Merge branch 'master' into tcsc/identitycenter-crud

.github/workflows/doc-tests.yaml

@@ -120,4 +120,5 @@ jobs:
           # changed files.
           filter_mode: added
           fail_on_error: true
+          vale_flags: "--config=docs/.vale.ini"
 

Makefile

@@ -361,7 +361,7 @@ binaries:
 # until we can use this Makefile for native Windows builds.
 .PHONY: $(BUILDDIR)/tctl
 $(BUILDDIR)/tctl:
-	@if [[ -z "$(LIBFIDO2_BUILD_TAG)" ]]; then \
+	@if [[ "$(OS)" != "windows" && -z "$(LIBFIDO2_BUILD_TAG)" ]]; then \
 		echo 'Warning: Building tctl without libfido2. Install libfido2 to have access to MFA.' >&2; \
 	fi
 	GOOS=$(OS) GOARCH=$(ARCH) $(CGOFLAG) go build -tags "$(PAM_TAG) $(FIPS_TAG) $(LIBFIDO2_BUILD_TAG) $(PIV_BUILD_TAG) $(KUSTOMIZE_NO_DYNAMIC_PLUGIN)" -o $(BUILDDIR)/tctl $(BUILDFLAGS) ./tool/tctl
@@ -382,7 +382,7 @@ $(BUILDDIR)/teleport: ensure-webassets bpf-bytecode rdpclient
 $(BUILDDIR)/tsh: KUBECTL_VERSION ?= $(shell go run ./build.assets/kubectl-version/main.go)
 $(BUILDDIR)/tsh: KUBECTL_SETVERSION ?= -X k8s.io/component-base/version.gitVersion=$(KUBECTL_VERSION)
 $(BUILDDIR)/tsh:
-	@if [[ -z "$(LIBFIDO2_BUILD_TAG)" ]]; then \
+	@if [[ "$(OS)" != "windows" && -z "$(LIBFIDO2_BUILD_TAG)" ]]; then \
 		echo 'Warning: Building tsh without libfido2. Install libfido2 to have access to MFA.' >&2; \
 	fi
 	GOOS=$(OS) GOARCH=$(ARCH) $(CGOFLAG_TSH) go build -tags "$(FIPS_TAG) $(LIBFIDO2_BUILD_TAG) $(TOUCHID_TAG) $(PIV_BUILD_TAG) $(VNETDAEMON_TAG) $(KUSTOMIZE_NO_DYNAMIC_PLUGIN)" -o $(BUILDDIR)/tsh $(BUILDFLAGS) ./tool/tsh

api/client/webclient/webclient.go

@@ -334,8 +334,8 @@ type ProxySettings struct {
 type AutoUpdateSettings struct {
 	// ToolsVersion defines the version of {tsh, tctl} for client auto update.
 	ToolsVersion string `json:"tools_version"`
-	// ToolsAutoUpdate enables client auto update feature.
-	ToolsAutoUpdate bool `json:"tools_auto_update"`
+	// ToolsMode defines mode client auto update feature `enabled|disabled`.
+	ToolsMode string `json:"tools_mode"`
 }
 
 // KubeProxySettings is kubernetes proxy settings

api/proto/teleport/autoupdate/v1/autoupdate.proto

@@ -33,8 +33,15 @@ message AutoUpdateConfig {
 
 // AutoUpdateConfigSpec encodes the parameters of the autoupdate config object.
 message AutoUpdateConfigSpec {
-  // ToolsAutoupdate encodes the feature flag to enable/disable tools autoupdates.
-  bool tools_autoupdate = 1;
+  reserved 1;
+  reserved "tools_autoupdate"; // ToolsAutoupdate is replaced by tools.mode.
+  AutoUpdateConfigSpecTools tools = 2;
+}
+
+// AutoUpdateConfigSpecTools encodes the parameters for client tools auto updates.
+message AutoUpdateConfigSpecTools {
+  // Mode defines state of the client tools auto update.
+  string mode = 1;
 }
 
 // AutoUpdateVersion is a resource singleton with version required for
@@ -50,6 +57,14 @@ message AutoUpdateVersion {
 
 // AutoUpdateVersionSpec encodes the parameters of the autoupdate versions.
 message AutoUpdateVersionSpec {
-  // ToolsVersion is the semantic version required for tools autoupdates.
-  string tools_version = 1;
+  reserved 1;
+  reserved "tools_version"; // ToolsVersion is replaced by tools.target_version.
+  AutoUpdateVersionSpecTools tools = 2;
+}
+
+// AutoUpdateVersionSpecTools encodes the parameters for client tools auto updates.
+message AutoUpdateVersionSpecTools {
+  // TargetVersion specifies the semantic version required for tools to establish a connection with the cluster.
+  // Client tools after connection to the cluster going to be updated to this version automatically.
+  string target_version = 1;
 }

api/proto/teleport/legacy/types/events/events.proto

@@ -4613,6 +4613,9 @@ message OneOf {
     events.AutoUpdateAgentPlanCreate AutoUpdateAgentPlanCreate = 185;
     events.AutoUpdateAgentPlanUpdate AutoUpdateAgentPlanUpdate = 186;
     events.AutoUpdateAgentPlanDelete AutoUpdateAgentPlanDelete = 187;
+    events.UserTaskCreate UserTaskCreate = 188;
+    events.UserTaskUpdate UserTaskUpdate = 189;
+    events.UserTaskDelete UserTaskDelete = 190;
   }
 }
 
