Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add notice to web UI that users arent equal to MAU #46686

Merged
merged 2 commits into from
Sep 18, 2024
Merged

Conversation

avatus
Copy link
Contributor

@avatus avatus commented Sep 17, 2024

This adds a dismissible notice to the Users page for usage based billing users that notifies them that the user count here isn't an accurate reflection of MAU
Screenshot 2024-09-17 at 1 15 32 PM

Copy link

The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with changelog: followed by the changelog entries for the PR.

Comment on lines 134 to 139
const showMAUInfo =
ctx.getFeatureFlags().billing &&
cfg.isUsageBasedBilling &&
!storageService.getUsersMAUAcknowledged();

return {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like to make sure this logic is sound. I was able to spoof isUsageBasedBilling in my config but I'm curious to know if the billing feature flag should also be included here? I believe so (as only those with access to billing would want to know, yes?)

Copy link
Contributor

@kimlisa kimlisa Sep 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah i think it makes sense to include it. you can see the conditional we use here, to set the billing access

based on those conditions, the isUsageBasedBilling might be redundant, but doesn't hurt?

actually now i'm curious, can cloud clusters be NON usage based?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

actually now i'm curious, can cloud clusters be NON usage based?

Yes.

@avatus avatus requested review from bl-nero and kimlisa and removed request for ravicious September 17, 2024 18:21
Copy link

The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with changelog: followed by the changelog entries for the PR.

@@ -47,6 +47,14 @@ export const Loaded = () => {
);
};

export const UsersNotEqualMAUNotice = () => {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
export const UsersNotEqualMAUNotice = () => {
export const UsersNotEqualMauNotice = () => {

export const UsersNotEqualMAUNotice = () => {
return (
<MemoryRouter>
<Users {...sample} showMAUInfo={true} />
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<Users {...sample} showMAUInfo={true} />
<Users {...sample} showMauInfo={true} />

@@ -139,4 +147,6 @@ const sample = {
InviteCollaborators: null,
onEmailPasswordResetClose: () => null,
EmailPasswordReset: null,
showMAUInfo: false,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
showMAUInfo: false,
showMauInfo: false,

Note: The users displayed here are not an accurate reflection of
Monthly Active Users (MAU). For example, users who log in through
Single Sign-On (SSO) providers such as Okta will only appear here
temporarily and disappear once they terminate their active sessions.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
temporarily and disappear once they terminate their active sessions.
temporarily and disappear once their sessions expire.

Copy link

The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with changelog: followed by the changelog entries for the PR.

1 similar comment
Copy link

The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with changelog: followed by the changelog entries for the PR.

@avatus avatus added the no-changelog Indicates that a PR does not require a changelog entry label Sep 17, 2024
@@ -139,4 +147,6 @@ const sample = {
InviteCollaborators: null,
onEmailPasswordResetClose: () => null,
EmailPasswordReset: null,
showMauInfo: false,
onDismissUsersMAUNotice: () => null,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
onDismissUsersMAUNotice: () => null,
onDismissUsersMauNotice: () => null,

@@ -207,6 +208,21 @@ export const storageService = {
window.localStorage.setItem(KeysEnum.LICENSE_ACKNOWLEDGED, 'true');
},

getUsersMAUAcknowledged(): boolean {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
getUsersMAUAcknowledged(): boolean {
getUsersMauAcknowledged(): boolean {

@@ -57,6 +57,8 @@ describe('invite collaborators integration', () => {
inviteCollaboratorsOpen: false,
onEmailPasswordResetClose: () => undefined,
EmailPasswordReset: null,
showMauInfo: false,
onDismissUsersMAUNotice: () => null,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
onDismissUsersMAUNotice: () => null,
onDismissUsersMauNotice: () => null,

@@ -105,6 +107,59 @@ describe('invite collaborators integration', () => {
});
});

describe('Users not equal to MAU Notice', () => {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there is only one test inside this describe, i'd remove the describe block and move everything into the test?

@@ -46,6 +46,8 @@ export function Users(props: State) {
onStartDelete,
onStartEdit,
onStartReset,
showMauInfo,
onDismissUsersMAUNotice,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
onDismissUsersMAUNotice,
onDismissUsersMauNotice,

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the future, I think it'd be nice to have our code a little bit reorganized so that small features like this one are more self-contained. At the moment, it's one div that required changes in four different files.

The pattern with a big hook is one thing, but the boilerplate needed in storageService is something that I've run into in Connect as well. In #40900, I was close to adding another bunch of methods for managing a single state field just to handle VNet autostart. Instead, I added usePersistedState which can be used with any state field, without having to add methods for each field.

Arguably, with local storage in the Web UI the situation is more complex, as every value has to be transformed into a string (so there's no inherent type safety; in Connect, we at least have JSON to work with) and then there's KEEP_LOCALSTORAGE_KEYS_ON_LOGOUT.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah it seems like storageService is overdue for some method that can handle all of the state and know which to keep/clear on logout and what not.

>
Note: The users displayed here are not an accurate reflection of
Monthly Active Users (MAU). For example, users who log in through
Single Sign-On (SSO) providers such as Okta will only appear here
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should either eliminate the mention of Okta, or change this to "may" instead of "will" (or make both changes). Users may persist with Okta if user sync is enabled, so we should avoid giving the impression that users will disappear if the cluster has been set up for them to persist.

Also, a tiny nit: I think "Note:" is unnecessary. It's in an info box above the table; it should be clear from the presentation that the text is of note/should be noted.

This adds a dismissible notice to the Users page for usage based billing
users that notifies them that the user count here isn't an accurate
reflection of MAU
@avatus avatus added this pull request to the merge queue Sep 18, 2024
Merged via the queue into master with commit 41ed86f Sep 18, 2024
39 checks passed
@avatus avatus deleted the avatus/users_notice branch September 18, 2024 16:42
@public-teleport-github-review-bot

@avatus See the table below for backport results.

