Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v17] Allow including Access Lists as nested members and owners #48312

Merged
merged 1 commit into from
Nov 2, 2024
Merged

[v17] Allow including Access Lists as nested members and owners #48312

merged 1 commit into from
Nov 2, 2024

Conversation

kiosion
Copy link
Contributor

@kiosion kiosion commented Nov 1, 2024

Backport #38738 for v17.

changelog: Allow nested inclusion of Access Lists as Members and Owners in other Access Lists

@github-actions github-actions bot added backport size/md tctl tctl - Teleport admin tool tsh tsh - Teleport's command line tool for logging into nodes running Teleport. ui labels Nov 1, 2024
@public-teleport-github-review-bot public-teleport-github-review-bot bot removed the request for review from fspmarshall November 1, 2024 21:04
@kiosion kiosion force-pushed the maxim/v17/nested-accesslists branch from 83fcec6 to 923103e Compare November 1, 2024 23:19
@kiosion
feat: Allow including Access Lists as nested members and owners
1f89379 
- Recursively check for accesslist membership

- Allow adding/removing/listing included access lists in acl commands

- Add a recursive test

- Use dynamic access lists structure from RFD

- Resolve proto changes

- Exclude 'list' members from Access List memberCount

- Calc Access List member count with members of type 'list' excluded,
  return seperately to front end

- Update examples/integrations

- Update crd docs

- Update tf docs

- Perform calculation of inherited roles/traits to AccessList service in
  order to utilize cache and minimize number of requests.

- Grant Okta integration RO for Access Lists

- Update AccessListMember-* events

- Include count for inherited grants

- Include MembershipKind of affected member(s)

- Emit inherited grants / members' MembershipKind for AccessListMember-*
  events

- Update notified owners for Access Requests

- Ensure dynamic owners are notified for Access Requests

- Ensure dynamic owners are notified via Slack integration

- Optionally pass an AbortSignal to `fetchAccessLists` in Web UI

- Replace usages of `services.IsAccessListOwner/IsAccessListMember` with
  equivelant funcs from `Hierarchy`

- Remove final references to AccessListMembershipChecker

- Don't allow ACL deletion when member/owner in other lists

- Guard Access List deletion behind membership/ownership checks for List

- Expose Hierarchy func to recursively get all members

- Tidy UserLoginStateGenerator logic involving ACL Membership/Ownership
@kiosion kiosion force-pushed the maxim/v17/nested-accesslists branch from 923103e to 1f89379 Compare November 2, 2024 00:09
@kiosion kiosion enabled auto-merge November 2, 2024 00:14
@kiosion kiosion added this pull request to the merge queue Nov 2, 2024
Merged via the queue into branch/v17 with commit b8a246d Nov 2, 2024
44 checks passed
@kiosion kiosion deleted the maxim/v17/nested-accesslists branch November 2, 2024 00:46
@camscale camscale mentioned this pull request Nov 3, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smallinsky smallinsky smallinsky approved these changes

@r0mant r0mant r0mant approved these changes

Assignees
No one assigned
Labels
backport size/md tctl tctl - Teleport admin tool tsh tsh - Teleport's command line tool for logging into nodes running Teleport. ui
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kiosion @r0mant @smallinsky