * improve lock tests + * improve Cache.ListNodes perf + * improve concurrent watcher registration perf + * bump backend limit + * Remove uploadCtx/uploadDone as these are automatically reflected with uploadLoopDoneCh + * Do not use the server's context to complete the stream - it might have been already cancelled. Proto stream to make sure the streams have been completely written before exiting from Close. + * Fix CryptoRandomHex function (#9186) + * Fix panic running TestIntegration/RotateChangeSigningAlg (#9316) + * Add `--cluster` flag to all `tsh db` subcommands, Add "--diag_addr" flag to `teleport db/app start` (#9220) + * tool/tctl: Log when requested ttl isnt granted for a cert + * Replace "loose" with "lose" (#9284) + * Avoid "Entering/Leaving directory" output in Make (#9246) + * Update docker-compose.yml + * Add thredUP case study to adopters page + * Fix confusing port example in standalone docs + * Add scopes description to the docs + * Remove duplicate YouTube link + * Add missing parenthesis in README + * remove sudo from yum install + * Update check.yaml + * Improve docs for per-session MFA + * Check if PR is from a fork before dismissing runs. (#9300) + * Add Security and UX sections to the canonical RFD (#9251) + * Fix CheckAndSetDefaults for UserTokenSecretsV3 (#9290) + * Trigger Assign workflow on opened and ready_for_review events. (#9272) + * Fix custom tsh home dir for some tsh commands. (#9240) + * simplify desktop access getting started guide (#9100) + * Prevent infinite dialing to Auth (#9254) + * Added more log lines to dismiss workflow. + * Add Teleport loadtest infrastructure and grafana dashboard (#9023) + * Fix sessions endpoint and remove namespaces (#9217) + * Fix make grpc (#9252) + * Add support for configurable KMS CMK keys for S3 SSE (#8354) + * Fix tsh ssh proxy for openssh client (#9219) + * `tsh db connect` do not respect TELEPORT_HOME (#9226) + * Fix incorrect paths in docker/Dockerfile. (#9164) + * Fixed error in assignment logic. + * Added extra logging to bot assignment. + * Bump x/crypto (#9205) + * Updated logic to find workflow by path. + * Updated code review assignment logic. + * Clear web terminal when session ends (#8850) + * Do not prompt for hardware MFA using `tsh` on Windows (#9081) + * Update e ref + * Create separate builds for CentOS7 (+fips) + * simplify connection establishment (#9098) + * Enhance LDAP desktop discovery (#9152) + * Add Azure access token auth support for Postgres/MySQL (#8951) + * docs: Fixes for pam_exec user creation script (#9001) + * Use t.Setenv in tests (#9154) + * Fix MySQL proxy handshake (#9161) + * Update fluentd.mdx + * Forwarding Access Logs using FluentD Video + * Google CloudBuild support (#9090) + * RFD 42 - S3 KMS Encryption (#8344) + * Fix misspelling + * Resolve potential data race (#9118) + * Resolve race in db tests (#9117) + * Clean up temp dir after app tests (#9119) + * Make the `tctl users update` command visible (#9080) + * Add public docs for active and recorded sessions "where" (#9084) + * Don't Dismiss Dismissed Reviews (#9094) + * Add Bot Logging (#9099) + * Refresh getting started guide to use TLS routing (#8988) + * Update docs for TLS routing (#9048) + * Keep Valid Reviews For External Contributors (#9067) + * Make Teleport startup resilient to invalid roles (#9062) + * docs: LDAP service account setup (#8875) + * teleport configure: generate web_listen_addr (#9066) + * Implement where conditions for active sessions (#9040) + * add --publid-addr --cert-file --key-file for teleport configure (#9033) + * Update reviewers (#9050) + * Update vendor + * Bump e (#9022) + * Expose endpoint for fetching single desktop (#9041) + * Add app metatada to app audit events (#8930) + * Updated Docker Quickstart/Labs. + * Request keypair from pool rather than directly. + * Move unimplemented client methods out of the api client. (#8972) + * Re-Request Reviews When Approvals Are Invalidated (#9037) + * Fixed Helm publishing. + * Updated Drone pipeline to build Teleport 8 images. + * Clean up DB integration test output + * [auto] Update AMI IDs for 8.0.0 (#9025) + * make update-vendor (#9017) + * Restart entire node on tunnel collapse (#8102) + * update gosaml2 dep (#8937) + * Fix dialing kube trusted cluser in v2 telport config (#8993) + * teleport.cluster.local cleanup (#7922) + * role labels use key instead of name + * update docs to reflect terraform provider changes + * Fix tunnel address for TLS routing if public tunnel address is present (#8961) + * [pr-buddy] helm: Add support for annotation on secrets generated by cert-manager (#8872) + * Updated build-darwin-* pipeline. + * Remove explicit "deny" from preset "auditor" role, make preset roles V4 (#8959) + * Update CODEOWNERS + * replace dgrijalva/jwt-go with golang-jwt/jwt (#8939) + * Prevent system roles from being created by a user (#8924) + * RFD 43: Database access configurator (#8896) + * Fix KUBECONFIG server name (#8940) + * [auto] Update webassets in master (#8963) + * Update username (#8968) + * windows