Branch Result
branch/v15 Failed
branch/v16 Failed

mvbrock pushed a commit that referenced this pull request Sep 19, 2024
This adds a dismissible notice to the Users page for usage based billing
users that notifies them that the user count here isn't an accurate
reflection of MAU
github-merge-queue bot pushed a commit that referenced this pull request Sep 20, 2024
* Displaying mode and controls to additional participants

* Moving SessionControlsInfoBroadcast over to kube/proxy

* Transitioning to consistent proxy-emitted mode+controls

* Moving message broadcast so new participant wont see it

* Possible unit test fix (cant seem to test locally)

* Fixed unit test

* Adding a line break before messaging the participant

* Linter errors

* Emitting audit event and controls message for additional parties, i.e. not the session initiator

* Revert "Emitting audit event and controls message for additional parties, i.e. not the session initiator"

This reverts commit b66ad27.

* Add User Tasks resource - protos (#46059)

* Add User Integration Tasks resource - protos

* add account id

* move state to task instead of instance

* rename from user integration task to user task

* add instance id

* Add notice to web UI that users arent equal to MAU (#46686)

This adds a dismissible notice to the Users page for usage based billing
users that notifies them that the user count here isn't an accurate
reflection of MAU

* Clarify TLS requirements in the Jira guide (#46484)

Closes #45654

- Indicate that certificates for the Jira web server cannot be self
  signed.
- Remove references to Caddy and a `Certificate` resource, which were
  left over from an attempted change to this guide that was not fully
  completed.

* Remove TXT record validation of custom DNS zones in VNet (#46709)

* Remove TXT record validation from custom DNS zones

* Remove mentions of TXT records from docs

* Outline in the RFD why domain verification was dropped

* Update rfd/0163-vnet.md

Co-authored-by: Nic Klaassen <nic@goteleport.com>

---------

Co-authored-by: Nic Klaassen <nic@goteleport.com>

* docs: mention the --days flag when executing an audit log query (#45764)

* Update access-monitoring.mdx

Include the default date range in the CLI example. This range is otherwise unclear and is hidden in the tctl audit help menu.

* Update access-monitoring.mdx

* Update docs/pages/admin-guides/access-controls/access-monitoring.mdx

Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>

---------

Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>

* Remove access-graph path resolution, proxy `/enterprise` requests (#46541)

* Remove `access-graph` path from tsconfig

* Proxy /enterprise requested in dev

* update e ref (#46726)

* fix: tolerate mismatched key PEM headers (#46725)

* fix: tolerate mismatched key PEM headers

Issue #43381 introduced a regression where we now fail to parse PKCS8
encoded RSA private keys within an "RSA PRIVATE KEY" PEM block in
some cases.
This format is somewhat non-standard, usually PKCS8 data should be in a
"PRIVATE KEY" PEM block. However, certain versions of OpenSSL and
possibly even Teleport in specific cases have generated private keys in
this format.

This commit updates ParsePrivateKey and ParsePublicKey to be more
tolerant of PKCS8, PKCS1, or PKIX key data no matter which PEM header is
used.

Fixes #46710

changelog: fixed regression in private key parser to handle mismatched PEM headers

* fix typo in comment

Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>

---------

Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>

* Use dynamic base path for favicon images (#46719)

* Add Datadog Incident Management plugin support (#46271)

* Implement datadog plugin

* Add unit tests

* Add fallback recipient config

* Rename to Datadog Incident Management

* Update tests

* Datadog Incident Management

* Update tctl resource plugin command

* Typos

* Lint

* Exclude api changes for now

* Set channel size

* Address feedback

- Add PluginShutdownTimeout const
- Support api endpoint configuration
- Add additional godocs/comments

* Comment about datadog client package

* Document Datadog API types

* Only post resolution message when the AR is resolved

* Fix lint

* Unused function

---------

Co-authored-by: hugoShaka <hugo.hervieux@goteleport.com>

* Add AutoUpdate Client/Cache implementation (#46661)

* Add AutoUpdate Client/Cache implementation

* CR changes

* Add permission for proxy to access resources

* Rename all occurrences auto update to camelcase

* Remove auto update client wrapper

* Drop AutoUpdateServiceClient helper
Rename comments for consistency

* User Tasks: services and clients implementation (#46131)

This PR adds the implementation for the User Tasks:
- services (backend+cache)
- clients (API + tctl)
- light validation to set up the path for later PRs

* expanding testplan for host user creation (#46729)

* Fix operator docs reference generator bug (#46732)

In the reference page for one Kubernetes operator resource, some
Markdown links are malformed.

The issue is that some fields of custom resource definitions used by the
operator consist of arrays of anonymous objects with fields that are
also objects. When creating docs based on these fields, the operator
resource docs generator creates a malformed link reference.

This change modifies the generator to replace any spaces with hyphens
before outputting link references, causing the resulting internal links
to work correctly.

This change also does some light refactoring to remove an unnecessary
`switch` statement.

* [auto] Update AMI IDs for 16.4.0 (#46746)

Co-authored-by: GitHub <noreply@github.com>

* Remove deprecated HTTP RemoteCluster endpoints (#46756)

* Remove deprecated HTTP RemoteCluster endpoints

* Remove redundant test

* Add `tbot` helm chart to `version.mk` (#46763)

* Remove LockConfiguration.LockName (#46772)

Cleans up the deprecated config option now that
gravitational/teleport.e#5034 has been
merged.

