Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[v15] Backport Secrets scanner #44800

Merged
merged 26 commits into from
Aug 13, 2024
Merged

[v15] Backport Secrets scanner #44800

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
94db871
Add the device assertion protos (#43804)
codingllama Jul 5, 2024
56e4962
Add a client-side API to assert devices (#43890)
codingllama Jul 10, 2024
96e7fd1
Define server-side device assertion interfaces (#44036)
codingllama Jul 11, 2024
bc396a8
[sec_scan][1] Add `teleport.access_graph.v1.SecretsScannerService` (#…
tigrato Jul 9, 2024
b5d8ee2
[sec_scan][2] expose `ssh_scan_enabled` in `AccessGraphConfig` respon…
tigrato Jul 9, 2024
e41d70d
[sec_scan][3] add `PrivateKey`, `AuthorizedKey` and `Device` to Acces…
tigrato Jul 9, 2024
eb39d6c
fix: fix `nextKey` values when using multiple prefixes (#43486)
tigrato Jul 9, 2024
82274ad
[sec_scan][5] add secrets backend service (#43543)
tigrato Jul 11, 2024
ec403db
[sec_scan][6] add device events (#43905)
tigrato Jul 11, 2024
5dc16f6
[sec_scan][7] add authorizedKeys and privateKeys events support (#43906)
tigrato Jul 11, 2024
875165e
[sec_scan][9] add `access_graph_settings` protobuf (#44010)
tigrato Jul 11, 2024
3e90009
[sec_scan][10] add `AccessGraphSettingsUpdate` audit event (#44011)
tigrato Jul 12, 2024
2a905c8
[sec_scan][11] add `AccessGraphSettings` backend service (#44014)
tigrato Jul 17, 2024
d63113b
[sec_scan][12] add cache and events support for `AccessGraphSettings`…
tigrato Jul 17, 2024
b0fb747
[sec_scan][13] add `AccessGraphSettings` gRPC implementation (#44021)
tigrato Jul 19, 2024
d968d0c
[sec_scan][14] create `AccessGraphSettings` on first auth init (#44032)
tigrato Jul 22, 2024
1c430c5
[sec_scan][15] add support for edits to `AccessGraphSettings` via `tc…
tigrato Jul 23, 2024
bb53c1c
[sec_scan][16] add methods to store/retrieve device assertion functio…
tigrato Jul 15, 2024
a87bc19
[sec_scan][17] add `AssertDevice` to `FakeDeviceService` (#44159)
tigrato Jul 15, 2024
30567ce
[sec_scan][20] add `ReportSecrets` forwarder to proxy's gRPC insecure…
tigrato Jul 18, 2024
72457a8
[sec_scan][19] add `tsh scan keys` implementation (#44220)
tigrato Jul 25, 2024
afca9cb
[sec_scan][22] add authorized keys reporter (#44523)
tigrato Jul 29, 2024
183e7f6
[sec_scan][24] extract AuthorizedKey's comment and type (#44643)
tigrato Jul 29, 2024
3e6e2a5
update gomod
tigrato Jul 30, 2024
e0e3e1c
[sec_scan][27] add support for LDAP users and macOS (#45109)
tigrato Aug 7, 2024
1cdb22a
Merge branch 'branch/v15' into tigrato/sec-scan-v15
tigrato Aug 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions api/client/events.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import (

"github.com/gravitational/teleport/api/client/proto"
accessmonitoringrulesv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/accessmonitoringrules/v1"
clusterconfigpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/clusterconfig/v1"
crownjewelv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/crownjewel/v1"
kubewaitingcontainerpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/kubewaitingcontainer/v1"
"github.com/gravitational/teleport/api/types"
Expand Down Expand Up @@ -66,6 +67,12 @@ func EventToGRPC(in types.Event) (*proto.Event, error) {
out.Resource = &proto.Event_CrownJewel{
CrownJewel: r,
}
case *clusterconfigpb.AccessGraphSettings:
out.Resource = &proto.Event_AccessGraphSettings{
AccessGraphSettings: r,
}
default:
return nil, trace.BadParameter("resource type %T is not supported", r)
}
case *types.ResourceHeader:
out.Resource = &proto.Event_ResourceHeader{
Expand Down Expand Up @@ -486,6 +493,9 @@ func EventFromGRPC(in *proto.Event) (*types.Event, error) {
} else if r := in.GetCrownJewel(); r != nil {
out.Resource = types.Resource153ToLegacy(r)
return &out, nil
} else if r := in.GetAccessGraphSettings(); r != nil {
out.Resource = types.Resource153ToLegacy(r)
return &out, nil
} else {
return nil, trace.BadParameter("received unsupported resource %T", in.Resource)
}
Expand Down
541 changes: 285 additions & 256 deletions api/client/proto/event.pb.go
View file
Open in desktop

Large diffs are not rendered by default.

331 changes: 331 additions & 0 deletions api/gen/proto/go/teleport/accessgraph/v1/authorized_key.pb.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading
Loading