Merge branch 'master' into bernard/datadog-metrics

api/client/credentials_test.go

@@ -27,7 +27,6 @@ import (
 	"log"
 	"math/big"
 	"os"
-	"path"
 	"path/filepath"
 	"testing"
 	"time"
@@ -445,7 +444,7 @@ Private-MAC: 8951bbe929e0714a61df01bc8fbc5223e3688f174aee29339931984fb9224c7d`)
 
 func TestDynamicIdentityFileCreds(t *testing.T) {
 	dir := t.TempDir()
-	identityPath := path.Join(dir, "identity")
+	identityPath := filepath.Join(dir, "identity")
 
 	idFile := &identityfile.IdentityFile{
 		PrivateKey: keyPEM,

build.assets/tooling/cmd/difftest/ast.go

@@ -69,15 +69,15 @@ func findAllSuiteRunners(repoPath string, filename []string) (RunnersMap, error)
 
 	// Find all affected directories
 	for _, f := range filename {
-		dir := path.Join(repoPath, path.Dir(f))
+		dir := filepath.Join(repoPath, path.Dir(f))
 		s[dir] = struct{}{}
 	}
 
 	allRunners := make(RunnersMap)
 
 	// Find all test files in affected directoriees
 	for dir := range s {
-		matches, err := filepath.Glob(path.Join(dir, "*_test.go"))
+		matches, err := filepath.Glob(filepath.Join(dir, "*_test.go"))
 		if err != nil {
 			return nil, trace.Wrap(err)
 		}

build.assets/tooling/cmd/difftest/main.go

@@ -22,7 +22,6 @@ import (
 	"fmt"
 	"log"
 	"os"
-	"path"
 	"path/filepath"
 	"slices"
 	"strings"
@@ -244,7 +243,7 @@ func inspect(repoPath string, ref string, changedFiles []string, fn func(string,
 			}
 		}
 
-		head, err := parseMethodMap(path.Join(repoPath, filename), nil, runners)
+		head, err := parseMethodMap(filepath.Join(repoPath, filename), nil, runners)
 		if err != nil {
 			return trace.Wrap(err)
 		}

build.assets/tooling/cmd/notarize-apple-binaries/gon_wrapper.go

@@ -21,7 +21,7 @@ package main
 import (
 	"context"
 	"os"
-	"path"
+	"path/filepath"
 
 	"github.com/gravitational/trace"
 	"github.com/hashicorp/go-hclog"
@@ -65,7 +65,7 @@ func (gw *GonWrapper) SignAndNotarizeBinaries() error {
 	if err != nil {
 		return trace.Wrap(err, "failed to zip binaries for notarization")
 	}
-	defer os.RemoveAll(path.Dir(zipPath))
+	defer os.RemoveAll(filepath.Dir(zipPath))
 
 	err = gw.NotarizeBinaries(zipPath)
 	if err != nil {
@@ -99,7 +99,7 @@ func (gw *GonWrapper) ZipBinaries() (string, error) {
 		return "", trace.Wrap(err, "failed to create temporary directory for binary zipping")
 	}
 
-	outputPath := path.Join(tmpDir, zipFileName)
+	outputPath := filepath.Join(tmpDir, zipFileName)
 	gw.logger.Debug("Using binary zip path %q", outputPath)
 
 	err = zip.Zip(gw.ctx, &zip.Options{

docs/pages/enroll-resources/machine-id/faq.mdx

@@ -17,6 +17,7 @@ best where a supported join method exists. These are:
 - Azure
 - Kubernetes
 - Spacelift
+- Terraform Cloud
 
 On CI/CD platforms where you control the runner environment (e.g self-hosted
 Jenkins runner), Machine ID can run as a daemon on the runner and the generated

docs/pages/reference/machine-id/configuration.mdx

@@ -90,6 +90,7 @@ onboarding:
   # - `kubernetes`
   # - `spacelift`
   # - `tpm`
+  # - `terraform_cloud`
   join_method: "token"
 