* adding a reference to  to the host user guide (#46765)

* Replace more Logrus usage with Slog (#46757)

* Remove logrus from lib/auth/machineid

* Switch authclient.Config.Log and TunnelAuthDialerConfig.Log to Slog

* Add *slog.Logger to auth.Server

* Remove logrus usage in `lib/auth/access.go`

* Replace logrus with slog in lib/auth/accountrecovery.go

* Replace logrus with slog in `lib/auth/apiserver.go`

* Add missing logger to auth.Server

* Fix test

* Update AWS roles ARNs displayed on `tsh app login` for AWS console apps (#44983)

* feat(tsh): list aws console logins from server

* chore(services): remove unified resources change

This is being covered on another PR.

* test(tsh): solve TestAzure flakiness by waiting using app servers are ready

* fix(tsh): apps with logins were fallingback into using aws arns

* refactor(client): use GetEnrichedResources

* chore(client): rename function

* refactor(tsh): directly resource lisiting for apps and reuse cluster client

* chore(client): reset client changes

* refactor(tsh): reuse cluster client for fetching allowed logins

* chore(tsh): remove unused function param

* refactor(tsh): update getApp retry with login

* refactor(tsh): use a single function to grab profile and cluste client

* refactor(tsh): perform retry with login at caller site

* fix(tsh): close auth client

* test(tsh): fix test failing due to login misconfiguration

* test(tsh): fix lint errors

* test(tsh): remove unused imports

* bulk audit event export api (#46399)

* Reverting back to using the emitSessionJoin boolean

* Nits and removing a debug log

---------

Co-authored-by: Marco Dinis <marco.dinis@goteleport.com>
Co-authored-by: Michael <michael.myers@goteleport.com>
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Co-authored-by: Rafał Cieślak <rafal.cieslak@goteleport.com>
Co-authored-by: Nic Klaassen <nic@goteleport.com>
Co-authored-by: Dan Johns <117299936+djohns7@users.noreply.github.com>
Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
Co-authored-by: Ryan Clark <ryan.clark@goteleport.com>
Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>
Co-authored-by: Bernard Kim <bernard@goteleport.com>
Co-authored-by: hugoShaka <hugo.hervieux@goteleport.com>
Co-authored-by: Vadym Popov <vadym.popov@goteleport.com>
Co-authored-by: Erik Tate <erik.tate@goteleport.com>
Co-authored-by: teleport-post-release-automation[bot] <128860004+teleport-post-release-automation[bot]@users.noreply.github.com>
Co-authored-by: GitHub <noreply@github.com>
Co-authored-by: Noah Stride <noah.stride@goteleport.com>
Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
Co-authored-by: Gabriel Corado <gabriel.oliveira@goteleport.com>
Co-authored-by: Forrest <30576607+fspmarshall@users.noreply.github.com>
mvbrock added a commit that referenced this pull request Sep 24, 2024
* Displaying mode and controls to additional participants

* Moving SessionControlsInfoBroadcast over to kube/proxy

* Transitioning to consistent proxy-emitted mode+controls

* Moving message broadcast so new participant wont see it

* Possible unit test fix (cant seem to test locally)

* Fixed unit test

* Adding a line break before messaging the participant

* Linter errors

* Emitting audit event and controls message for additional parties, i.e. not the session initiator

* Revert "Emitting audit event and controls message for additional parties, i.e. not the session initiator"

This reverts commit b66ad27.

* Add User Tasks resource - protos (#46059)

* Add User Integration Tasks resource - protos

* add account id

* move state to task instead of instance

* rename from user integration task to user task

* add instance id

* Add notice to web UI that users arent equal to MAU (#46686)

This adds a dismissible notice to the Users page for usage based billing
users that notifies them that the user count here isn't an accurate
reflection of MAU

* Clarify TLS requirements in the Jira guide (#46484)

Closes #45654

- Indicate that certificates for the Jira web server cannot be self
  signed.
- Remove references to Caddy and a `Certificate` resource, which were
  left over from an attempted change to this guide that was not fully
  completed.

* Remove TXT record validation of custom DNS zones in VNet (#46709)

* Remove TXT record validation from custom DNS zones

* Remove mentions of TXT records from docs

* Outline in the RFD why domain verification was dropped

* Update rfd/0163-vnet.md

Co-authored-by: Nic Klaassen <nic@goteleport.com>

---------

Co-authored-by: Nic Klaassen <nic@goteleport.com>

* docs: mention the --days flag when executing an audit log query (#45764)

* Update access-monitoring.mdx

Include the default date range in the CLI example. This range is otherwise unclear and is hidden in the tctl audit help menu.

* Update access-monitoring.mdx

* Update docs/pages/admin-guides/access-controls/access-monitoring.mdx

Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>

---------

Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>

* Remove access-graph path resolution, proxy `/enterprise` requests (#46541)

* Remove `access-graph` path from tsconfig

* Proxy /enterprise requested in dev

* update e ref (#46726)

* fix: tolerate mismatched key PEM headers (#46725)

* fix: tolerate mismatched key PEM headers

Issue #43381 introduced a regression where we now fail to parse PKCS8
encoded RSA private keys within an "RSA PRIVATE KEY" PEM block in
some cases.
This format is somewhat non-standard, usually PKCS8 data should be in a
"PRIVATE KEY" PEM block. However, certain versions of OpenSSL and
possibly even Teleport in specific cases have generated private keys in
this format.

This commit updates ParsePrivateKey and ParsePublicKey to be more
tolerant of PKCS8, PKCS1, or PKIX key data no matter which PEM header is
used.

