Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[v8] Backport scope visibility changes #12890

Merged
merged 6 commits into from
Jun 22, 2022
Merged

[v8] Backport scope visibility changes #12890

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
0caff09
Hide Setup menu items based on scope
ptgott May 24, 2022
f6b5ae7
Hide Kube Access menu items based on scope
ptgott May 24, 2022
11bbf79
Hide Getting Started pages/links based on scope
ptgott May 24, 2022
d637b3b
Hide Enterprise links/pages based on scope
ptgott May 24, 2022
0498234
Hide Cloud links/pages based on scope
ptgott May 24, 2022
ef1b83a
Hide Access Controls links/pages based on scope
ptgott May 24, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
242 changes: 197 additions & 45 deletions docs/config.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,21 @@
{
"title": "Getting Started",
"slug": "/getting-started/",
"entries": [
{ "title": "Linux Server", "slug": "/getting-started/linux-server/" },
{ "title": "Docker Compose", "slug": "/getting-started/docker-compose/" },
{ "title": "DigitalOcean", "slug": "/getting-started/digitalocean/" }
"entries": [
{
"title": "Linux Server",
"slug": "/getting-started/linux-server/",
"hideInScopes": ["enterprise", "cloud"]
},
{
"title": "Docker Compose",
"slug": "/getting-started/docker-compose/"
},
{
"title": "DigitalOcean",
"slug": "/getting-started/digitalocean/",
"hideInScopes": ["enterprise", "cloud"]
}
]
},
{ "title": "Installation", "slug": "/installation/" },
Expand Down Expand Up @@ -65,10 +76,23 @@
{
"title": "Deployments",
"slug": "/setup/deployments/",
"hideInScopes": "cloud",
"entries": [
{ "title": "AWS Terraform", "slug": "/setup/deployments/aws-terraform/" },
{ "title": "GCP", "slug": "/setup/deployments/gcp/" },
{ "title": "IBM", "slug": "/setup/deployments/ibm/" }
{
"title": "AWS Terraform",
"slug": "/setup/deployments/aws-terraform/",
"hideInScopes": "cloud"
},
{
"title": "GCP",
"slug": "/setup/deployments/gcp/",
"hideInScopes": "cloud"
},
{
"title": "IBM",
"slug": "/setup/deployments/ibm/",
"hideInScopes": "cloud"
}
]
},
{
Expand All @@ -77,7 +101,8 @@
"entries": [
{
"title": "Scaling",
"slug": "/setup/operations/scaling/"
"slug": "/setup/operations/scaling/",
"hideInScopes": "cloud"
},
{
"title": "Upgrading a Cluster",
Expand Down Expand Up @@ -108,11 +133,35 @@
"title": "Integrations",
"slug": "/setup/guides/",
"entries": [
{ "title": "Terraform Provider", "slug": "/setup/guides/terraform-provider/" },
{ "title": "Docker", "slug": "/setup/guides/docker/" },
{ "title": "Fluentd", "slug": "/setup/guides/fluentd/" },
{ "title": "EC2 Tags", "slug": "/setup/guides/ec2-tags/" },
{ "title": "Joining Nodes in AWS", "slug": "/setup/guides/joining-nodes-aws/" }
{
"title": "Terraform Provider",
"slug": "/setup/guides/terraform-provider/"
},
{
"title": "Docker",
"slug": "/setup/guides/docker/"
},
{
"title": "Fluentd",
"slug": "/setup/guides/fluentd/"
},
{
"title": "EC2 Tags",
"slug": "/setup/guides/ec2-tags/"
},
{
"title": "Joining Nodes via AWS IAM",
"slug": "/setup/guides/joining-nodes-aws-iam/"
},
{
"title": "Joining Nodes via AWS EC2",
"slug": "/setup/guides/joining-nodes-aws-ec2/",
"hideInScopes": "cloud"
},
{
"title": "Using Teleport's CA with GitHub",
"slug": "/setup/guides/ssh-key-extensions/"
}
]
},
{
Expand Down Expand Up @@ -149,7 +198,8 @@
},
{
"title": "Storage Backends",
"slug": "/setup/reference/backends/"
"slug": "/setup/reference/backends/",
"hideInScopes": "cloud"
},
{
"title": "Networking",
Expand Down Expand Up @@ -240,9 +290,10 @@
"title": "Local Demo Cluster",
"slug": "/kubernetes-access/getting-started/local/"
},
{
"title": "Cluster",
"slug": "/kubernetes-access/getting-started/cluster/"
{
"title": "Cluster",
"slug": "/kubernetes-access/getting-started/cluster/",
"hideInScopes": "cloud"
},
{
"title": "Agent",
Expand All @@ -264,12 +315,33 @@
{
"title": "Helm Guides",
"slug": "/kubernetes-access/helm/guides/",
"hideInScopes": "cloud",
"entries": [
{ "title": "AWS EKS Cluster", "slug": "/kubernetes-access/helm/guides/aws/" },
{ "title": "Google Cloud GKE Cluster", "slug": "/kubernetes-access/helm/guides/gcp/" },
{ "title": "DigitalOcean Kubernetes Cluster", "slug": "/kubernetes-access/helm/guides/digitalocean/" },
{ "title": "Customize Deployment Config", "slug": "/kubernetes-access/helm/guides/custom/" },
{ "title": "Migrating From Older Charts", "slug": "/kubernetes-access/helm/guides/migration/" }
{
"title": "AWS EKS Cluster",
"slug": "/kubernetes-access/helm/guides/aws/",
"hideInScopes": "cloud"
},
{
"title": "Google Cloud GKE Cluster",