   # ca_pins are used to validate the identity of the Teleport Auth Service on

examples/dynamoathenamigration/migration_test.go

@@ -24,7 +24,7 @@ import (
 	"io"
 	"math/rand"
 	"os"
-	"path"
+	"path/filepath"
 	"sort"
 	"strings"
 	"sync"
@@ -62,7 +62,7 @@ func TestMigrateProcessDataObjects(t *testing.T) {
 			Logger:          utils.NewLoggerForTests(),
 			NoOfEmitWorkers: 5,
 			bufferSize:      10,
-			CheckpointPath:  path.Join(t.TempDir(), "migration-tests.json"),
+			CheckpointPath:  filepath.Join(t.TempDir(), "migration-tests.json"),
 		},
 	}
 	err := mt.ProcessDataObjects(ctx, &exportInfo{
@@ -133,7 +133,7 @@ func TestLargeEventsParse(t *testing.T) {
 			Logger:          utils.NewLoggerForTests(),
 			NoOfEmitWorkers: 5,
 			bufferSize:      10,
-			CheckpointPath:  path.Join(t.TempDir(), "migration-tests.json"),
+			CheckpointPath:  filepath.Join(t.TempDir(), "migration-tests.json"),
 		},
 	}
 	err := mt.ProcessDataObjects(ctx, &exportInfo{
@@ -223,7 +223,7 @@ func TestMigrationCheckpoint(t *testing.T) {
 		Logger:          utils.NewLoggerForTests(),
 		NoOfEmitWorkers: noOfWorkers,
 		bufferSize:      noOfWorkers * 5,
-		CheckpointPath:  path.Join(t.TempDir(), "migration-tests.json"),
+		CheckpointPath:  filepath.Join(t.TempDir(), "migration-tests.json"),
 	}
 
 	t.Run("no migration checkpoint, emit every event", func(t *testing.T) {

integration/utmp_integration_test.go

@@ -22,7 +22,7 @@ import (
 	"context"
 	"os"
 	"os/user"
-	"path"
+	"path/filepath"
 	"testing"
 	"time"
 
@@ -170,8 +170,8 @@ func TestRootUsernameLimit(t *testing.T) {
 	}
 
 	dir := t.TempDir()
-	utmpPath := path.Join(dir, "utmp")
-	wtmpPath := path.Join(dir, "wtmp")
+	utmpPath := filepath.Join(dir, "utmp")
+	wtmpPath := filepath.Join(dir, "wtmp")
 
 	err := TouchFile(utmpPath)
 	require.NoError(t, err)
@@ -287,9 +287,9 @@ func newSrvCtx(ctx context.Context, t *testing.T) *SrvCtx {
 	require.NoError(t, err)
 
 	uaccDir := t.TempDir()
-	utmpPath := path.Join(uaccDir, "utmp")
-	wtmpPath := path.Join(uaccDir, "wtmp")
-	btmpPath := path.Join(uaccDir, "btmp")
+	utmpPath := filepath.Join(uaccDir, "utmp")
+	wtmpPath := filepath.Join(uaccDir, "wtmp")
+	btmpPath := filepath.Join(uaccDir, "btmp")
 	require.NoError(t, TouchFile(utmpPath))
 	require.NoError(t, TouchFile(wtmpPath))
 	require.NoError(t, TouchFile(btmpPath))

integrations/event-handler/cli_test.go

@@ -18,7 +18,7 @@ package main
 
 import (
 	"os"
-	"path"
+	"path/filepath"
 	"testing"
 	"time"
 
@@ -47,13 +47,13 @@ func TestStartCmdConfig(t *testing.T) {
 					FluentdConfig: FluentdConfig{
 						FluentdURL:        "https://localhost:8888/test.log",
 						FluentdSessionURL: "https://localhost:8888/session",
-						FluentdCert:       path.Join(wd, "testdata", "fake-file"),
-						FluentdKey:        path.Join(wd, "testdata", "fake-file"),
-						FluentdCA:         path.Join(wd, "testdata", "fake-file"),
+						FluentdCert:       filepath.Join(wd, "testdata", "fake-file"),
+						FluentdKey:        filepath.Join(wd, "testdata", "fake-file"),
+						FluentdCA:         filepath.Join(wd, "testdata", "fake-file"),
 					},
 					TeleportConfig: TeleportConfig{
 						TeleportAddr:            "localhost:3025",
-						TeleportIdentityFile:    path.Join(wd, "testdata", "fake-file"),
+						TeleportIdentityFile:    filepath.Join(wd, "testdata", "fake-file"),
 						TeleportRefreshEnabled:  true,
 						TeleportRefreshInterval: 2 * time.Minute,
 					},
@@ -85,13 +85,13 @@ func TestStartCmdConfig(t *testing.T) {
 					FluentdConfig: FluentdConfig{
 						FluentdURL:        "https://localhost:8888/test.log",
 						FluentdSessionURL: "https://localhost:8888/session",
-						FluentdCert:       path.Join(wd, "testdata", "fake-file"),
-						FluentdKey:        path.Join(wd, "testdata", "fake-file"),
-						FluentdCA:         path.Join(wd, "testdata", "fake-file"),
+						FluentdCert:       filepath.Join(wd, "testdata", "fake-file"),
+						FluentdKey:        filepath.Join(wd, "testdata", "fake-file"),
+						FluentdCA:         filepath.Join(wd, "testdata", "fake-file"),
 					},
 					TeleportConfig: TeleportConfig{
 						TeleportAddr:            "localhost:3025",
-						TeleportIdentityFile:    path.Join(wd, "testdata", "fake-file"),
+						TeleportIdentityFile:    filepath.Join(wd, "testdata", "fake-file"),
 						TeleportRefreshEnabled:  true,
 						TeleportRefreshInterval: 2 * time.Minute,
 					},
@@ -123,13 +123,13 @@ func TestStartCmdConfig(t *testing.T) {
 					FluentdConfig: FluentdConfig{
 						FluentdURL:        "https://localhost:8888/test.log",
 						FluentdSessionURL: "https://localhost:8888/session",
-						FluentdCert:       path.Join(wd, "testdata", "fake-file"),
-						FluentdKey:        path.Join(wd, "testdata", "fake-file"),
-						FluentdCA:         path.Join(wd, "testdata", "fake-file"),
+						FluentdCert:       filepath.Join(wd, "testdata", "fake-file"),
+						FluentdKey:        filepath.Join(wd, "testdata", "fake-file"),
+						FluentdCA:         filepath.Join(wd, "testdata", "fake-file"),
 					},
 					TeleportConfig: TeleportConfig{
 						TeleportAddr:            "localhost:3025",
-						TeleportIdentityFile:    path.Join(wd, "testdata", "fake-file"),
+						TeleportIdentityFile:    filepath.Join(wd, "testdata", "fake-file"),
 						TeleportRefreshEnabled:  true,
 						TeleportRefreshInterval: 2 * time.Minute,
 					},