Fixes #46710

changelog: fixed regression in private key parser to handle mismatched PEM headers

* fix typo in comment

Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>

---------

Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>

* Use dynamic base path for favicon images (#46719)

* Add Datadog Incident Management plugin support (#46271)

* Implement datadog plugin

* Add unit tests

* Add fallback recipient config

* Rename to Datadog Incident Management

* Update tests

* Datadog Incident Management

* Update tctl resource plugin command

* Typos

* Lint

* Exclude api changes for now

* Set channel size

* Address feedback

- Add PluginShutdownTimeout const
- Support api endpoint configuration
- Add additional godocs/comments

* Comment about datadog client package

* Document Datadog API types

* Only post resolution message when the AR is resolved

* Fix lint

* Unused function

---------

Co-authored-by: hugoShaka <hugo.hervieux@goteleport.com>

* Add AutoUpdate Client/Cache implementation (#46661)

* Add AutoUpdate Client/Cache implementation

* CR changes

* Add permission for proxy to access resources

* Rename all occurrences auto update to camelcase

* Remove auto update client wrapper

* Drop AutoUpdateServiceClient helper
Rename comments for consistency

* User Tasks: services and clients implementation (#46131)

This PR adds the implementation for the User Tasks:
- services (backend+cache)
- clients (API + tctl)
- light validation to set up the path for later PRs

* expanding testplan for host user creation (#46729)

* Fix operator docs reference generator bug (#46732)

In the reference page for one Kubernetes operator resource, some
Markdown links are malformed.

The issue is that some fields of custom resource definitions used by the
operator consist of arrays of anonymous objects with fields that are
also objects. When creating docs based on these fields, the operator
resource docs generator creates a malformed link reference.

This change modifies the generator to replace any spaces with hyphens
before outputting link references, causing the resulting internal links
to work correctly.

This change also does some light refactoring to remove an unnecessary
`switch` statement.

* [auto] Update AMI IDs for 16.4.0 (#46746)

Co-authored-by: GitHub <noreply@github.com>

* Remove deprecated HTTP RemoteCluster endpoints (#46756)

* Remove deprecated HTTP RemoteCluster endpoints

* Remove redundant test

* Add `tbot` helm chart to `version.mk` (#46763)

* Remove LockConfiguration.LockName (#46772)

Cleans up the deprecated config option now that
gravitational/teleport.e#5034 has been
merged.

* adding a reference to  to the host user guide (#46765)

* Replace more Logrus usage with Slog (#46757)

* Remove logrus from lib/auth/machineid

* Switch authclient.Config.Log and TunnelAuthDialerConfig.Log to Slog

* Add *slog.Logger to auth.Server

* Remove logrus usage in `lib/auth/access.go`

* Replace logrus with slog in lib/auth/accountrecovery.go

* Replace logrus with slog in `lib/auth/apiserver.go`

* Add missing logger to auth.Server

* Fix test

* Update AWS roles ARNs displayed on `tsh app login` for AWS console apps (#44983)

* feat(tsh): list aws console logins from server

* chore(services): remove unified resources change

This is being covered on another PR.

* test(tsh): solve TestAzure flakiness by waiting using app servers are ready

* fix(tsh): apps with logins were fallingback into using aws arns

* refactor(client): use GetEnrichedResources

* chore(client): rename function

* refactor(tsh): directly resource lisiting for apps and reuse cluster client

* chore(client): reset client changes

* refactor(tsh): reuse cluster client for fetching allowed logins

* chore(tsh): remove unused function param

* refactor(tsh): update getApp retry with login

* refactor(tsh): use a single function to grab profile and cluste client

* refactor(tsh): perform retry with login at caller site

* fix(tsh): close auth client

* test(tsh): fix test failing due to login misconfiguration

* test(tsh): fix lint errors

* test(tsh): remove unused imports

* bulk audit event export api (#46399)

* Reverting back to using the emitSessionJoin boolean

* Nits and removing a debug log

---------

Co-authored-by: Marco Dinis <marco.dinis@goteleport.com>
Co-authored-by: Michael <michael.myers@goteleport.com>
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Co-authored-by: Rafał Cieślak <rafal.cieslak@goteleport.com>
Co-authored-by: Nic Klaassen <nic@goteleport.com>
Co-authored-by: Dan Johns <117299936+djohns7@users.noreply.github.com>
Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
Co-authored-by: Ryan Clark <ryan.clark@goteleport.com>
Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>
Co-authored-by: Bernard Kim <bernard@goteleport.com>
Co-authored-by: hugoShaka <hugo.hervieux@goteleport.com>
Co-authored-by: Vadym Popov <vadym.popov@goteleport.com>
Co-authored-by: Erik Tate <erik.tate@goteleport.com>
Co-authored-by: teleport-post-release-automation[bot] <128860004+teleport-post-release-automation[bot]@users.noreply.github.com>
Co-authored-by: GitHub <noreply@github.com>
Co-authored-by: Noah Stride <noah.stride@goteleport.com>
Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
Co-authored-by: Gabriel Corado <gabriel.oliveira@goteleport.com>
Co-authored-by: Forrest <30576607+fspmarshall@users.noreply.github.com>
mvbrock added a commit that referenced this pull request Sep 25, 2024
* Displaying mode and controls to additional participants

* Moving SessionControlsInfoBroadcast over to kube/proxy

* Transitioning to consistent proxy-emitted mode+controls

* Moving message broadcast so new participant wont see it

* Possible unit test fix (cant seem to test locally)

* Fixed unit test

* Adding a line break before messaging the participant

* Linter errors

* Emitting audit event and controls message for additional parties, i.e. not the session initiator

* Revert "Emitting audit event and controls message for additional parties, i.e. not the session initiator"

This reverts commit b66ad27.

