Skip to content

Commit

Permalink
Merge branch 'master' into bernard/tctl-alert-ttl
Browse files Browse the repository at this point in the history
  • Loading branch information
bernardjkim authored Jun 24, 2024
2 parents 1d4a208 + b40c3d4 commit 06c163b
Show file tree
Hide file tree
Showing 66 changed files with 3,328 additions and 3,027 deletions.
7 changes: 7 additions & 0 deletions api/proto/teleport/legacy/types/types.proto
Original file line number Diff line number Diff line change
Expand Up @@ -619,6 +619,13 @@ message DatabaseTLS {
// ServerName allows to provide custom hostname. This value will override the
// servername/hostname on a certificate during validation.
string ServerName = 3 [(gogoproto.jsontag) = "server_name,omitempty"];
// TrustSystemCertPool allows Teleport to trust certificate authorities
// available on the host system. If not set (by default), Teleport only
// trusts self-signed databases with TLS certificates signed by Teleport's
// Database Server CA or the ca_cert specified in this TLS setting. For
// cloud-hosted databases, Teleport downloads the corresponding required CAs
// for validation.
bool TrustSystemCertPool = 4 [(gogoproto.jsontag) = "trust_system_cert_pool,omitempty"];
}

// MySQLOptions are additional MySQL database options.
Expand Down
3 changes: 2 additions & 1 deletion api/types/derived.gen.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3,302 changes: 1,672 additions & 1,630 deletions api/types/types.pb.go

Large diffs are not rendered by default.

58 changes: 27 additions & 31 deletions docs/config.json
Original file line number Diff line number Diff line change
Expand Up @@ -29,29 +29,12 @@
"slug": "/upgrading/overview/"
},
{
"title": "Teleport Cloud Agents (Linux)",
"slug": "/upgrading/cloud-linux/",
"forScopes": ["cloud"]
},
{
"title": "Teleport Cloud Agents (Kubernetes)",
"slug": "/upgrading/cloud-kubernetes/",
"forScopes": ["cloud"]
},
{
"title": "Self-Hosted Linux",
"slug": "/upgrading/self-hosted-linux/",
"forScopes": ["enterprise", "oss"]
},
{
"title": "Self-Hosted Kubernetes",
"slug": "/upgrading/self-hosted-kubernetes/",
"forScopes": ["enterprise", "oss"]
"title": "Set up Automatic Agent Updates",
"slug": "/upgrading/automatic-agent-updates/"
},
{
"title": "Self-Hosted Automatic Upgrades",
"slug": "/upgrading/self-hosted-automatic-agent-updates/",
"forScopes": ["enterprise"]
"title": "Updating Reference",
"slug": "/upgrading/reference/"
}
]
},
Expand Down Expand Up @@ -493,11 +476,24 @@
},
{
"title": "Teleport Policy",
"slug": "/access-controls/access-graph/",
"forScopes": [
"enterprise"
],
"slug": "/access-controls/teleport-policy/getting-started-policy/",
"forScopes": ["enterprise", "cloud"],
"entries": [
{
"title": "Teleport Policy Integrations",
"slug": "/access-controls/teleport-policy/policy-integrations/",
"forScopes": ["enterprise", "cloud"]
},
{
"title": "Teleport Policy Connections",
"slug": "/access-controls/teleport-policy/policy-connections/",
"forScopes": ["enterprise", "cloud"]
},
{
"title": "Teleport Policy Usage",
"slug" : "/access-controls/teleport-policy/policy-how-to-use/",
"forScopes":["enterprise","cloud"]
},
{
"title": "Teleport Policy for Self-Hosted Clusters",
"slug": "/access-controls/access-graph/self-hosted/",
Expand Down Expand Up @@ -2420,6 +2416,11 @@
"destination": "/access-controls/introduction/",
"permanent": true
},
{
"source": "/access-controls/teleport-policy/",
"destination": "/access-controls/teleport-policy/getting-started-policy/",
"permanent": true
},
{
"source": "/try-out-teleport/",
"destination": "/",
Expand Down Expand Up @@ -2697,7 +2698,7 @@
},
{
"source": "/management/operations/self-hosted-automatic-agent-updates/",
"destination": "/upgrading/self-hosted-automatic-agent-updates/",
"destination": "/upgrading/",
"permanent": true
},
{
Expand All @@ -2715,11 +2716,6 @@
"destination": "/server-access/guides/",
"permanent": true
},
{
"source": "/access-graph/",
"destination": "/access-controls/access-graph/",
"permanent": true
},
{
"source": "/database-access/guides/aws-discovery/",
"destination": "/auto-discovery/databases/",
Expand Down
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/img/access-graph/connection_view.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/img/access-graph/graph_view.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/img/access-graph/query_view.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/img/access-graph/search_view.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
230 changes: 0 additions & 230 deletions docs/pages/access-controls/access-graph.mdx

This file was deleted.

4 changes: 2 additions & 2 deletions docs/pages/access-controls/access-graph/aws-sync.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ Access Graph options can be found under the Permission Management section.
Teleport Access Graph discovers AWS access patterns, synchronizes various AWS resources,
including IAM Policies, Groups, Users, User Groups, EC2 instances, EKS clusters, and RDS databases.
These resources are then visualized using the graph representation detailed in the
[Access Graph page](../access-graph.mdx).
[Access Graph page](../teleport-policy/getting-started-policy.mdx).

The importing process involves two primary steps:

Expand Down Expand Up @@ -66,7 +66,7 @@ graphical representation thereof.
- A running Teleport Enterprise cluster v14.3.9/v15.2.0 or later.
- For self-hosted clusters, an updated `license.pem` with Teleport Policy enabled.
- For self-hosted clusters, a running Teleport Access Graph node v1.17.0 or later.
Check [Access Graph page](../access-graph.mdx) for details on
Check [Access Graph page](../teleport-policy/getting-started-policy.mdx) for details on
how to setup Teleport Access Graph.
- The node running the Access Graph service must be reachable
from Teleport Auth Service and Discovery Service.
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
---
title: Teleport Policy
description: A reference for Access Graph with Teleport Policy.
---

Teleport Policy streamlines and centralizes access management across your entire infrastructure. Access Graph provides a
visual representation of the relationships between users, roles, and resources in your organization.
It can help you answer questions like:

- What resources can a specific user access?
- What users can access a specific resource?
- What are the relationships between users, roles, and resources?

## Getting started with Teleport Policy

Access Graph is a feature of the Teleport Policy product that is only
available to Teleport Enterprise customers.

After logging into the Teleport UI, go to the Management tab. If enabled, Access Graph options can be found
under the Permission Management section.

<Admonition type="note">
Note: For managed Teleport Enterprise customers, Access Graph is enabled by default.
If you are a self-hosted Teleport customer, you will need to set up [Access Graph](../access-graph/self-hosted.mdx) and ensure you have an updated
`license.pem` with Teleport Policy enabled to use it.
</Admonition>

## Next steps
- Set up [Policy integrations](./policy-integrations.mdx) for use with Access Graph.
Loading

0 comments on commit 06c163b

Please sign in to comment.