Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[v15] Mention terraform values for create_host_user_mode in guide #47519

Merged
merged 1 commit into from
Oct 15, 2024
Merged

[v15] Mention terraform values for create_host_user_mode in guide #47519

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion api/proto/teleport/legacy/types/types.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2834,7 +2834,7 @@ message RoleOptions {
(gogoproto.customtype) = "BoolOption"
];

// CreateHostUser allows users to be automatically created on a host
// Deprecated: use CreateHostUserMode instead.
BoolValue CreateHostUser = 20 [
(gogoproto.nullable) = true,
(gogoproto.jsontag) = "create_host_user,omitempty",
Expand Down
2 changes: 1 addition & 1 deletion api/types/types.pb.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions docs/cspell.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -844,6 +844,7 @@
"snowsql",
"spacectl",
"spacelift",
"specoptions",
"spfile",
"spiffe",
"splunkd",
Expand Down
2 changes: 2 additions & 0 deletions docs/pages/enroll-resources/server-access/guides/host-user-creation.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -271,3 +271,5 @@ them to the `teleport-keep` group directly on the hosts you wish to migrate.
## Next steps

- Configure automatic user provisioning for [database access](../../database-access/auto-user-provisioning.mdx).
- Configure automatic user provisioning with [Terraform](../../../reference/terraform-provider/#specoptions
Note when using the terraform provider that some values may be different than described in this guide.
6 changes: 2 additions & 4 deletions ...teleport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_roles.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1133,8 +1133,7 @@ spec:
created on a Windows desktop
type: boolean
create_host_user:
description: CreateHostUser allows users to be automatically created
on a host
description: 'Deprecated: use CreateHostUserMode instead.'
type: boolean
create_host_user_mode:
description: CreateHostUserMode allows users to be automatically
Expand Down Expand Up @@ -2464,8 +2463,7 @@ spec:
created on a Windows desktop
type: boolean
create_host_user:
description: CreateHostUser allows users to be automatically created
on a host
description: 'Deprecated: use CreateHostUserMode instead.'
type: boolean
create_host_user_mode:
description: CreateHostUserMode allows users to be automatically
Expand Down
3 changes: 1 addition & 2 deletions ...leport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_rolesv6.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1136,8 +1136,7 @@ spec:
created on a Windows desktop
type: boolean
create_host_user:
description: CreateHostUser allows users to be automatically created
on a host
description: 'Deprecated: use CreateHostUserMode instead.'
type: boolean
create_host_user_mode:
description: CreateHostUserMode allows users to be automatically
Expand Down
3 changes: 1 addition & 2 deletions ...leport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_rolesv7.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1136,8 +1136,7 @@ spec:
created on a Windows desktop
type: boolean
create_host_user:
description: CreateHostUser allows users to be automatically created
on a host
description: 'Deprecated: use CreateHostUserMode instead.'
type: boolean
create_host_user_mode:
description: CreateHostUserMode allows users to be automatically
Expand Down
6 changes: 2 additions & 4 deletions integrations/operator/config/crd/bases/resources.teleport.dev_roles.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1133,8 +1133,7 @@ spec:
created on a Windows desktop
type: boolean
create_host_user:
description: CreateHostUser allows users to be automatically created
on a host
description: 'Deprecated: use CreateHostUserMode instead.'
type: boolean
create_host_user_mode:
description: CreateHostUserMode allows users to be automatically
Expand Down Expand Up @@ -2464,8 +2463,7 @@ spec:
created on a Windows desktop
type: boolean
create_host_user:
description: CreateHostUser allows users to be automatically created
on a host
description: 'Deprecated: use CreateHostUserMode instead.'
type: boolean
create_host_user_mode:
description: CreateHostUserMode allows users to be automatically
Expand Down
3 changes: 1 addition & 2 deletions integrations/operator/config/crd/bases/resources.teleport.dev_rolesv6.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1136,8 +1136,7 @@ spec:
created on a Windows desktop
type: boolean
create_host_user:
description: CreateHostUser allows users to be automatically created
on a host
description: 'Deprecated: use CreateHostUserMode instead.'
type: boolean
create_host_user_mode:
description: CreateHostUserMode allows users to be automatically
Expand Down
3 changes: 1 addition & 2 deletions integrations/operator/config/crd/bases/resources.teleport.dev_rolesv7.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1136,8 +1136,7 @@ spec:
created on a Windows desktop
type: boolean
create_host_user:
description: CreateHostUser allows users to be automatically created
on a host
description: 'Deprecated: use CreateHostUserMode instead.'
type: boolean
create_host_user_mode:
description: CreateHostUserMode allows users to be automatically
Expand Down
2 changes: 1 addition & 1 deletion integrations/terraform/reference.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2163,7 +2163,7 @@ Options is for OpenSSH options like agent forwarding.
| create_db_user | bool | | CreateDatabaseUser enabled automatic database user creation. |
| create_db_user_mode | number | | CreateDatabaseUserMode allows users to be automatically created on a database when not set to off. 0 is "unspecified", 1 is "off", 2 is "keep", 3 is "best_effort_drop". |
| create_desktop_user | bool | | CreateDesktopUser allows users to be automatically created on a Windows desktop |
| create_host_user | bool | | CreateHostUser allows users to be automatically created on a host |
| create_host_user | bool | | Deprecated: use CreateHostUserMode instead. |
| create_host_user_mode | number | | CreateHostUserMode allows users to be automatically created on a host when not set to off. 0 is "unspecified"; 1 is "off"; 2 is "drop" (removed for v15 and above), 3 is "keep"; 4 is "insecure-drop". |
| desktop_clipboard | bool | | DesktopClipboard indicates whether clipboard sharing is allowed between the user's workstation and the remote desktop. It defaults to true unless explicitly set to false. |
| desktop_directory_sharing | bool | | DesktopDirectorySharing indicates whether directory sharing is allowed between the user's workstation and the remote desktop. It defaults to false unless explicitly set to true. |
Expand Down
2 changes: 1 addition & 1 deletion integrations/terraform/tfschema/types_terraform.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions lib/services/access_checker.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -996,6 +996,7 @@ func (a *accessChecker) HostUsers(s types.Server) (*HostUsersInfo, error) {
}

createHostUserMode := role.GetOptions().CreateHostUserMode
//nolint:staticcheck // this field is preserved for existing deployments, but shouldn't be used going forward
createHostUser := role.GetOptions().CreateHostUser
if createHostUserMode == types.CreateHostUserMode_HOST_USER_MODE_UNSPECIFIED {
createHostUserMode = types.CreateHostUserMode_HOST_USER_MODE_OFF
Expand Down
1 change: 1 addition & 0 deletions lib/srv/regular/sshserver_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2889,6 +2889,7 @@ func newUpack(testSvr *auth.TestServer, username string, allowedLogins []string,
role.SetRules(types.Allow, rules)
opts := role.GetOptions()
opts.PermitX11Forwarding = types.NewBool(true)
//nolint:staticcheck // this field is preserved for existing deployments, but shouldn't be used going forward
opts.CreateHostUser = types.NewBoolOption(true)
role.SetOptions(opts)
role.SetLogins(types.Allow, allowedLogins)
Expand Down
Loading