* Add User Tasks resource - protos (#46059)

* Add User Integration Tasks resource - protos

* add account id

* move state to task instead of instance

* rename from user integration task to user task

* add instance id

* Add notice to web UI that users arent equal to MAU (#46686)

This adds a dismissible notice to the Users page for usage based billing
users that notifies them that the user count here isn't an accurate
reflection of MAU

* Clarify TLS requirements in the Jira guide (#46484)

Closes #45654

- Indicate that certificates for the Jira web server cannot be self
  signed.
- Remove references to Caddy and a `Certificate` resource, which were
  left over from an attempted change to this guide that was not fully
  completed.

* Remove TXT record validation of custom DNS zones in VNet (#46709)

* Remove TXT record validation from custom DNS zones

* Remove mentions of TXT records from docs

* Outline in the RFD why domain verification was dropped

* Update rfd/0163-vnet.md

Co-authored-by: Nic Klaassen <nic@goteleport.com>

---------

Co-authored-by: Nic Klaassen <nic@goteleport.com>

* docs: mention the --days flag when executing an audit log query (#45764)

* Update access-monitoring.mdx

Include the default date range in the CLI example. This range is otherwise unclear and is hidden in the tctl audit help menu.

* Update access-monitoring.mdx

* Update docs/pages/admin-guides/access-controls/access-monitoring.mdx

Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>

---------

Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>

* Remove access-graph path resolution, proxy `/enterprise` requests (#46541)

* Remove `access-graph` path from tsconfig

* Proxy /enterprise requested in dev

* update e ref (#46726)

* fix: tolerate mismatched key PEM headers (#46725)

* fix: tolerate mismatched key PEM headers

Issue #43381 introduced a regression where we now fail to parse PKCS8
encoded RSA private keys within an "RSA PRIVATE KEY" PEM block in
some cases.
This format is somewhat non-standard, usually PKCS8 data should be in a
"PRIVATE KEY" PEM block. However, certain versions of OpenSSL and
possibly even Teleport in specific cases have generated private keys in
this format.

This commit updates ParsePrivateKey and ParsePublicKey to be more
tolerant of PKCS8, PKCS1, or PKIX key data no matter which PEM header is
used.

Fixes #46710

changelog: fixed regression in private key parser to handle mismatched PEM headers

* fix typo in comment

Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>

---------

Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>

* Use dynamic base path for favicon images (#46719)

* Add Datadog Incident Management plugin support (#46271)

* Implement datadog plugin

* Add unit tests

* Add fallback recipient config

* Rename to Datadog Incident Management

* Update tests

* Datadog Incident Management

* Update tctl resource plugin command

* Typos

* Lint

* Exclude api changes for now

* Set channel size

* Address feedback

- Add PluginShutdownTimeout const
- Support api endpoint configuration
- Add additional godocs/comments

* Comment about datadog client package

* Document Datadog API types

* Only post resolution message when the AR is resolved

* Fix lint

* Unused function

---------

Co-authored-by: hugoShaka <hugo.hervieux@goteleport.com>

* Add AutoUpdate Client/Cache implementation (#46661)

* Add AutoUpdate Client/Cache implementation

* CR changes

* Add permission for proxy to access resources

* Rename all occurrences auto update to camelcase

* Remove auto update client wrapper

* Drop AutoUpdateServiceClient helper
Rename comments for consistency

* User Tasks: services and clients implementation (#46131)

This PR adds the implementation for the User Tasks:
- services (backend+cache)
- clients (API + tctl)
- light validation to set up the path for later PRs

* expanding testplan for host user creation (#46729)

* Fix operator docs reference generator bug (#46732)

In the reference page for one Kubernetes operator resource, some
Markdown links are malformed.

The issue is that some fields of custom resource definitions used by the
operator consist of arrays of anonymous objects with fields that are
also objects. When creating docs based on these fields, the operator
resource docs generator creates a malformed link reference.

This change modifies the generator to replace any spaces with hyphens
before outputting link references, causing the resulting internal links
to work correctly.

This change also does some light refactoring to remove an unnecessary
`switch` statement.

* [auto] Update AMI IDs for 16.4.0 (#46746)

Co-authored-by: GitHub <noreply@github.com>

* Remove deprecated HTTP RemoteCluster endpoints (#46756)

* Remove deprecated HTTP RemoteCluster endpoints

* Remove redundant test

* Add `tbot` helm chart to `version.mk` (#46763)

* Remove LockConfiguration.LockName (#46772)

Cleans up the deprecated config option now that
gravitational/teleport.e#5034 has been
merged.

* adding a reference to  to the host user guide (#46765)

* Replace more Logrus usage with Slog (#46757)

* Remove logrus from lib/auth/machineid

* Switch authclient.Config.Log and TunnelAuthDialerConfig.Log to Slog

* Add *slog.Logger to auth.Server

* Remove logrus usage in `lib/auth/access.go`

* Replace logrus with slog in lib/auth/accountrecovery.go

* Replace logrus with slog in `lib/auth/apiserver.go`

* Add missing logger to auth.Server

* Fix test

* Update AWS roles ARNs displayed on `tsh app login` for AWS console apps (#44983)

* feat(tsh): list aws console logins from server

* chore(services): remove unified resources change

This is being covered on another PR.

