Documentation on SSO and Teleport Cloud does not work to edit CAP resource #11840
Comments
ptgott
added a commit
that referenced
this issue
May 10, 2022
Closes #11840 Since Cloud accounts begin with a cluster_auth_preference resource, you need to obtain your current resource via tctl get and make changes, rather than creating a fresh one. This changes Cloud instructions in several guides to reflect this. Also use the same instructions for self-hosted users. If a CAP does not exist on the backend, the shell redirection used in the "tctl get" command will result in an empty file, which follows the existing instructions with minimal changes. Also update the instructions related to u2f in the Reducing the Blast Radius guide.
ptgott
added a commit
that referenced
this issue
May 24, 2022
Closes #11840 Since Cloud accounts begin with a cluster_auth_preference resource, you need to obtain your current resource via tctl get and make changes, rather than creating a fresh one. This changes Cloud instructions in several guides to reflect this. Also use the same instructions for self-hosted users. If a CAP does not exist on the backend, the shell redirection used in the "tctl get" command will result in an empty file, which follows the existing instructions with minimal changes. Also update the instructions related to u2f in the Reducing the Blast Radius guide.
ptgott
added a commit
that referenced
this issue
Jun 1, 2022
Closes #11840 Since Cloud accounts begin with a cluster_auth_preference resource, you need to obtain your current resource via tctl get and make changes, rather than creating a fresh one. This changes Cloud instructions in several guides to reflect this. Also use the same instructions for self-hosted users. If a CAP does not exist on the backend, the shell redirection used in the "tctl get" command will result in an empty file, which follows the existing instructions with minimal changes. Also update the instructions related to u2f in the Reducing the Blast Radius guide.
ptgott
added a commit
that referenced
this issue
Jun 1, 2022
Closes #11840 Since Cloud accounts begin with a cluster_auth_preference resource, you need to obtain your current resource via tctl get and make changes, rather than creating a fresh one. This changes Cloud instructions in several guides to reflect this. Also use the same instructions for self-hosted users. If a CAP does not exist on the backend, the shell redirection used in the "tctl get" command will result in an empty file, which follows the existing instructions with minimal changes. Also update the instructions related to u2f in the Reducing the Blast Radius guide.
ptgott
added a commit
that referenced
this issue
Jun 2, 2022
Closes #11840 Since Cloud accounts begin with a cluster_auth_preference resource, you need to obtain your current resource via tctl get and make changes, rather than creating a fresh one. This changes Cloud instructions in several guides to reflect this. Also use the same instructions for self-hosted users. If a CAP does not exist on the backend, the shell redirection used in the "tctl get" command will result in an empty file, which follows the existing instructions with minimal changes. Also update the instructions related to u2f in the Reducing the Blast Radius guide.
ptgott
added a commit
that referenced
this issue
Jun 2, 2022
Closes #11840 Since Cloud accounts begin with a cluster_auth_preference resource, you need to obtain your current resource via tctl get and make changes, rather than creating a fresh one. This changes Cloud instructions in several guides to reflect this. Also use the same instructions for self-hosted users. If a CAP does not exist on the backend, the shell redirection used in the "tctl get" command will result in an empty file, which follows the existing instructions with minimal changes. Also update the instructions related to u2f in the Reducing the Blast Radius guide.
ptgott
added a commit
that referenced
this issue
Jun 3, 2022
Closes #11840 Since Cloud accounts begin with a cluster_auth_preference resource, you need to obtain your current resource via tctl get and make changes, rather than creating a fresh one. This changes Cloud instructions in several guides to reflect this. Also use the same instructions for self-hosted users. If a CAP does not exist on the backend, the shell redirection used in the "tctl get" command will result in an empty file, which follows the existing instructions with minimal changes. Also update the instructions related to u2f in the Reducing the Blast Radius guide.
ptgott
added a commit
that referenced
this issue
Jun 3, 2022
* Flesh out CAP instructions Closes #11840 Since Cloud accounts begin with a cluster_auth_preference resource, you need to obtain your current resource via tctl get and make changes, rather than creating a fresh one. This changes Cloud instructions in several guides to reflect this. Also use the same instructions for self-hosted users. If a CAP does not exist on the backend, the shell redirection used in the "tctl get" command will result in an empty file, which follows the existing instructions with minimal changes. Also update the instructions related to u2f in the Reducing the Blast Radius guide. * Respond to PR feedback
ptgott
added a commit
that referenced
this issue
Jun 3, 2022
Closes #11840 Since Cloud accounts begin with a cluster_auth_preference resource, you need to obtain your current resource via tctl get and make changes, rather than creating a fresh one. This changes Cloud instructions in several guides to reflect this. Also use the same instructions for self-hosted users. If a CAP does not exist on the backend, the shell redirection used in the "tctl get" command will result in an empty file, which follows the existing instructions with minimal changes. Also update the instructions related to u2f in the Reducing the Blast Radius guide.
ptgott
added a commit
that referenced
this issue
Jun 3, 2022
* Flesh out CAP instructions Closes #11840 Since Cloud accounts begin with a cluster_auth_preference resource, you need to obtain your current resource via tctl get and make changes, rather than creating a fresh one. This changes Cloud instructions in several guides to reflect this. Also use the same instructions for self-hosted users. If a CAP does not exist on the backend, the shell redirection used in the "tctl get" command will result in an empty file, which follows the existing instructions with minimal changes. Also update the instructions related to u2f in the Reducing the Blast Radius guide. * Respond to PR feedback
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Details
The following documentation does not work for Teleport cloud users: https://goteleport.com/docs/enterprise/sso/okta/?scope=cloud#enable-default-saml-authentication
Since the Teleport cloud CAP resource already exists in Teleport cloud, the mentioned documentation does not actually apply the resource. It only works if all metadata information from the current CAP resource is also included.
My recommendation for cloud users would be to run
tctl get cap > cap.yamland edit this file directly as this works consistentlyThe text was updated successfully, but these errors were encountered: