Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove windows desktop certs from client keyring #45939

Merged
merged 5 commits into from
Aug 29, 2024
Merged

remove windows desktop certs from client keyring #45939

merged 5 commits into from
Aug 29, 2024

Conversation

nklaassen
Copy link
Contributor

@nklaassen nklaassen commented Aug 28, 2024
edited
Loading

These aren't actually used in the client keyring anywhere, and clients never actually get desktop certs. These are the certs used for the desktop agent to dial to the windows desktop. They're only here for a tctl auth sign debug command just to pass the cert der through to the file writer. When we actually generate these desktop certs in lib/srv/desktop we don't use the client keyring at all.

I also removed client.ReissueParams.RouteToWindowsDesktop which was never written to anywhere

@nklaassen nklaassen added the no-changelog Indicates that a PR does not require a changelog entry label Aug 28, 2024
@github-actions github-actions bot added size/sm tctl tctl - Teleport admin tool labels Aug 28, 2024
zmb3
zmb3 approved these changes Aug 28, 2024
View reviewed changes
lib/client/identityfile/identity.go Outdated Show resolved Hide resolved
espadolini
espadolini approved these changes Aug 28, 2024
View reviewed changes
lib/client/client.go
Comment on lines -187 to -188
case p.RouteToWindowsDesktop.WindowsDesktop != "":
req.Target = &proto.IsMFARequiredRequest_WindowsDesktop{WindowsDesktop: &p.RouteToWindowsDesktop}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we add a default case here? Should've we always had a default case here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we ever end up here or else it's a logic bug, but that's not obvious at all, so added a default case that returns an error

nklaassen and others added 3 commits August 28, 2024 15:38
@nklaassen @zmb3
fix typo in comment
9919c9e 
Co-authored-by: Zac Bergquist <[email protected]>
@nklaassen
add default case
fc0f668
@nklaassen
fix test
e4635ad 
nothing actually looks at the mfa required response if the error is
non-nil, the assertion was pointless and only testing an implementation
detail of the test harness
@nklaassen nklaassen enabled auto-merge August 28, 2024 23:05
@nklaassen nklaassen added this pull request to the merge queue Aug 29, 2024
Merged via the queue into master with commit c2f6a57 Aug 29, 2024
39 checks passed
@nklaassen nklaassen deleted the nklaassen/remove-keyring-windowsdesktopcerts branch August 29, 2024 00:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zmb3 zmb3 zmb3 approved these changes

@espadolini espadolini espadolini approved these changes

Assignees
No one assigned
Labels
no-changelog Indicates that a PR does not require a changelog entry size/sm tctl tctl - Teleport admin tool
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nklaassen @espadolini @zmb3