* test(tsh): solve TestAzure flakiness by waiting using app servers are ready

* fix(tsh): apps with logins were fallingback into using aws arns

* refactor(client): use GetEnrichedResources

* chore(client): rename function

* refactor(tsh): directly resource lisiting for apps and reuse cluster client

* chore(client): reset client changes

* refactor(tsh): reuse cluster client for fetching allowed logins

* chore(tsh): remove unused function param

* refactor(tsh): update getApp retry with login

* refactor(tsh): use a single function to grab profile and cluste client

* refactor(tsh): perform retry with login at caller site

* fix(tsh): close auth client

* test(tsh): fix test failing due to login misconfiguration

* test(tsh): fix lint errors

* test(tsh): remove unused imports

* bulk audit event export api (#46399)

* Reverting back to using the emitSessionJoin boolean

* Nits and removing a debug log

---------

Co-authored-by: Marco Dinis <marco.dinis@goteleport.com>
Co-authored-by: Michael <michael.myers@goteleport.com>
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Co-authored-by: Rafał Cieślak <rafal.cieslak@goteleport.com>
Co-authored-by: Nic Klaassen <nic@goteleport.com>
Co-authored-by: Dan Johns <117299936+djohns7@users.noreply.github.com>
Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
Co-authored-by: Ryan Clark <ryan.clark@goteleport.com>
Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>
Co-authored-by: Bernard Kim <bernard@goteleport.com>
Co-authored-by: hugoShaka <hugo.hervieux@goteleport.com>
Co-authored-by: Vadym Popov <vadym.popov@goteleport.com>
Co-authored-by: Erik Tate <erik.tate@goteleport.com>
Co-authored-by: teleport-post-release-automation[bot] <128860004+teleport-post-release-automation[bot]@users.noreply.github.com>
Co-authored-by: GitHub <noreply@github.com>
Co-authored-by: Noah Stride <noah.stride@goteleport.com>
Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
Co-authored-by: Gabriel Corado <gabriel.oliveira@goteleport.com>
Co-authored-by: Forrest <30576607+fspmarshall@users.noreply.github.com>
github-merge-queue bot pushed a commit that referenced this pull request Sep 25, 2024
)

* Displaying mode and controls to additional participants

* Moving SessionControlsInfoBroadcast over to kube/proxy

* Transitioning to consistent proxy-emitted mode+controls

* Moving message broadcast so new participant wont see it

* Possible unit test fix (cant seem to test locally)

* Fixed unit test

* Adding a line break before messaging the participant

* Linter errors

* Emitting audit event and controls message for additional parties, i.e. not the session initiator

* Revert "Emitting audit event and controls message for additional parties, i.e. not the session initiator"

This reverts commit b66ad27.

* Add User Tasks resource - protos (#46059)

* Add User Integration Tasks resource - protos

* add account id

* move state to task instead of instance

* rename from user integration task to user task

* add instance id

* Add notice to web UI that users arent equal to MAU (#46686)

This adds a dismissible notice to the Users page for usage based billing
users that notifies them that the user count here isn't an accurate
reflection of MAU

* Clarify TLS requirements in the Jira guide (#46484)

Closes #45654

- Indicate that certificates for the Jira web server cannot be self
  signed.
- Remove references to Caddy and a `Certificate` resource, which were
  left over from an attempted change to this guide that was not fully
  completed.

* Remove TXT record validation of custom DNS zones in VNet (#46709)

* Remove TXT record validation from custom DNS zones

* Remove mentions of TXT records from docs

* Outline in the RFD why domain verification was dropped

* Update rfd/0163-vnet.md



---------



* docs: mention the --days flag when executing an audit log query (#45764)

* Update access-monitoring.mdx

Include the default date range in the CLI example. This range is otherwise unclear and is hidden in the tctl audit help menu.

* Update access-monitoring.mdx

* Update docs/pages/admin-guides/access-controls/access-monitoring.mdx



---------



* Remove access-graph path resolution, proxy `/enterprise` requests (#46541)

* Remove `access-graph` path from tsconfig

* Proxy /enterprise requested in dev

* update e ref (#46726)

* fix: tolerate mismatched key PEM headers (#46725)

* fix: tolerate mismatched key PEM headers

Issue #43381 introduced a regression where we now fail to parse PKCS8
encoded RSA private keys within an "RSA PRIVATE KEY" PEM block in
some cases.
This format is somewhat non-standard, usually PKCS8 data should be in a
"PRIVATE KEY" PEM block. However, certain versions of OpenSSL and
possibly even Teleport in specific cases have generated private keys in
this format.

This commit updates ParsePrivateKey and ParsePublicKey to be more
tolerant of PKCS8, PKCS1, or PKIX key data no matter which PEM header is
used.

Fixes #46710

changelog: fixed regression in private key parser to handle mismatched PEM headers

* fix typo in comment



---------



* Use dynamic base path for favicon images (#46719)

* Add Datadog Incident Management plugin support (#46271)

* Implement datadog plugin

* Add unit tests

* Add fallback recipient config

* Rename to Datadog Incident Management

* Update tests

* Datadog Incident Management

* Update tctl resource plugin command

* Typos

* Lint

* Exclude api changes for now

* Set channel size

* Address feedback

- Add PluginShutdownTimeout const
- Support api endpoint configuration
- Add additional godocs/comments

* Comment about datadog client package

* Document Datadog API types

* Only post resolution message when the AR is resolved

* Fix lint

* Unused function

---------



* Add AutoUpdate Client/Cache implementation (#46661)

* Add AutoUpdate Client/Cache implementation

* CR changes

* Add permission for proxy to access resources

* Rename all occurrences auto update to camelcase

* Remove auto update client wrapper

* Drop AutoUpdateServiceClient helper
Rename comments for consistency

* User Tasks: services and clients implementation (#46131)

This PR adds the implementation for the User Tasks:
- services (backend+cache)
- clients (API + tctl)
- light validation to set up the path for later PRs

* expanding testplan for host user creation (#46729)

* Fix operator docs reference generator bug (#46732)

In the reference page for one Kubernetes operator resource, some
Markdown links are malformed.

The issue is that some fields of custom resource definitions used by the
operator consist of arrays of anonymous objects with fields that are
also objects. When creating docs based on these fields, the operator
resource docs generator creates a malformed link reference.

This change modifies the generator to replace any spaces with hyphens
before outputting link references, causing the resulting internal links
to work correctly.

This change also does some light refactoring to remove an unnecessary
`switch` statement.

