Merge branch 'master' into probakowski/registration-terraform

gravitational · Oct 30, 2024 · bc76f9c · bc76f9c
2 parents d6b6c9d + 6160a3d
commit bc76f9c
Show file tree

Hide file tree

Showing 90 changed files with 6,172 additions and 3,680 deletions.
diff --git a/.github/ISSUE_TEMPLATE/testplan.md b/.github/ISSUE_TEMPLATE/testplan.md
@@ -1526,7 +1526,7 @@ Verify that SSH works, and that resumable SSH is not interrupted across a contro
 
 ## Azure Discovery
 
-[Azure Discovery docs](https://goteleport.com/docs/server-access/guides/azure-discovery/)
+[Azure Discovery docs](https://goteleport.com/docs/enroll-resources/auto-discovery/servers/azure-discovery/)
 - Verify Azure VM discovery
   - [ ] Only Azure VMs matching given Azure tags have the installer executed on them
   - [ ] Only the IAM permissions mentioned in the discovery docs are required for operation

diff --git a/api/client/dynamicwindows/dynamicwindows.go b/api/client/dynamicwindows/dynamicwindows.go
@@ -85,9 +85,25 @@ func (c *Client) UpdateDynamicWindowsDesktop(ctx context.Context, desktop types.
 	}
 }
 
+func (c *Client) UpsertDynamicWindowsDesktop(ctx context.Context, desktop types.DynamicWindowsDesktop) (types.DynamicWindowsDesktop, error) {
+	switch desktop := desktop.(type) {
+	case *types.DynamicWindowsDesktopV1:
+		desktop, err := c.grpcClient.UpsertDynamicWindowsDesktop(ctx, &dynamicwindows.UpsertDynamicWindowsDesktopRequest{
+			Desktop: desktop,
+		})
+		return desktop, trace.Wrap(err)
+	default:
+		return nil, trace.BadParameter("unknown desktop type: %T", desktop)
+	}
+}
+
 func (c *Client) DeleteDynamicWindowsDesktop(ctx context.Context, name string) error {
 	_, err := c.grpcClient.DeleteDynamicWindowsDesktop(ctx, &dynamicwindows.DeleteDynamicWindowsDesktopRequest{
 		Name: name,
 	})
 	return trace.Wrap(err)
 }
+
+func (c *Client) DeleteAllDynamicWindowsDesktops(ctx context.Context) error {
+	return trace.NotImplemented("DeleteAllDynamicWindowsDesktops is not supported in the gRPC client")
+}
diff --git a/api/client/proto/authservice.pb.go b/api/client/proto/authservice.pb.go
diff --git a/api/gen/proto/go/teleport/dynamicwindows/v1/dynamicwindows_service.pb.go b/api/gen/proto/go/teleport/dynamicwindows/v1/dynamicwindows_service.pb.go
diff --git a/api/gen/proto/go/teleport/dynamicwindows/v1/dynamicwindows_service_grpc.pb.go b/api/gen/proto/go/teleport/dynamicwindows/v1/dynamicwindows_service_grpc.pb.go
diff --git a/api/proto/teleport/dynamicwindows/v1/dynamicwindows_service.proto b/api/proto/teleport/dynamicwindows/v1/dynamicwindows_service.proto
@@ -35,6 +35,8 @@ service DynamicWindowsService {
   rpc CreateDynamicWindowsDesktop(CreateDynamicWindowsDesktopRequest) returns (types.DynamicWindowsDesktopV1);
   // UpdateDynamicWindowsDesktop updates an existing dynamic Windows desktop.
   rpc UpdateDynamicWindowsDesktop(UpdateDynamicWindowsDesktopRequest) returns (types.DynamicWindowsDesktopV1);
+  // UpsertDynamicWindowsDesktop updates an existing dynamic Windows desktop or creates new if it doesn't exist.
+  rpc UpsertDynamicWindowsDesktop(UpsertDynamicWindowsDesktopRequest) returns (types.DynamicWindowsDesktopV1);
   // DeleteDynamicWindowsDesktop removes the specified dynamic Windows desktop.
   rpc DeleteDynamicWindowsDesktop(DeleteDynamicWindowsDesktopRequest) returns (google.protobuf.Empty);
 }
@@ -63,18 +65,24 @@ message GetDynamicWindowsDesktopRequest {
   string name = 1;
 }
 
