Skip to content

Commit

Permalink
Release 17.0.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@r0mant
r0mant committed Nov 15, 2024
1 parent af5b777 commit 5ed70a3
Show file tree
Hide file tree
Showing 47 changed files with 362 additions and 223 deletions.
144 changes: 141 additions & 3 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,148 @@
# Changelog

## 17.0.0 (11/xx/2024)
## 17.0.0 (11/15/2024)

Teleport 17 brings the following new features and improvements:

- Refreshed web UI
- Modern signature algorithms
- (Preview) AWS IAM Identity Center integration
- Hardware key support for Teleport Connect
- Nested access lists

Check failure on line 11 in CHANGELOG.md

View workflow job for this annotation

GitHub Actions / Lint docs prose style 

[vale] reported by reviewdog 🐶
[messaging.capitalization] Capitalize the names of Teleport services and features (access lists is incorrect). See the Core Concepts page (https://goteleport.com/docs/core-concepts/) for a reference.

Raw Output:
{"message": "[messaging.capitalization] Capitalize the names of Teleport services and features (access lists is incorrect). See the Core Concepts page (https://goteleport.com/docs/core-concepts/) for a reference.", "location": {"path": "CHANGELOG.md", "range": {"start": {"line": 11, "column": 10}}}, "severity": "ERROR"}
- Access lists UI/UX improvements
- Signed and notarized macOS assets
- Datadog Incident Management plugin for access requests

Check failure on line 14 in CHANGELOG.md

View workflow job for this annotation

GitHub Actions / Lint docs prose style 

[vale] reported by reviewdog 🐶
[messaging.capitalization] Capitalize the names of Teleport services and features (access requests is incorrect). See the Core Concepts page (https://goteleport.com/docs/core-concepts/) for a reference.

Raw Output:
{"message": "[messaging.capitalization] Capitalize the names of Teleport services and features (access requests is incorrect). See the Core Concepts page (https://goteleport.com/docs/core-concepts/) for a reference.", "location": {"path": "CHANGELOG.md", "range": {"start": {"line": 14, "column": 42}}}, "severity": "ERROR"}
- Hosted Microsoft Teams plugin for access requests

Check failure on line 15 in CHANGELOG.md

View workflow job for this annotation

GitHub Actions / Lint docs prose style 

[vale] reported by reviewdog 🐶
[messaging.capitalization] Capitalize the names of Teleport services and features (access requests is incorrect). See the Core Concepts page (https://goteleport.com/docs/core-concepts/) for a reference.

Raw Output:
{"message": "[messaging.capitalization] Capitalize the names of Teleport services and features (access requests is incorrect). See the Core Concepts page (https://goteleport.com/docs/core-concepts/) for a reference.", "location": {"path": "CHANGELOG.md", "range": {"start": {"line": 15, "column": 37}}}, "severity": "ERROR"}
- Dynamic registration for Windows desktops
- Support for images in web SSH sessions
- `tbot` CLI updates

### ** Not yet released **
### Description

#### Refreshed Web UI

We have updated and improved designs and added a new navigation menu to Teleport
17’s web UI to enhance its usability and scalability.

#### Modern signature algorithms

Teleport 17 admins have the option to use elliptic curve cryptography for the
majority of user, host, and certificate authority key material.

This includes Ed25519 SSH keys and ECDSA TLS keys, replacing the RSA keys used
today.

New clusters will leverage [modern signature algorithms](https://goteleport.com/docs/ver/17.x/reference/signature-algorithms/)
by default. Existing Teleport clusters will continue to use RSA2048 until a CA
rotation is performed.

#### (Preview) AWS IAM Identity Center integration

Teleport 17 integrates with AWS IAM Identity Center to allow users to sync and
manage AWS IC group members via Access Lists.

#### Hardware key support for Teleport Connect

We have extended Teleport 17’s support for
[hardware-backed private keys](https://goteleport.com/docs/admin-guides/access-controls/guides/hardware-key-support/)
to Teleport Connect.

#### Nested access lists

Check failure on line 50 in CHANGELOG.md

View workflow job for this annotation

GitHub Actions / Lint docs prose style 

[vale] reported by reviewdog 🐶
[messaging.capitalization] Capitalize the names of Teleport services and features (access lists is incorrect). See the Core Concepts page (https://goteleport.com/docs/core-concepts/) for a reference.

