Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document managing users, roles and accesslists through IaC #36622

Merged
merged 8 commits into from Feb 13, 2024
Merged

Document managing users, roles and accesslists through IaC #36622

merged 8 commits into from Feb 13, 2024

Conversation

hugoShaka
Copy link
Contributor

@hugoShaka hugoShaka commented Jan 12, 2024
edited by ptgott

Closes #23097

This PR adds the following pages:

  • Document the different user types in the reference
  • Create a common IaC guide creating users and roles for all 3 IaC methods: tctl, terraform, operator
  • Create a common IaC guide creating Access Lists for all 3 IaC methods

Requires a tctl containing those fixes: #36572

@hugoShaka hugoShaka added documentation tctl tctl - Teleport admin tool kube-operator Issues related to Kube Operator terraform Legacy Terraform label no-changelog Indicates that a PR does not require a changelog entry labels Jan 12, 2024
@github-actions GitHub Actions
Copy link

🤖 Vercel preview here: https://docs-ptogzm6cq-goteleport.vercel.app/docs/ver/preview

@github-actions GitHub Actions
Copy link

🤖 Vercel preview here: https://docs-noaripxt8-goteleport.vercel.app/docs/ver/preview

@ptgott
Copy link
Contributor

ptgott commented Jan 22, 2024

I owe you a review of this. I'll make time to provide one this week!

r0mant
r0mant approved these changes Jan 23, 2024
View reviewed changes
Copy link
Collaborator

@r0mant r0mant left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few comments but overall lgtm.

docs/config.json Outdated Show resolved Hide resolved
docs/pages/includes/diagnostics/kubernetes-operator-troubleshooting.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources/access-list.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources/access-list.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources/access-list.mdx Outdated Show resolved Hide resolved
docs/pages/reference/user-types.mdx Outdated Show resolved Hide resolved
docs/pages/reference/user-types.mdx Outdated Show resolved Hide resolved
docs/pages/reference/user-types.mdx Outdated Show resolved Hide resolved
docs/pages/reference/user-types.mdx Outdated Show resolved Hide resolved
docs/pages/reference/user-types.mdx Outdated Show resolved Hide resolved
ptgott
ptgott reviewed Jan 24, 2024
View reviewed changes
Copy link
Contributor

@ptgott ptgott left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this change! We have how-to instructions throughout the docs for creating users and roles with tctl, so it's nice to also have how-to instructions for other client tools as tabbed instructions.

docs/config.json Outdated Show resolved Hide resolved
docs/config.json Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources/access-list.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources/access-list.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources/access-list.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources/access-list.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources/access-list.mdx Outdated Show resolved Hide resolved
ptgott
ptgott reviewed Jan 24, 2024
View reviewed changes
Copy link
Contributor

@ptgott ptgott left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Going to review the "User and Role" and "User Types" pages later this week.

docs/pages/management/dynamic-resources/access-list.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources/access-list.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources/access-list.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources/access-list.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources/access-list.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources/access-list.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources/access-list.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources/teleport-operator-helm.mdx Outdated Show resolved Hide resolved
ptgott
ptgott reviewed Jan 26, 2024
View reviewed changes
Copy link
Contributor

@ptgott ptgott left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll review the "User Types" guide next week

docs/pages/management/dynamic-resources.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources/user-and-role.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources/user-and-role.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources/user-and-role.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources/user-and-role.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources/user-and-role.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources/user-and-role.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources/user-and-role.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources/user-and-role.mdx Outdated Show resolved Hide resolved
docs/pages/management/dynamic-resources/user-and-role.mdx Outdated Show resolved Hide resolved
ptgott
ptgott reviewed Jan 30, 2024
View reviewed changes
docs/pages/reference/user-types.mdx Show resolved Hide resolved
docs/pages/reference/user-types.mdx Outdated Show resolved Hide resolved
docs/pages/reference/user-types.mdx Outdated

## Local Users

Local users are created directly in Teleport. They are not coming from an
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would expand on what "directly" means here, e.g., talking about the Auth Service backend.