@@ -7406,3 +7409,147 @@ message AutoUpdateAgentPlanDelete {
     (gogoproto.jsontag) = ""
   ];
 }
+
+// UserTaskCreate is emitted when a user task is created.
+message UserTaskCreate {
+  // Metadata is a common event metadata
+  Metadata Metadata = 1 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // Status indicates whether the update was successful.
+  Status Status = 2 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // ResourceMetadata is a common resource event metadata
+  ResourceMetadata Resource = 3 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // User is a common user event metadata
+  UserMetadata User = 4 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // ConnectionMetadata holds information about the connection
+  ConnectionMetadata Connection = 5 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // UserTaskMetadata holds information about the user task.
+  UserTaskMetadata UserTask = 6 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+}
+
+// UserTaskUpdate is emitted when a user task is updated.
+message UserTaskUpdate {
+  // Metadata is a common event metadata
+  Metadata Metadata = 1 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // Status indicates whether the update was successful.
+  Status Status = 2 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // ResourceMetadata is a common resource event metadata
+  ResourceMetadata Resource = 3 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // User is a common user event metadata.
+  UserMetadata User = 4 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // ConnectionMetadata holds information about the connection.
+  ConnectionMetadata Connection = 5 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // UserTaskMetadata holds information about the user task.
+  UserTaskMetadata UserTask = 6 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // CurrentUserTaskState is the current UserTask State.
+  string CurrentUserTaskState = 7 [(gogoproto.jsontag) = "current_user_task_state"];
+
+  // UpdatedUserTaskState is the updated UserTask State.
+  string UpdatedUserTaskState = 8 [(gogoproto.jsontag) = "updated_user_task_state"];
+}
+
+// UserTaskMetadata contains key fields for the UserTask.
+message UserTaskMetadata {
+  // TaskType is type of the task.
+  string TaskType = 1 [(gogoproto.jsontag) = "user_task_type"];
+  // IssueType is type of the issue task.
+  string IssueType = 2 [(gogoproto.jsontag) = "user_task_issue_type"];
+  // Integration is type of associated integration.
+  string Integration = 3 [(gogoproto.jsontag) = "user_task_integration"];
+}
+
+// UserTaskDelete is emitted when a user task is deleted.
+message UserTaskDelete {
+  // Metadata is a common event metadata
+  Metadata Metadata = 1 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // Status indicates whether the update was successful.
+  Status Status = 2 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // ResourceMetadata is a common resource event metadata
+  ResourceMetadata Resource = 3 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // User is a common user event metadata
+  UserMetadata User = 4 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+
+  // ConnectionMetadata holds information about the connection
+  ConnectionMetadata Connection = 5 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
+}

api/proto/teleport/legacy/types/types.proto

@@ -6347,6 +6347,21 @@ message PluginOktaSettings {
 
   // Sync settings controls the user and access list sync settings for Okta.
   PluginOktaSyncSettings sync_settings = 4;
+
+  // CredentialsInfo contains information about the Okta credentials.
+  PluginOktaCredentialsInfo credentials_info = 5;
+}
+
+// PluginOktaCredentialsInfo contains information about the Okta credentials.
+// This is used to determine if the plugin has configured the necessary credentials.
+message PluginOktaCredentialsInfo {
+  option (gogoproto.equal) = true;
+  // HasSSMSToken is true if the plugin has configured SSMSToken.
+  bool has_ssm_token = 1;
+  // HasOauthCredentials is true if the plugin has configured OauthCredentials.
+  bool has_oauth_credentials = 2;
+  // HasSCIMToken is true if the plugin has configured SCIMToken.
+  bool has_scim_token = 3;
 }
 
 // Defines settings for syncing users and access lists from Okta.

api/proto/teleport/usertasks/v1/user_tasks.proto

@@ -67,6 +67,12 @@ message DiscoverEC2 {
   string account_id = 2;
   // Region is the AWS Region where Teleport failed to enroll EC2 instances.
   string region = 3;
+  // SSMDocument is the Amazon Systems Manager SSM Document name that was used to install teleport on the instance.
+  // In Amazon console, the document is at:
+  // https://REGION.console.aws.amazon.com/systems-manager/documents/SSM_DOCUMENT/description
+  string ssm_document = 4;
+  // InstallerScript is the Teleport installer script that was used to install teleport on the instance.
+  string installer_script = 5;
 }
 
 // DiscoverEC2Instance contains the result of enrolling an AWS EC2 Instance.