Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regenerate server identity if APIDomain not present #10904

Merged
merged 3 commits into from
Mar 10, 2022
Merged

Regenerate server identity if APIDomain not present #10904

merged 3 commits into from
Mar 10, 2022

Conversation

smallinsky
Copy link
Contributor

@smallinsky smallinsky commented Mar 7, 2022
edited
Loading

What

Fix identity regeneration logic for KubeRole

If Kube server identity was generated before teleport 6.3.20 the APIDomain DNS was not added https://github.com/gravitational/teleport/blob/v6.1.6/lib/auth/auth.go#L1384

After teleport is upgrade to newest version the identity is not regenerated because the APIDomain is added on client side but the regeneration check is done based on getAdditionalPrincipals result.

This PR updaters the getAdditionalPrincipals and return APIDomain DNS to trigger identity regeneration if needed.

@smallinsky smallinsky force-pushed the smallinsky/regenerate_identity_on_api_domain branch from f2e0bba to 206f5c9 Compare March 7, 2022 12:39
@smallinsky smallinsky marked this pull request as ready for review March 7, 2022 13:49
@github-actions github-actions bot requested review from gabrielcorado and zmb3 March 7, 2022 13:49
@smallinsky smallinsky requested review from russjones, r0mant and espadolini and removed request for gabrielcorado and zmb3 March 7, 2022 13:49
espadolini
espadolini reviewed Mar 7, 2022
View reviewed changes
lib/auth/auth.go Outdated Show resolved Hide resolved
espadolini
espadolini reviewed Mar 7, 2022
View reviewed changes
lib/auth/auth.go Outdated Show resolved Hide resolved
espadolini
espadolini reviewed Mar 7, 2022
View reviewed changes
lib/auth/auth.go Outdated Show resolved Hide resolved
lib/service/service.go Outdated Show resolved Hide resolved
lib/auth/auth.go Outdated Show resolved Hide resolved
lib/auth/auth.go Outdated Show resolved Hide resolved
@smallinsky smallinsky force-pushed the smallinsky/regenerate_identity_on_api_domain branch 2 times, most recently from 427f42f to 60f15c5 Compare March 7, 2022 15:42
r0mant
r0mant approved these changes Mar 7, 2022
View reviewed changes
lib/auth/auth.go Outdated Show resolved Hide resolved
This was referenced Mar 8, 2022
Merged
Merged
Merged
@smallinsky smallinsky force-pushed the smallinsky/regenerate_identity_on_api_domain branch from d1548ba to 8ea05b3 Compare March 8, 2022 12:43
espadolini
espadolini approved these changes Mar 8, 2022
View reviewed changes
lib/auth/auth.go Outdated Show resolved Hide resolved
@smallinsky smallinsky force-pushed the smallinsky/regenerate_identity_on_api_domain branch from 8ea05b3 to 09fa7bb Compare March 9, 2022 09:54
@smallinsky smallinsky enabled auto-merge (squash) March 10, 2022 09:26
@smallinsky smallinsky merged commit 923e131 into master Mar 10, 2022
@smallinsky smallinsky deleted the smallinsky/regenerate_identity_on_api_domain branch March 10, 2022 09:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@espadolini espadolini espadolini approved these changes

@r0mant r0mant r0mant approved these changes

@russjones russjones Awaiting requested review from russjones

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@smallinsky @r0mant @espadolini