-// CreateDynamicWindowsDesktopRequest is a request for a specific dynamic Windows desktop.
+// CreateDynamicWindowsDesktopRequest is used for creating new dynamic Windows desktops.
 message CreateDynamicWindowsDesktopRequest {
   // desktop to be created
   types.DynamicWindowsDesktopV1 desktop = 1;
 }
 
-// UpdateDynamicWindowsDesktopRequest is a request for a specific dynamic Windows desktop.
+// UpdateDynamicWindowsDesktopRequest is used for updating existing dynamic Windows desktops.
 message UpdateDynamicWindowsDesktopRequest {
   // desktop to be updated
   types.DynamicWindowsDesktopV1 desktop = 1;
 }
 
+// UpsertDynamicWindowsDesktopRequest is used for upserting dynamic Windows desktops.
+message UpsertDynamicWindowsDesktopRequest {
+  // desktop to be upserted
+  types.DynamicWindowsDesktopV1 desktop = 1;
+}
+
 // DeleteDynamicWindowsDesktopRequest is a request to delete a Windows desktop host.
 message DeleteDynamicWindowsDesktopRequest {
   // name is the name of the Windows desktop host.

diff --git a/api/proto/teleport/legacy/client/proto/authservice.proto b/api/proto/teleport/legacy/client/proto/authservice.proto
@@ -581,6 +581,8 @@ message Features {
   // NOTE: this flag is used to signal that Access Monitoring is *enabled* on a cluster.
   // *Access* to the feature is gated on the `AccessMonitoring` entitlement.
   bool AccessMonitoringConfigured = 36;
+  // CloudAnonymizationKey is a hash of the Salesforce ID used to anonymize usage events
+  bytes CloudAnonymizationKey = 37 [(gogoproto.jsontag) = "cloud_anonymization_key,omitempty"];
 }
 
 // EntitlementInfo is the state and limits of a particular entitlement

diff --git a/api/proto/teleport/legacy/types/types.proto b/api/proto/teleport/legacy/types/types.proto
@@ -6236,6 +6236,8 @@ message PluginSpecV1 {
     PluginDatadogAccessSettings datadog = 15;
     // PluginAWSICSettings holds settings for AWSICSettings
     PluginAWSICSettings aws_ic = 16;
+    // Settings for the Email Access Request plugin
+    PluginEmailSettings email = 17;
   }
 
   // generation contains a unique ID that should:
@@ -6576,6 +6578,45 @@ message AWSICProvisioningSpec {
   string bearer_token = 2;
 }
 
+// PluginEmailSettings holds the settings for an Email Access Request plugin.
+message PluginEmailSettings {
+  option (gogoproto.equal) = true;
+
+  // Sender specifies the email sender.
+  string sender = 1;
+  // FallbackRecipient specifies the default recipient.
+  string fallback_recipient = 2;
+
+  // Spec configures the mail service settings.
+  oneof spec {
+    // MailgunSpec configures Mailgun service settings.
+    MailgunSpec mailgun_spec = 3;
+    // SmtpSpec configures generic SMTP service settings.
+    SMTPSpec smtp_spec = 4;
+  }
+}
+
+// MailgunSpec holds Mailgun-specific settings.
+message MailgunSpec {
+  option (gogoproto.equal) = true;
+
+  // Domain specifies the Mailgun sending domain.
+  string domain = 1;
+}
+
+// SMTPSpec holds a generic SMTP service specific settings.
+message SMTPSpec {
+  option (gogoproto.equal) = true;
+
+  // Host specifies the SMTP service host name.
+  string host = 1;
+  // Port specifies the SMTP service port number.
+  int32 port = 2;
+  // StartTLSPolicy specifies the SMTP start TLS policy used to send emails over
+  // SMTP.
+  string start_tls_policy = 3;
+}
+
 message PluginBootstrapCredentialsV1 {
   oneof credentials {
     PluginOAuth2AuthorizationCodeCredentials oauth2_authorization_code = 1;