ldaps port (#8932) + * RFD 45: RBAC where conditions for active sessions list/read (#8962) + * Assign Doc Reviewers to Pull Requests with Changes to `docs/` (#8938) + * Merge 'config-proxy' and 'proxy ssh' commands logic (#8920) + * Add brief TLS routing description + * Update CHANGELOG.md + * Bypass required reviewers (#8901) + * Add meta redirect for some routes (#8293) + * tctl: allow issuing app access certificates via `tctl auth sign` (#8717) + * Update check.go + * Use Hardcoded Map to Get Reviewers for Authors (#8928) + * Add user-facing documentation for WebAuthn (#8479) + * Improve SSH agent forwarding error message in proxy mode (#8829) + * Do Not Dismiss Commented Pull Request Reviews (#8912) + * Add space between reviewer usernames (#8905) + * remove checking if users exist + * RFD 44: RBAC `where` conditions for session recordings list/read (#8084) + * [auto] Update webassets in master (#8909) + * Fix race condition in integration tests. (#8888) + * Link libatomic on Linux + * RFD 9 (Locking): Update with latest developments (#7860) + * Update test plan (#8897) + * Fix the buildbox (again) (#8892) + * Fix ACME strict ALPN (#8869) + * Add RFD 43: Kubernetes Access Multiparty Sessions (#8510) + * Don't allow running Desktop Access in FIPS mode. + * Fix Rust buildbox (#8881) + * Rust & Desktop Access fixes (#8822) + * Use cgo.Handle for passing client refs between Rust/Go + * clarifying facet examples (#8705) + * Fix heartbeat for LDAP hosts + * Disable desktop access in Web UI in Cloud clusters (#8858) + * Fix tsh ssh proxy (#8826) + * Fix MFA for DB Access (#8796) + * Add dynamic registration and discovery guides (#8694) + * integration: name our subtests + * Fix typo in error check. (#8810) + * output of config is being included in copy/paste (#8855) + * Split auth.AccessPoint into variant specific interfaces (#8471) + * Update workflow files to run workflows in the context of master (#8728) + * Bring back previous u2f challenge response for web terminal (#8830) + * Update Go badge to 1.17 (#8841) + * Fix the client idle disconnect audit event for desktops + * Fix trailing whitespace + * Adds a test for scroll wheel + * updates keyboard test plan + * Include desktop access in test plan + * Fix mongo access with mfa and add tests (#8799) + * Fix reverse tunnel web ping call log severity (#8775) + * Update e-ref (#8819) + * Remove checking for error from session end in web terminal (#8797) + * Update rdp-rs to fix horizontal scroll + extended keys + * update to syntax change in terraform provider (#8782) + * [helm] Change path -> mountPath under extraVolumeMounts (#8806) + * [ami] Get wildcard DNS cert when using certbot/Letsencrypt with Terraform AMI (#8792) + * URL-encode Postgres username in connection string (#8771) + * Return created date with new recovery codes (#8777) + * [auto] Update AMI IDs for 7.3.2 + * Update mac builds + * Update test plan (#8794) + * Set user verification to "discouraged" for WebAuthn (#8759) + * Add '+' to key sanitizer whitelist (#8396) + * flips struct ordering to match with tdp spec (#8753) + * Fix error message when direct dial fails (#8678) + * set packer version + * API release automation with go script (#8484) + * Fix race condition in PipeNetCon (#8643) + * Update e + * Ensure that Rust libraries are cleaned + * Update and mark WebAuthn RFD as implemented (#8751) + * Update TLS routing test plan scenarios (#8731) + * Make RegisterUsingTokenRequest a Protobuf type (#8690) + * Stop linking lcrypto and lssl + * Update e + * Add Rust to buildbox + * Add link to Teleport Changelog in helm chart repository site. (#8734) + * Include package-level failures in formatted test output (#8698) + * Fix event code duplication for PrivilegeTokenCreateCode (#8733) + * Update AWS CLI application access docs ref (#8634) + * Update docs per-connection MFA DB access (#8682) + * Add RFD 38 (#7769) + * RFD 31: Dynamic registration for apps and databases (#6787) + ------------------------------------------------------------------- Sat Mar 05 13:06:11 UTC 2022 - kastl@b1-systems.de diff --git a/teleport.spec b/teleport.spec index 954bb52..12be9b1 100644 --- a/teleport.spec +++ b/teleport.spec @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: teleport -Version: 8.3.4 +Version: 9.0.0 Release: 0 Summary: Identity-aware, multi-protocol access proxy License: Apache-2.0 diff --git a/vendor.tar.gz b/vendor.tar.gz index e084eef..06533da 100644 --- a/vendor.tar.gz +++ b/vendor.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:bc0f55aad420b2cfea304767226d1d28abe69df94c1bc97de893c3a8053bad75 -size 14527719 +oid sha256:9974dcd924e97128efee9f2cd165e1c7c0ebb9f8cd5361389b1e366de39f156a +size 18138640 diff --git a/webassets.tar.gz b/webassets.tar.gz index 846b33b..c910d73 100644 --- a/webassets.tar.gz +++ b/webassets.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:cc707df6c8d87c052c2a40c8cbb512b951d5fd8b1be63cfa03467836f78a1ff6 -size 4734496 +oid sha256:cf1760fd1e9db78d0da93034576219f451da689a154be7a5c781823b52ddf77d +size 4736293