Also, should we mention that local users are dynamic resources and link to the relevant docs on dynamic resources?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I removed "directly". Both local and non-local are dynamic resources and living in the Teleport backend. From a technical pov, the implementation is identical.

docs/pages/reference/user-types.mdx Outdated Show resolved Hide resolved
docs/pages/reference/user-types.mdx Outdated Show resolved Hide resolved
docs/pages/reference/user-types.mdx Outdated Show resolved Hide resolved
docs/pages/reference/user-types.mdx Outdated Show resolved Hide resolved
docs/pages/reference/user-types.mdx Outdated Show resolved Hide resolved
docs/pages/reference/user-types.mdx Outdated Show resolved Hide resolved
docs/pages/reference/user-types.mdx Outdated Show resolved Hide resolved
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 2, 2024

🤖 Vercel preview here: https://docs-ch7c5ottv-goteleport.vercel.app/docs/ver/preview

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 2, 2024

🤖 Vercel preview here: https://docs-1vvh08m7e-goteleport.vercel.app/docs/ver/preview

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 2, 2024

🤖 Vercel preview here: https://docs-h9xl65bsx-goteleport.vercel.app/docs/ver/preview

@hugoShaka hugoShaka requested a review from ptgott February 2, 2024 21:44
@hugoShaka
Copy link
Contributor Author

@ptgott I addressed most comments and responded to a couple, the PR is ready for another review

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 2, 2024

🤖 Vercel preview here: https://docs-3kmsqckwv-goteleport.vercel.app/docs/ver/preview

@github-actions GitHub Actions
Copy link

🤖 Vercel preview here: https://docs-9b9h8ah2s-goteleport.vercel.app/docs/ver/preview

@hugoShaka hugoShaka added this pull request to the merge queue Feb 13, 2024
Merged via the queue into master with commit 90c5ea6 Feb 13, 2024
41 checks passed
@hugoShaka hugoShaka deleted the hugo/iac-guides branch February 13, 2024 20:15
@public-teleport-github-review-bot
Copy link

@hugoShaka See the table below for backport results.

Branch Result
branch/v15 Failed

hugoShaka added a commit that referenced this pull request Feb 13, 2024
@hugoShaka @ptgott
Document managing users, roles and accesslists through IaC (#36622)
52cc309 
* Document managing users, roles and accesslists through IaC

* reformat docs/config.json

* address feedback

* Apply suggestions from code review

Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>

* Apply suggestions from code review

Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>

* align label names

* address feedback

* update teleportrole version

---------

Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
@hugoShaka hugoShaka mentioned this pull request Feb 13, 2024
Merged
hugoShaka added a commit that referenced this pull request Feb 20, 2024
@hugoShaka @ptgott
Document managing users, roles and accesslists through IaC (#36622)
03a681b 
* Document managing users, roles and accesslists through IaC

* reformat docs/config.json

* address feedback

* Apply suggestions from code review

Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>

* Apply suggestions from code review

Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>

* align label names

* address feedback

* update teleportrole version

---------

Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
github-merge-queue bot pushed a commit that referenced this pull request Feb 20, 2024
@hugoShaka @ptgott
Document managing users, roles and accesslists through IaC (#36622) (#…
0da1a3c 
…38177)

* Document managing users, roles and accesslists through IaC

* reformat docs/config.json

* address feedback

* Apply suggestions from code review



* Apply suggestions from code review



* align label names

* address feedback

* update teleportrole version

---------

Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benarent benarent benarent left review comments

@r0mant r0mant r0mant approved these changes

@ptgott ptgott ptgott approved these changes

Assignees
No one assigned
Labels
backport/branch/v15 documentation kube-operator Issues related to Kube Operator no-changelog Indicates that a PR does not require a changelog entry size/lg tctl tctl - Teleport admin tool terraform Legacy Terraform label
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Document support for local users in the Kubernetes Operator
4 participants
@hugoShaka @ptgott @r0mant @benarent