Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mfa: don't check MFA for teleport services in UpsertKubeService #6129

Merged
merged 1 commit into from
Mar 24, 2021
Merged

mfa: don't check MFA for teleport services in UpsertKubeService #6129

merged 1 commit into from
Mar 24, 2021

Conversation

awly
Copy link
Contributor

@awly awly commented Mar 24, 2021

No description provided.

@awly awly added this to the 6.1 milestone Mar 24, 2021
r0mant
r0mant approved these changes Mar 24, 2021
View reviewed changes
lib/auth/auth_with_roles.go
@@ -2625,8 +2625,14 @@ func (a *ServerWithRoles) UpsertKubeService(ctx context.Context, s services.Serv
if err != nil {
return trace.Wrap(err)
}
_, isService := a.context.Checker.(BuiltinRoleSet)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can only kube service do this? There's hasBuiltinRole if you wanted to check for only kube service here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Kube or Proxy.
We already have this enforced in e.g. https://github.com/gravitational/teleport/blob/master/lib/auth/permissions.go#L547, I'd rather not duplicate that authz logic here.

@awly awly enabled auto-merge (squash) March 24, 2021 19:59
@awly awly merged commit 598e287 into master Mar 24, 2021
@awly awly deleted the andrew/upsert_kube_no_mfa branch March 24, 2021 20:11
awly pushed a commit that referenced this pull request Mar 25, 2021
mfa: don't check MFA for teleport services in UpsertKubeService (#6129)
edbfd22
@awly awly mentioned this pull request Mar 25, 2021
Merged
awly pushed a commit that referenced this pull request Mar 29, 2021
mfa: don't check MFA for teleport services in UpsertKubeService (#6129)
08988fd
awly pushed a commit that referenced this pull request Mar 29, 2021
@awly
mfa: don't check MFA for teleport services in UpsertKubeService (#6129)
31fc369
@webvictim webvictim mentioned this pull request May 5, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@r0mant r0mant r0mant approved these changes

@klizhentas klizhentas Awaiting requested review from klizhentas

@russjones russjones Awaiting requested review from russjones

Assignees

@andrejtokarcik andrejtokarcik

@Joerger Joerger

Labels
None yet
Projects
None yet
Milestone
6.1
Development

Successfully merging this pull request may close these issues.
4 participants
@awly @r0mant @andrejtokarcik @Joerger