"slug": "/kubernetes-access/helm/guides/gcp/",
"hideInScopes": "cloud"
},
{
"title": "DigitalOcean Kubernetes Cluster",
"slug": "/kubernetes-access/helm/guides/digitalocean/",
"hideInScopes": "cloud"
},
{
"title": "Customize Deployment Config",
"slug": "/kubernetes-access/helm/guides/custom/",
"hideInScopes": "cloud"
},
{
"title": "Migrating From Older Charts",
"slug": "/kubernetes-access/helm/guides/migration/",
"hideInScopes": "cloud"
}
]
},
{
Expand Down Expand Up @@ -352,12 +424,31 @@
"title": "Guides",
"slug": "/access-controls/guides/",
"entries": [
{ "title": "Role Templates", "slug": "/access-controls/guides/role-templates/" },
{ "title": "Session Locking", "slug": "/access-controls/guides/locking/" },
{ "title": "Second Factor - WebAuthn", "slug": "/access-controls/guides/webauthn/" },
{ "title": "Per-session MFA", "slug": "/access-controls/guides/per-session-mfa/" },
{ "title": "Dual Authorization", "slug": "/access-controls/guides/dual-authz/" },
{ "title": "Impersonation", "slug": "/access-controls/guides/impersonation/" }
{
"title": "Role Templates",
"slug": "/access-controls/guides/role-templates/"
},
{
"title": "Session Locking",
"slug": "/access-controls/guides/locking/"
},
{
"title": "Second Factor - WebAuthn",
"slug": "/access-controls/guides/webauthn/"
},
{
"title": "Per-session MFA",
"slug": "/access-controls/guides/per-session-mfa/"
},
{
"title": "Dual Authorization",
"slug": "/access-controls/guides/dual-authz/",
"hideInScopes": "oss"
},
{
"title": "Impersonation",
"slug": "/access-controls/guides/impersonation/"
}
]
},
{ "title": "Reference", "slug": "/access-controls/reference/" },
Expand Down Expand Up @@ -387,43 +478,104 @@
{ "title": "Introduction", "slug": "/enterprise/introduction/" },
{
"title": "Getting Started",
"slug": "/enterprise/getting-started/"
"slug": "/enterprise/getting-started/",
"hideInScopes": ["oss", "cloud"]
},
{
"title": "Single sign-on (SSO)", "slug": "/enterprise/sso/",
"title": "Single Sign-On (SSO)",
"slug": "/enterprise/sso/",
"hideInScopes": ["oss"],
"entries": [
{ "title": "Azure Active Directory (AD)", "slug": "/enterprise/sso/azuread/" },
{ "title": "Active Directory (ADFS)", "slug": "/enterprise/sso/adfs/" },
{ "title": "Google Workspace", "slug": "/enterprise/sso/google-workspace/" },
{ "title": "GitLab", "slug": "/enterprise/sso/gitlab/" },
{ "title": "OneLogin", "slug": "/enterprise/sso/one-login/" },
{ "title": "OIDC", "slug": "/enterprise/sso/oidc/" },
{ "title": "Okta", "slug": "/enterprise/sso/okta/" }
{
"title": "Azure Active Directory (AD)",
"slug": "/enterprise/sso/azuread/",
"hideInScopes": ["oss"]
},
{
"title": "Active Directory (ADFS)",
"slug": "/enterprise/sso/adfs/",
"hideInScopes": ["oss"]
},
{
"title": "Google Workspace",
"slug": "/enterprise/sso/google-workspace/",
"hideInScopes": ["oss"]
},
{
"title": "GitLab",
"slug": "/enterprise/sso/gitlab/",
"hideInScopes": ["oss"]
},
{
"title": "OneLogin",
"slug": "/enterprise/sso/one-login/",
"hideInScopes": ["oss"]
},
{
"title": "OIDC",
"slug": "/enterprise/sso/oidc/",
"hideInScopes": ["oss"]
},
{
"title": "Okta",
"slug": "/enterprise/sso/okta/",
"hideInScopes": ["oss"]
}
]
},
{ "title": "Access Requests", "slug": "/enterprise/workflow/" },
{
"title": "Access Requests",
"slug": "/enterprise/workflow/",
"hideInScopes": ["oss"]
},
{
"title": "FedRAMP",
"slug": "/enterprise/fedramp/"
"slug": "/enterprise/fedramp/",
"hideInScopes": ["cloud", "oss"]
},
{
"title": "SOC2",
"slug": "/enterprise/soc2/"
"slug": "/enterprise/soc2/",
"hideInScopes": ["oss"]
},
{
"title": "HSM",
"slug": "/enterprise/hsm/"
"slug": "/enterprise/hsm/",
"hideInScopes": ["cloud", "oss"]
},
{
"title": "Enterprise License File",
"slug": "/enterprise/license/",
"hideInScopes": ["cloud", "oss"]
}
]
},
{
"icon": "cloud",
"title": "Cloud",
"entries": [
{ "title": "Introduction", "slug": "/cloud/introduction/" },
{ "title": "Getting Started", "slug": "/cloud/getting-started/" },
{ "title": "Architecture", "slug": "/cloud/architecture/" },
{ "title": "FAQ", "slug": "/cloud/faq/" }
{
"title": "Introduction",
"slug": "/cloud/introduction/"
},
{
"title": "Getting Started",
"slug": "/cloud/getting-started/",
"hideInScopes": ["oss", "enterprise"]
},
{
"title": "Architecture",
"slug": "/cloud/architecture/"
},
{
"title": "Downloads",
"slug": "/cloud/downloads/",
"hideInScopes": ["oss", "enterprise"]
},
{
"title": "FAQ",
"slug": "/cloud/faq/"
}
]
},
{
Expand Down
2 changes: 2 additions & 0 deletions docs/pages/access-controls/guides.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,11 @@ layout: tocless-doc
---

