Restrict AutoUpdateVersion to be created/updated for cloud #49008
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vapopov
added
the
no-changelog
|
This pull request is automatically being deployed by Amplify Hosting (learn more). |
zmb3
reviewed
Nov 14, 2024
|
If I understand correctly, this will render any version invalid on cloud. |
vapopov
commented
Dec 10, 2024
…version-cloud-restriction
hugoShaka
reviewed
Dec 10, 2024
| @@ -292,6 +293,11 @@ func (s *Service) CreateAutoUpdateVersion(ctx context.Context, req *autoupdate.C | |||
| return nil, trace.Wrap(err) | |||
| } | |||
|
|
|||
| if modules.GetModules().Features().Cloud && !isAdmin(authCtx) { | |||
| return nil, trace.AccessDenied("only role %q is allowed to modifying %q in cloud", | |||
There was a problem hiding this comment.
This error is not very actionable for users. I think we should have something more user-oriented like:
This Teleport instance is running on Teleport Cloud and the "autoupdate_version" resource is managed by the Teleport Cloud team. You can use the "autoupdate_config" resource to opt-in, opt-out or configure update schedules.
hugoShaka
approved these changes
Dec 10, 2024
|
would appreciate one more review |
sclevine
approved these changes
Dec 12, 2024
tigrato
approved these changes
Dec 12, 2024
public-teleport-github-review-bot
bot
removed request for
espadolini and
mvbrock
vapopov
added a commit
that referenced
this pull request
Dec 13, 2024
* Restrict AutoUpdateVersion to be created/updated for cloud * Check builtin Admin role and Cloud feature * More informative error message * Remove KindAutoUpdateAgentRollout from editor role preset
vapopov
added a commit
that referenced
this pull request
Dec 13, 2024
* Restrict AutoUpdateVersion to be created/updated for cloud * Check builtin Admin role and Cloud feature * More informative error message * Remove KindAutoUpdateAgentRollout from editor role preset
vapopov
added a commit
that referenced
this pull request
Dec 13, 2024
* Restrict AutoUpdateVersion to be created/updated for cloud * Check builtin Admin role and Cloud feature * More informative error message * Remove KindAutoUpdateAgentRollout from editor role preset
This was referenced Dec 13, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In this PR added validation to restrict modify
AutoUpdateVersionfor cloud usersRelated:
teleport/rfd/0144-client-tools-updates.md
Lines 216 to 224 in c906170