* [auto] Update AMI IDs for 16.4.0 (#46746)



* Remove deprecated HTTP RemoteCluster endpoints (#46756)

* Remove deprecated HTTP RemoteCluster endpoints

* Remove redundant test

* Add `tbot` helm chart to `version.mk` (#46763)

* Remove LockConfiguration.LockName (#46772)

Cleans up the deprecated config option now that
gravitational/teleport.e#5034 has been
merged.

* adding a reference to  to the host user guide (#46765)

* Replace more Logrus usage with Slog (#46757)

* Remove logrus from lib/auth/machineid

* Switch authclient.Config.Log and TunnelAuthDialerConfig.Log to Slog

* Add *slog.Logger to auth.Server

* Remove logrus usage in `lib/auth/access.go`

* Replace logrus with slog in lib/auth/accountrecovery.go

* Replace logrus with slog in `lib/auth/apiserver.go`

* Add missing logger to auth.Server

* Fix test

* Update AWS roles ARNs displayed on `tsh app login` for AWS console apps (#44983)

* feat(tsh): list aws console logins from server

* chore(services): remove unified resources change

This is being covered on another PR.

* test(tsh): solve TestAzure flakiness by waiting using app servers are ready

* fix(tsh): apps with logins were fallingback into using aws arns

* refactor(client): use GetEnrichedResources

* chore(client): rename function

* refactor(tsh): directly resource lisiting for apps and reuse cluster client

* chore(client): reset client changes

* refactor(tsh): reuse cluster client for fetching allowed logins

* chore(tsh): remove unused function param

* refactor(tsh): update getApp retry with login

* refactor(tsh): use a single function to grab profile and cluste client

* refactor(tsh): perform retry with login at caller site

* fix(tsh): close auth client

* test(tsh): fix test failing due to login misconfiguration

* test(tsh): fix lint errors

* test(tsh): remove unused imports

* bulk audit event export api (#46399)

* Reverting back to using the emitSessionJoin boolean

* Nits and removing a debug log

---------

Co-authored-by: Marco Dinis <marco.dinis@goteleport.com>
Co-authored-by: Michael <michael.myers@goteleport.com>
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Co-authored-by: Rafał Cieślak <rafal.cieslak@goteleport.com>
Co-authored-by: Nic Klaassen <nic@goteleport.com>
Co-authored-by: Dan Johns <117299936+djohns7@users.noreply.github.com>
Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
Co-authored-by: Ryan Clark <ryan.clark@goteleport.com>
Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>
Co-authored-by: Bernard Kim <bernard@goteleport.com>
Co-authored-by: hugoShaka <hugo.hervieux@goteleport.com>
Co-authored-by: Vadym Popov <vadym.popov@goteleport.com>
Co-authored-by: Erik Tate <erik.tate@goteleport.com>
Co-authored-by: teleport-post-release-automation[bot] <128860004+teleport-post-release-automation[bot]@users.noreply.github.com>
Co-authored-by: GitHub <noreply@github.com>
Co-authored-by: Noah Stride <noah.stride@goteleport.com>
Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
Co-authored-by: Gabriel Corado <gabriel.oliveira@goteleport.com>
Co-authored-by: Forrest <30576607+fspmarshall@users.noreply.github.com>
github-merge-queue bot pushed a commit that referenced this pull request Sep 25, 2024
)

* Displaying mode and controls to additional participants

* Moving SessionControlsInfoBroadcast over to kube/proxy

* Transitioning to consistent proxy-emitted mode+controls

* Moving message broadcast so new participant wont see it

* Possible unit test fix (cant seem to test locally)

* Fixed unit test

* Adding a line break before messaging the participant

* Linter errors

* Emitting audit event and controls message for additional parties, i.e. not the session initiator

* Revert "Emitting audit event and controls message for additional parties, i.e. not the session initiator"

This reverts commit b66ad27.

* Add User Tasks resource - protos (#46059)

* Add User Integration Tasks resource - protos

* add account id

* move state to task instead of instance

* rename from user integration task to user task

* add instance id

* Add notice to web UI that users arent equal to MAU (#46686)

This adds a dismissible notice to the Users page for usage based billing
users that notifies them that the user count here isn't an accurate
reflection of MAU

* Clarify TLS requirements in the Jira guide (#46484)

Closes #45654

- Indicate that certificates for the Jira web server cannot be self
  signed.
- Remove references to Caddy and a `Certificate` resource, which were
  left over from an attempted change to this guide that was not fully
  completed.

* Remove TXT record validation of custom DNS zones in VNet (#46709)

* Remove TXT record validation from custom DNS zones

* Remove mentions of TXT records from docs

* Outline in the RFD why domain verification was dropped

* Update rfd/0163-vnet.md



---------



* docs: mention the --days flag when executing an audit log query (#45764)

* Update access-monitoring.mdx

Include the default date range in the CLI example. This range is otherwise unclear and is hidden in the tctl audit help menu.

* Update access-monitoring.mdx

* Update docs/pages/admin-guides/access-controls/access-monitoring.mdx



---------



* Remove access-graph path resolution, proxy `/enterprise` requests (#46541)

* Remove `access-graph` path from tsconfig

* Proxy /enterprise requested in dev

* update e ref (#46726)

* fix: tolerate mismatched key PEM headers (#46725)

* fix: tolerate mismatched key PEM headers

Issue #43381 introduced a regression where we now fail to parse PKCS8
encoded RSA private keys within an "RSA PRIVATE KEY" PEM block in
some cases.
This format is somewhat non-standard, usually PKCS8 data should be in a
"PRIVATE KEY" PEM block. However, certain versions of OpenSSL and
possibly even Teleport in specific cases have generated private keys in
this format.