integrations/event-handler/configure_cmd.go

@@ -25,7 +25,6 @@ import (
 	"io"
 	"math/big"
 	"os"
-	"path"
 	"path/filepath"
 	"strings"
 
@@ -119,15 +118,15 @@ const (
 func RunConfigureCmd(cfg *ConfigureCmdConfig) error {
 	c := ConfigureCmd{
 		ConfigureCmdConfig: cfg,
-		caCertPath:         path.Join(cfg.Out, cfg.CAName) + ".crt",
-		caKeyPath:          path.Join(cfg.Out, cfg.CAName) + ".key",
-		serverCertPath:     path.Join(cfg.Out, cfg.ServerName) + ".crt",
-		serverKeyPath:      path.Join(cfg.Out, cfg.ServerName) + ".key",
-		clientCertPath:     path.Join(cfg.Out, cfg.ClientName) + ".crt",
-		clientKeyPath:      path.Join(cfg.Out, cfg.ClientName) + ".key",
-		roleDefPath:        path.Join(cfg.Out, roleDefFileName),
-		fluentdConfPath:    path.Join(cfg.Out, fluentdConfFileName),
-		confPath:           path.Join(cfg.Out, confFileName),
+		caCertPath:         filepath.Join(cfg.Out, cfg.CAName) + ".crt",
+		caKeyPath:          filepath.Join(cfg.Out, cfg.CAName) + ".key",
+		serverCertPath:     filepath.Join(cfg.Out, cfg.ServerName) + ".crt",
+		serverKeyPath:      filepath.Join(cfg.Out, cfg.ServerName) + ".key",
+		clientCertPath:     filepath.Join(cfg.Out, cfg.ClientName) + ".crt",
+		clientKeyPath:      filepath.Join(cfg.Out, cfg.ClientName) + ".key",
+		roleDefPath:        filepath.Join(cfg.Out, roleDefFileName),
+		fluentdConfPath:    filepath.Join(cfg.Out, fluentdConfFileName),
+		confPath:           filepath.Join(cfg.Out, confFileName),
 	}
 
 	g, err := GenerateMTLSCerts(cfg.DNSNames, cfg.IP, cfg.TTL, cfg.Length)
@@ -347,9 +346,9 @@ func (c *ConfigureCmd) writeFluentdConf(pwd string) error {
 		ServerKeyFileName  string
 		Pwd                string
 	}{
-		path.Base(c.caCertPath),
-		path.Base(c.serverCertPath),
-		path.Base(c.serverKeyPath),
+		filepath.Base(c.caCertPath),
+		filepath.Base(c.serverCertPath),
+		filepath.Base(c.serverKeyPath),
 		pwd,
 	}
 

integrations/event-handler/fake_fluentd_test.go

@@ -25,7 +25,7 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"os"
-	"path"
+	"path/filepath"
 	"testing"
 	"time"
 
@@ -73,12 +73,12 @@ func (f *FakeFluentd) writeCerts() error {
 		return trace.Wrap(err)
 	}
 