Raw Output:
{"message": "[messaging.capitalization] Capitalize the names of Teleport services and features (access lists is incorrect). See the Core Concepts page (https://goteleport.com/docs/core-concepts/) for a reference.", "location": {"path": "CHANGELOG.md", "range": {"start": {"line": 50, "column": 13}}}, "severity": "ERROR"}

Teleport 17 admins and access list owners can add access lists as members in

Check failure on line 52 in CHANGELOG.md

View workflow job for this annotation

GitHub Actions / Lint docs prose style 

[vale] reported by reviewdog 🐶
[messaging.capitalization] Capitalize the names of Teleport services and features (access list is incorrect). See the Core Concepts page (https://goteleport.com/docs/core-concepts/) for a reference.

Raw Output:
{"message": "[messaging.capitalization] Capitalize the names of Teleport services and features (access list is incorrect). See the Core Concepts page (https://goteleport.com/docs/core-concepts/) for a reference.", "location": {"path": "CHANGELOG.md", "range": {"start": {"line": 52, "column": 24}}}, "severity": "ERROR"}

Check failure on line 52 in CHANGELOG.md

View workflow job for this annotation

GitHub Actions / Lint docs prose style 

[vale] reported by reviewdog 🐶
[messaging.capitalization] Capitalize the names of Teleport services and features (access lists is incorrect). See the Core Concepts page (https://goteleport.com/docs/core-concepts/) for a reference.

Raw Output:
{"message": "[messaging.capitalization] Capitalize the names of Teleport services and features (access lists is incorrect). See the Core Concepts page (https://goteleport.com/docs/core-concepts/) for a reference.", "location": {"path": "CHANGELOG.md", "range": {"start": {"line": 52, "column": 51}}}, "severity": "ERROR"}
other access lists.

Check failure on line 53 in CHANGELOG.md

View workflow job for this annotation

GitHub Actions / Lint docs prose style 

[vale] reported by reviewdog 🐶
[messaging.capitalization] Capitalize the names of Teleport services and features (access lists is incorrect). See the Core Concepts page (https://goteleport.com/docs/core-concepts/) for a reference.

Raw Output:
{"message": "[messaging.capitalization] Capitalize the names of Teleport services and features (access lists is incorrect). See the Core Concepts page (https://goteleport.com/docs/core-concepts/) for a reference.", "location": {"path": "CHANGELOG.md", "range": {"start": {"line": 53, "column": 7}}}, "severity": "ERROR"}

See details in the [documentation](https://goteleport.com/docs/ver/17.x/admin-guides/access-controls/access-lists/nested-access-lists/).

#### Access lists UI/UX improvements

Teleport 17 web UI has an updated access lists page that will include the new

Check failure on line 59 in CHANGELOG.md

View workflow job for this annotation

GitHub Actions / Lint docs prose style 

[vale] reported by reviewdog 🐶
[messaging.capitalization] Capitalize the names of Teleport services and features (access lists is incorrect). See the Core Concepts page (https://goteleport.com/docs/core-concepts/) for a reference.

Raw Output:
{"message": "[messaging.capitalization] Capitalize the names of Teleport services and features (access lists is incorrect). See the Core Concepts page (https://goteleport.com/docs/core-concepts/) for a reference.", "location": {"path": "CHANGELOG.md", "range": {"start": {"line": 59, "column": 35}}}, "severity": "ERROR"}
table view, improved search and filtering capabilities.

#### Signed and notarized macOS assets

Starting from Teleport 17 macOS `teleport.pkg` installer includes signed and
notarized `tsh.app` and `tctl.app` so downloading a separate tsh.pkg to use
Touch ID is no longer necessary.

In addition, Teleport 17 event handler and Terraform provider for macOS are also
signed and notarized.

#### Datadog Incident Management plugin for access requests

Check failure on line 71 in CHANGELOG.md

View workflow job for this annotation

GitHub Actions / Lint docs prose style 

[vale] reported by reviewdog 🐶
[messaging.capitalization] Capitalize the names of Teleport services and features (access requests is incorrect). See the Core Concepts page (https://goteleport.com/docs/core-concepts/) for a reference.

