Skip to content

Commit

Permalink
Show device trust status in Connect (#49508)
Browse files Browse the repository at this point in the history
* Check if device is trusted

* Move `TrustedDeviceRequirement` enum to a separate file and generate TS definitions for it

Generating TS definitions for the entire legacy/types/types.proto would result in 50K lines of generated code, and the bundle size would increase by ~20% (around 1 MB).

* Extract function to calculate device trust requirement that can be used both by the server and the client

Important: it now uses `GetEnforcementMode` instead of `GetEffectiveMode`. The check for OSS module is performed on the server-side anyway.

* Check what is device trust requirement based on cluster config and user roles

* Show device trust status in UI

* Remove `types.` prefix

* Improve godocs

* Bring back `getRoles func() ([]types.Role, error)`

* Simplify `TestHasDeviceTrustExtensions`

* Clean up and improve `TestCalculateTrustedDeviceRequirement`

* Move `CalculateTrustedDeviceRequirement` and tests to a separate file

* Add colors to shield icons

* Declare variables where they are used

* Extract a component to display device trust status for better readability

* Correctly reference `lib/client.ProfileStatus.Extensions`

* Set group limit to 8

* Make `switch` exhaustive

* Regenerate protos

* `make fix-license`

(cherry picked from commit 095b0a3)
  • Loading branch information
gzdunek committed Nov 29, 2024
1 parent 518e078 commit cc8be9f
Show file tree
Hide file tree
Showing 26 changed files with 2,667 additions and 2,033 deletions.
37 changes: 37 additions & 0 deletions api/proto/teleport/legacy/types/trusted_device_requirement.proto
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
// Copyright 2024 Gravitational, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package types;

import "gogoproto/gogo.proto";

option go_package = "github.com/gravitational/teleport/api/types";
option (gogoproto.goproto_getters_all) = false;
option (gogoproto.marshaler_all) = true;
option (gogoproto.unmarshaler_all) = true;

// TrustedDeviceRequirement indicates whether access may be hindered by the lack
// of a trusted device.
enum TrustedDeviceRequirement {
// Device requirement not determined.
// Does not mean that a device is not required, only that the necessary data
// was not considered.
TRUSTED_DEVICE_REQUIREMENT_UNSPECIFIED = 0;
// Trusted device not required.
TRUSTED_DEVICE_REQUIREMENT_NOT_REQUIRED = 1;
// Trusted device required by either cluster mode or user roles.
TRUSTED_DEVICE_REQUIREMENT_REQUIRED = 2;
}
14 changes: 1 addition & 13 deletions api/proto/teleport/legacy/types/types.proto
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import "gogoproto/gogo.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/timestamp.proto";
import "teleport/attestation/v1/attestation.proto";
import "teleport/legacy/types/trusted_device_requirement.proto";
import "teleport/legacy/types/wrappers/wrappers.proto";

option go_package = "github.com/gravitational/teleport/api/types";
Expand Down Expand Up @@ -4116,19 +4117,6 @@ message WebSessionSpecV2 {
TrustedDeviceRequirement TrustedDeviceRequirement = 14 [(gogoproto.jsontag) = "trusted_device_requirement,omitempty"];
}

// TrustedDeviceRequirement indicates whether access may be hindered by the lack
// of a trusted device.
enum TrustedDeviceRequirement {
// Device requirement not determined.
// Does not mean that a device is not required, only that the necessary data
// was not considered.
TRUSTED_DEVICE_REQUIREMENT_UNSPECIFIED = 0;
// Trusted device not required.
TRUSTED_DEVICE_REQUIREMENT_NOT_REQUIRED = 1;
// Trusted device required by either cluster mode or user roles.
TRUSTED_DEVICE_REQUIREMENT_REQUIRED = 2;
}

// Web-focused view of teleport.devicetrust.v1.DeviceWebToken.
message DeviceWebToken {
// Opaque token identifier.
Expand Down
84 changes: 84 additions & 0 deletions api/types/trusted_device_requirement.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit cc8be9f

Please sign in to comment.