-	f.caCertPath = path.Join(f.keyTmpDir, "ca.crt")
-	f.caKeyPath = path.Join(f.keyTmpDir, "ca.key")
-	f.serverCertPath = path.Join(f.keyTmpDir, "server.crt")
-	f.serverKeyPath = path.Join(f.keyTmpDir, "server.key")
-	f.clientCertPath = path.Join(f.keyTmpDir, "client.crt")
-	f.clientKeyPath = path.Join(f.keyTmpDir, "client.key")
+	f.caCertPath = filepath.Join(f.keyTmpDir, "ca.crt")
+	f.caKeyPath = filepath.Join(f.keyTmpDir, "ca.key")
+	f.serverCertPath = filepath.Join(f.keyTmpDir, "server.crt")
+	f.serverKeyPath = filepath.Join(f.keyTmpDir, "server.key")
+	f.clientCertPath = filepath.Join(f.keyTmpDir, "client.crt")
+	f.clientKeyPath = filepath.Join(f.keyTmpDir, "client.key")
 
 	err = g.CACert.WriteFile(f.caCertPath, f.caKeyPath, "")
 	if err != nil {

integrations/event-handler/mtls_certs_test.go

@@ -21,7 +21,7 @@ import (
 	"encoding/pem"
 	"io"
 	"os"
-	"path"
+	"path/filepath"
 	"testing"
 	"time"
 
@@ -60,9 +60,9 @@ func TestGenerateClientCertFile(t *testing.T) {
 	require.Equal(t, "localhost", certs.serverCert.DNSNames[0])
 
 	// Write the cert to the tempdir
-	err = certs.ClientCert.WriteFile(path.Join(td, cp), path.Join(td, kp), ".")
+	err = certs.ClientCert.WriteFile(filepath.Join(td, cp), filepath.Join(td, kp), ".")
 	require.NoError(t, err)
-	f, err := os.Open(path.Join(td, cp))
+	f, err := os.Open(filepath.Join(td, cp))
 	require.NoError(t, err)
 	b, err := io.ReadAll(f)
 	require.NoError(t, err)

integrations/event-handler/state.go

@@ -23,7 +23,7 @@ import (
 	"io/fs"
 	"net"
 	"os"
-	"path"
+	"path/filepath"
 	"strings"
 	"syscall"
 	"time"
@@ -110,10 +110,10 @@ func createStorageDir(c *StartCmdConfig) (string, error) {
 			return "", trace.Wrap(err)
 		}
 
-		dir = path.Join(dir, "dry_run", rs)
+		dir = filepath.Join(dir, "dry_run", rs)
 	}
 
-	dir = path.Join(c.StorageDir, dir)
+	dir = filepath.Join(c.StorageDir, dir)
 
 	_, err = os.Stat(dir)
 	if os.IsNotExist(err) {

integrations/lib/tar/extract.go

@@ -24,7 +24,6 @@ import (
 	"errors"
 	"io"
 	"os"
-	"path"
 	"path/filepath"
 	"strings"
 
@@ -116,10 +115,10 @@ func Extract(reader io.Reader, options ExtractOptions) error {
 			if strip > len(parts)-1 {
 				strip = len(parts) - 1
 			}
-			outFileName = path.Join(parts[strip:]...)
+			outFileName = filepath.Join(parts[strip:]...)
 		}
 
-		outFilePath := path.Join(outDir, outFileName)
+		outFilePath := filepath.Join(outDir, outFileName)
 		outFilePerm := os.FileMode(header.Mode).Perm()
 
 		// fail if the outFilePath is outside outDir, see the "zip slip" vulnerability

lib/backend/backend.go

@@ -268,9 +268,9 @@ func (e Event) String() string {
 }
 
 // Config is used for 'storage' config section. It's a combination of
-// values for various backends: 'boltdb', 'etcd', 'filesystem' and 'dynamodb'
+// values for various backends: 'etcd', 'filesystem', 'dynamodb', etc.
 type Config struct {
-	// Type can be "bolt" or "etcd" or "dynamodb"
+	// Type indicates which backend to use (etcd, dynamodb, etc)
 	Type string `yaml:"type,omitempty"`
 
 	// Params is a generic key/value property bag which allows arbitrary

lib/backend/pgbk/common/gcp_test.go

@@ -22,7 +22,7 @@ import (
 	"context"
 	"log/slog"
 	"os"
-	"path"
+	"path/filepath"
 	"testing"
 	"time"
 
@@ -79,7 +79,7 @@ func Test_makeGCPCloudSQLAuthOptionsForServiceAccount(t *testing.T) {
 func mustSetGoogleApplicationCredentialsEnv(t *testing.T) {
 	t.Helper()
 
-	file := path.Join(t.TempDir(), uuid.New().String())
+	file := filepath.Join(t.TempDir(), uuid.New().String())
 	err := os.WriteFile(file, []byte(fakeServiceAccountCredentialsJSON), 0644)
 	require.NoError(t, err)