This commit updates ParsePrivateKey and ParsePublicKey to be more
tolerant of PKCS8, PKCS1, or PKIX key data no matter which PEM header is
used.

Fixes #46710

changelog: fixed regression in private key parser to handle mismatched PEM headers

* fix typo in comment



---------



* Use dynamic base path for favicon images (#46719)

* Add Datadog Incident Management plugin support (#46271)

* Implement datadog plugin

* Add unit tests

* Add fallback recipient config

* Rename to Datadog Incident Management

* Update tests

* Datadog Incident Management

* Update tctl resource plugin command

* Typos

* Lint

* Exclude api changes for now

* Set channel size

* Address feedback

- Add PluginShutdownTimeout const
- Support api endpoint configuration
- Add additional godocs/comments

* Comment about datadog client package

* Document Datadog API types

* Only post resolution message when the AR is resolved

* Fix lint

* Unused function

---------



* Add AutoUpdate Client/Cache implementation (#46661)

* Add AutoUpdate Client/Cache implementation

* CR changes

* Add permission for proxy to access resources

* Rename all occurrences auto update to camelcase

* Remove auto update client wrapper

* Drop AutoUpdateServiceClient helper
Rename comments for consistency

* User Tasks: services and clients implementation (#46131)

This PR adds the implementation for the User Tasks:
- services (backend+cache)
- clients (API + tctl)
- light validation to set up the path for later PRs

* expanding testplan for host user creation (#46729)

* Fix operator docs reference generator bug (#46732)

In the reference page for one Kubernetes operator resource, some
Markdown links are malformed.

The issue is that some fields of custom resource definitions used by the
operator consist of arrays of anonymous objects with fields that are
also objects. When creating docs based on these fields, the operator
resource docs generator creates a malformed link reference.

This change modifies the generator to replace any spaces with hyphens
before outputting link references, causing the resulting internal links
to work correctly.

This change also does some light refactoring to remove an unnecessary
`switch` statement.

* [auto] Update AMI IDs for 16.4.0 (#46746)



* Remove deprecated HTTP RemoteCluster endpoints (#46756)

* Remove deprecated HTTP RemoteCluster endpoints

* Remove redundant test

* Add `tbot` helm chart to `version.mk` (#46763)

* Remove LockConfiguration.LockName (#46772)

Cleans up the deprecated config option now that
gravitational/teleport.e#5034 has been
merged.

* adding a reference to  to the host user guide (#46765)

* Replace more Logrus usage with Slog (#46757)

* Remove logrus from lib/auth/machineid

* Switch authclient.Config.Log and TunnelAuthDialerConfig.Log to Slog

* Add *slog.Logger to auth.Server

* Remove logrus usage in `lib/auth/access.go`

* Replace logrus with slog in lib/auth/accountrecovery.go

* Replace logrus with slog in `lib/auth/apiserver.go`

* Add missing logger to auth.Server

* Fix test

* Update AWS roles ARNs displayed on `tsh app login` for AWS console apps (#44983)

* feat(tsh): list aws console logins from server

* chore(services): remove unified resources change

This is being covered on another PR.

* test(tsh): solve TestAzure flakiness by waiting using app servers are ready

* fix(tsh): apps with logins were fallingback into using aws arns

* refactor(client): use GetEnrichedResources

* chore(client): rename function

* refactor(tsh): directly resource lisiting for apps and reuse cluster client

* chore(client): reset client changes

* refactor(tsh): reuse cluster client for fetching allowed logins

* chore(tsh): remove unused function param

* refactor(tsh): update getApp retry with login

* refactor(tsh): use a single function to grab profile and cluste client

* refactor(tsh): perform retry with login at caller site

* fix(tsh): close auth client

* test(tsh): fix test failing due to login misconfiguration

* test(tsh): fix lint errors

* test(tsh): remove unused imports

* bulk audit event export api (#46399)

* Reverting back to using the emitSessionJoin boolean

* Nits and removing a debug log

---------

Co-authored-by: Marco Dinis <marco.dinis@goteleport.com>
Co-authored-by: Michael <michael.myers@goteleport.com>
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Co-authored-by: Rafał Cieślak <rafal.cieslak@goteleport.com>
Co-authored-by: Nic Klaassen <nic@goteleport.com>
Co-authored-by: Dan Johns <117299936+djohns7@users.noreply.github.com>
Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
Co-authored-by: Ryan Clark <ryan.clark@goteleport.com>
Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>
Co-authored-by: Bernard Kim <bernard@goteleport.com>
Co-authored-by: hugoShaka <hugo.hervieux@goteleport.com>
Co-authored-by: Vadym Popov <vadym.popov@goteleport.com>
Co-authored-by: Erik Tate <erik.tate@goteleport.com>
Co-authored-by: teleport-post-release-automation[bot] <128860004+teleport-post-release-automation[bot]@users.noreply.github.com>
Co-authored-by: GitHub <noreply@github.com>
Co-authored-by: Noah Stride <noah.stride@goteleport.com>
Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
Co-authored-by: Gabriel Corado <gabriel.oliveira@goteleport.com>
Co-authored-by: Forrest <30576607+fspmarshall@users.noreply.github.com>
avatus added a commit that referenced this pull request Oct 2, 2024
Manual backport for #46686 because the components and styles never got
backported to v16. This feature was rebuilt for pre-v17 branches using
the old Alert component and styles.
avatus added a commit that referenced this pull request Oct 3, 2024
Manual backport for #46686 because the components and styles never got
backported to v16. This feature was rebuilt for pre-v17 branches using
the old Alert component and styles.
github-merge-queue bot pushed a commit that referenced this pull request Oct 3, 2024
Manual backport for #46686 because the components and styles never got
backported to v16. This feature was rebuilt for pre-v17 branches using
the old Alert component and styles.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants