Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure custom PIV slot for hardware key support #31732

Merged
merged 6 commits into from
Oct 11, 2023
Merged

Configure custom PIV slot for hardware key support #31732

merged 6 commits into from
Oct 11, 2023

Conversation

Joerger
Copy link
Contributor

@Joerger Joerger commented Sep 11, 2023
edited

Add support for configuring a custom PIV slot for hardware key support through client or server settings:

  • tsh --piv-slot=9d or TELEPORT_PIV_SLOT=9d tsh
  • teleport.auth_service.authentication.piv_slot: 9a
  • cluster_auth_preference.piv_slot: 9a

Other changes:

  • Refactor client retry-with-hardwarekey logic.

e PR: https://github.com/gravitational/teleport.e/pull/2191

Follow up PR: #32275

@github-actions github-actions bot requested review from tcsc and zmb3 September 11, 2023 20:20
@github-actions github-actions bot added size/md tsh tsh - Teleport's command line tool for logging into nodes running Teleport. labels Sep 11, 2023
@Joerger Joerger force-pushed the joerger/custom-piv-slot branch 3 times, most recently from 5e73ce0 to 1c50d89 Compare September 11, 2023 20:58
@Joerger Joerger mentioned this pull request Sep 12, 2023
Merged
@Joerger Joerger marked this pull request as draft September 14, 2023 21:00
@Joerger Joerger mentioned this pull request Sep 18, 2023
Closed
@Joerger Joerger changed the title Add tsh --piv-slot Configure custom PIV slot for hardware key support Sep 20, 2023
@Joerger Joerger marked this pull request as ready for review September 20, 2023 00:51
@github-actions github-actions bot added the rfd Request for Discussion label Sep 20, 2023
ravicious
ravicious reviewed Sep 20, 2023
View reviewed changes
Copy link
Member

@ravicious ravicious left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't manage to get through the whole PR today, I'll continue the review tomorrow.

lib/client/api.go Outdated Show resolved Hide resolved
@ravicious ravicious self-requested a review September 20, 2023 14:15
@Joerger
Copy link
Contributor Author

Joerger commented Sep 20, 2023

I didn't manage to get through the whole PR today, I'll continue the review tomorrow.

Thanks Rafael, this PR grew larger than I intended. I'll try splitting it up into 1 or 2 more PRs for easier review.

@Joerger Joerger mentioned this pull request Sep 20, 2023
Merged
@Joerger Joerger changed the base branch from master to joerger/custom-piv-slot-base September 20, 2023 23:20
@Joerger Joerger force-pushed the joerger/custom-piv-slot branch 3 times, most recently from 4b9a235 to 8060194 Compare September 20, 2023 23:39
@Joerger Joerger mentioned this pull request Sep 20, 2023
Merged
@Joerger Joerger mentioned this pull request Sep 21, 2023
Merged
@Joerger Joerger force-pushed the joerger/custom-piv-slot branch 2 times, most recently from 3c36c37 to a3a1509 Compare September 27, 2023 19:30
@Joerger Joerger changed the base branch from joerger/custom-piv-slot-base to joerger/piv-client-side-attestation September 27, 2023 19:31
@Joerger Joerger force-pushed the joerger/piv-client-side-attestation branch from 97d3f06 to 550cf20 Compare September 28, 2023 18:25
Base automatically changed from joerger/piv-client-side-attestation to master September 29, 2023 00:27
@Joerger Joerger force-pushed the joerger/custom-piv-slot branch 2 times, most recently from f660dbc to bdccdc6 Compare September 29, 2023 18:30
@Joerger
Copy link
Contributor Author

Joerger commented Sep 29, 2023

@tcsc @zmb3 friendly ping to review

@Joerger
Copy link
Contributor Author

Joerger commented Oct 9, 2023

@tcsc @zmb3 friendly ping

@Joerger Joerger mentioned this pull request Oct 9, 2023
Merged
jakule
jakule approved these changes Oct 10, 2023
View reviewed changes
api/utils/keys/yubikey.go Outdated Show resolved Hide resolved
api/utils/keys/yubikey.go Outdated Show resolved Hide resolved
api/utils/keys/yubikey.go Show resolved Hide resolved
api/utils/keys/yubikey_common.go Show resolved Hide resolved
@Joerger Joerger added this pull request to the merge queue Oct 11, 2023
Merged via the queue into master with commit a36d4d1 Oct 11, 2023
34 checks passed
@Joerger Joerger deleted the joerger/custom-piv-slot branch October 11, 2023 01:54
Joerger added a commit that referenced this pull request Oct 12, 2023
@Joerger
Configure custom PIV slot for hardware key support (#31732)
56e82b0 
* Update RFD.

* Add custom PIV slot logic.

* Add custom piv slot to cluster auth preference.

* Fix error handling of parsing private key policy errors.

* Add new PIVSlot string type.
@Joerger Joerger mentioned this pull request Oct 12, 2023
Merged
Joerger added a commit that referenced this pull request Oct 14, 2023
@Joerger
Configure custom PIV slot for hardware key support (#31732)
e36f7d9 
* Update RFD.

* Add custom PIV slot logic.

* Add custom piv slot to cluster auth preference.

* Fix error handling of parsing private key policy errors.

* Add new PIVSlot string type.
github-merge-queue bot pushed a commit that referenced this pull request Oct 14, 2023
@Joerger
Configure custom PIV slot for hardware key support (#31732) (#33352)
df2b503 
* Update RFD.

* Add custom PIV slot logic.

* Add custom piv slot to cluster auth preference.

* Fix error handling of parsing private key policy errors.

* Add new PIVSlot string type.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ravicious ravicious ravicious approved these changes

@jakule jakule jakule approved these changes

Assignees
No one assigned
Labels
rfd Request for Discussion size/md tsh tsh - Teleport's command line tool for logging into nodes running Teleport.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Joerger @ravicious @jakule