<ul>
<ScopedBlock scope={["cloud", "enterprise"]}>
<li>
[Dual Authorization](./guides/dual-authz.mdx). Protect access to critical resources with dual authorization.
</li>
</ScopedBlock>
<li>
[Role Templates](./guides/role-templates.mdx). Setup dynamic access policies with Role Templates.
</li>
Expand Down
26 changes: 19 additions & 7 deletions docs/pages/access-controls/guides/dual-authz.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,17 +10,27 @@ Here are the most common scenarios:
- Improve the security of your system and prevent one successful phishing attack from compromising your system.
- Satisfy FedRAMP AC-3 Dual authorization control that requires approval of two authorized individuals.

Let's set up Teleport's access requests to require the approval of two team members
for a privileged role `dbadmin`.
In this guide, we will set up Teleport's access requests to require the approval
of two team members for a privileged role `dbadmin`.

<ScopedBlock scope="oss">

<Notice
type="danger"
scope="oss"
>
This guide requires a commercial edition of Teleport. The open source
edition of Teleport only supports [GitHub](../../setup/admin/github-sso.mdx) as
an SSO provider.
</Notice>

View this guide as a user of another Teleport edition:

<TileSet>
<Tile href="./dual-authz.mdx/?scope=cloud" title="Teleport Cloud" icon="cloud">
</Tile>
<Tile href="./dual-authz.mdx/?scope=enterprise" title="Teleport Enterprise" icon="building">
</Tile>
</TileSet>

</ScopedBlock>

<ScopedBlock scope={["enterprise", "cloud"]}>

<Admonition title="Note" type="tip">
The steps below describe how to use Teleport with Mattermost. You can also [integrate with many other providers](../../enterprise/workflow/index.mdx).
Expand Down Expand Up @@ -284,3 +294,5 @@ auth_service:
```

</ScopedBlock>

</ScopedBlock>
7 changes: 4 additions & 3 deletions docs/pages/cloud/introduction.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,10 @@ videoBanner: 1jhKOtBinm4
Teleport Cloud is a managed service to provide access to secure infrastructure
all over the world without passwords or shared secrets.

When you [sign up for a Teleport Cloud account](https://goteleport.com/signup/), you will receive a subdomain of
`teleport.sh` that is dedicated to your tenant and points to the Teleport Proxy
Service.
When you
[sign up for a Teleport Cloud account](https://goteleport.com/signup/), you will
receive a subdomain of `teleport.sh` that is dedicated to your tenant and points
to the Teleport Proxy Service.

Our Teleport Cloud team handles the following tasks for you:

Expand Down
Loading