diff --git a/api/types/plugin.go b/api/types/plugin.go
@@ -43,6 +43,7 @@ var AllPluginTypes = []PluginType{
 	PluginTypeSCIM,
 	PluginTypeDatadog,
 	PluginTypeAWSIdentityCenter,
+	PluginTypeEmail,
 }
 
 const (
@@ -78,6 +79,8 @@ const (
 	PluginTypeDatadog = "datadog"
 	// PluginTypeAWSIdentityCenter indicates AWS Identity Center plugin
 	PluginTypeAWSIdentityCenter = "aws-identity-center"
+	// PluginTypeEmail indicates an Email Access Request plugin
+	PluginTypeEmail = "email"
 )
 
 // PluginSubkind represents the type of the plugin, e.g., access request, MDM etc.
@@ -356,6 +359,20 @@ func (p *PluginV1) CheckAndSetDefaults() error {
 		if err := settings.AwsIc.CheckAndSetDefaults(); err != nil {
 			return trace.Wrap(err)
 		}
+	case *PluginSpecV1_Email:
+		if settings.Email == nil {
+			return trace.BadParameter("missing Email settings")
+		}
+		if err := settings.Email.CheckAndSetDefaults(); err != nil {
+			return trace.Wrap(err)
+		}
+		staticCreds := p.Credentials.GetStaticCredentialsRef()
+		if staticCreds == nil {
+			return trace.BadParameter("Email plugin must be used with the static credentials ref type")
+		}
+		if len(staticCreds.Labels) == 0 {
+			return trace.BadParameter("labels must be specified")
+		}
 	default:
 		return nil
 	}
@@ -522,6 +539,8 @@ func (p *PluginV1) GetType() PluginType {
 		return PluginTypeDatadog
 	case *PluginSpecV1_AwsIc:
 		return PluginTypeAWSIdentityCenter
+	case *PluginSpecV1_Email:
+		return PluginTypeEmail
 	default:
 		return PluginTypeUnknown
 	}
@@ -740,6 +759,55 @@ func (c *AWSICProvisioningSpec) CheckAndSetDefaults() error {
 	return nil
 }
 
+func (c *PluginEmailSettings) CheckAndSetDefaults() error {
+	if c.Sender == "" {
+		return trace.BadParameter("sender must be set")
+	}
+	if c.FallbackRecipient == "" {
+		return trace.BadParameter("fallback_recipient must be set")
+	}
+
+	switch spec := c.GetSpec().(type) {
+	case *PluginEmailSettings_MailgunSpec:
+		if c.GetMailgunSpec() == nil {
+			return trace.BadParameter("missing Mailgun Spec")
+		}
+		if err := c.GetMailgunSpec().CheckAndSetDefaults(); err != nil {
+			return trace.Wrap(err)
+		}
+	case *PluginEmailSettings_SmtpSpec:
+		if c.GetSmtpSpec() == nil {
+			return trace.BadParameter("missing SMTP Spec")
+		}
+		if err := c.GetSmtpSpec().CheckAndSetDefaults(); err != nil {
+			return trace.Wrap(err)
+		}
+	default:
+		return trace.BadParameter("unknown email spec: %T", spec)
+	}
+	return nil
+}
+
+func (c *MailgunSpec) CheckAndSetDefaults() error {
+	if c.Domain == "" {
+		return trace.BadParameter("domain must be set")
+	}
+	return nil
+}
+
+func (c *SMTPSpec) CheckAndSetDefaults() error {
+	if c.Host == "" {
+		return trace.BadParameter("host must be set")
+	}
+	if c.Port == 0 {
+		return trace.BadParameter("port must be set")
+	}
+	if c.StartTlsPolicy == "" {
+		return trace.BadParameter("start TLS policy must be set")
+	}
+	return nil
+}
+
 // GetCode returns the status code
 func (c PluginStatusV1) GetCode() PluginStatusCode {
 	return c.Code