Add the debug command tsh fido2 attobj
#25740
Conversation
github-actions
bot
added
size/md
tsh
|
The helper comes in handy when trying to compare registered credentials, since we don't record this information "unpacked" in other places. |
There was a problem hiding this comment.
I think generally I don't mind tsh being used for debugging tools - we'll need to keep an eye on binary size over time but it seems currently that building out pipelines for distributing other tooling seems quite time-consuming, so for now this seems fine.
Part of me wonders if something like tctl is more a natural home for them for commands that an administrator might use to debug parts of their cluster, I can also envision cases where support teams are working with customer user's that do not have tctl available - and - in many cases, debug commands may need to leverage a connection to a Proxy which tctl does not provide for.
codingllama
force-pushed
the
codingllama/fido2-attobj
branch
from
70ccdf7
to
416361a
Compare
|
PTAL @zmb3 ? |
public-teleport-github-review-bot
bot
removed request for
tobiaszheller,
xacrimon and
rosstimothy
|
@codingllama See the table below for backport results.
|
* Refactor `tsh fido2` root command * Add the `tsh fido2 attobj` command * Use trace.Wrap * Log swallowed error * Make argument required
* Add the debug command `tsh fido2 attobj` (#25740) * Refactor `tsh fido2` root command * Add the `tsh fido2 attobj` command * Use trace.Wrap * Log swallowed error * Make argument required * Change imports to duo-labs
Add a helper/debug command to parse attestation objects.
Useful when inspecting MFA devices, otherwise attestation objects are rather opaque to inspect. Works directly with data acquired from
tctl get users/foo --with-secrets.