Raw Output:
{"message": "[messaging.capitalization] Capitalize the names of Teleport services and features (access requests is incorrect). See the Core Concepts page (https://goteleport.com/docs/core-concepts/) for a reference.", "location": {"path": "CHANGELOG.md", "range": {"start": {"line": 71, "column": 45}}}, "severity": "ERROR"}

Teleport 17 supports PagerDuty-like integration with Datadog's [on-call](https://docs.datadoghq.com/service_management/on-call/)
and [incident management](https://docs.datadoghq.com/service_management/incident_management/)
APIs for access request notifications.

See the [configuration guide](https://goteleport.com/docs/ver/17.x/admin-guides/access-controls/access-request-plugins/datadog-hosted/).

#### Hosted Microsoft Teams plugin for access requests

Teleport 17 adds support for Microsoft Teams integration for access request
notifications using Teleport web UI without needing to self-host the plugin.

#### Dynamic registration for Windows desktops

Dynamic registration allows Teleport administrators to register new Windows
desktops without having to update the static configuration files read by
Teleport Windows Desktop Service instances.

#### Support for images in web SSH sessions

The SSH console in Teleport’s web UI includes support for rendering images via
both the SIXEL and iTerm Inline Image Protocol (IIP).

#### tbot CLI updates

The `tbot` client now supports starting most outputs and services directly from
the command line with no need for a configuration file using the new
`tbot start <mode>` family of commands. If desired, a given command can be
converted to a YAML configuration file with `tbot configure <mode>`.

Additionally, `tctl` now supports inspection and management of bot instances using
the `tctl bots instances` family of commands. This allows onboarding of new
instances for existing bots with `tctl bots instances add`, and inspection of
existing instances with `tctl bots instances list`.

### Breaking changes and deprecations

#### macOS assets

Starting with version 17, Teleport no longer provides a separate `tsh.pkg` macOS
package.

Instead, `teleport.pkg` and all macOS tarballs include signed and notarized
`tsh.app` and `tctl.app`.

#### Enforced stricter requirements for SSH hostnames

Hostnames are only allowed if they are less than 257 characters and consist of
only alphanumeric characters and the symbols `.` and `-`.

Any hostname that violates the new restrictions will be changed, the original
hostname will be moved to the `teleport.internal/invalid-hostname` label for
discoverability.

Any Teleport agents with an invalid hostname will be replaced with the host UUID.
Any Agentless OpenSSH Servers with an invalid hostname will be replaced with
the host of the address, if it is valid, or a randomly generated identifier.
Any hosts with invalid hostnames should be updated to comply with the new
requirements to avoid Teleport renaming them.

#### `TELEPORT_ALLOW_NO_SECOND_FACTOR` removed

As of Teleport 16, multi-factor authentication is required for local users. To
assist with upgrades, Teleport 16 included a temporary opt-out mechanism via the
`TELEPORT_ALLOW_NO_SECOND_FACTOR` environment variable. This opt-out mechanism
has been removed.

#### TOTP for per-session MFA

Teleport 17 is the last release where `tsh` will allow for using TOTP with
per-session MFA. Starting with Teleport 18, `tsh` will require a strong webauthn
credential for per-session MFA.

* Refreshed the Web UI and Teleport Connect UI design [#46812](https://github.com/gravitational/teleport/pull/46812)
TOTP will continue to be accepted for the initial login.

## 16.4.6 (10/22/2024)

Expand Down
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
# Stable releases: "1.0.0"
# Pre-releases: "1.0.0-alpha.1", "1.0.0-beta.2", "1.0.0-rc.3"
# Master/dev branch: "1.0.0-dev"
VERSION=17.0.0-rc.3
VERSION=17.0.0

DOCKER_IMAGE ?= teleport

Expand Down
2 changes: 1 addition & 1 deletion api/version.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions build.assets/macos/tsh/tsh.app/Contents/Info.plist
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,13 +19,13 @@
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
<string>1.0</string>
<string>17.0.0</string>
<key>CFBundleSupportedPlatforms</key>
<array>
<string>MacOSX</string>
</array>
<key>CFBundleVersion</key>
<string>1.0</string>
<string>17.0.0</string>
<key>DTCompiler</key>
<string>com.apple.compilers.llvm.clang.1_0</string>
<key>DTPlatformBuild</key>
Expand Down
4 changes: 2 additions & 2 deletions build.assets/macos/tshdev/tsh.app/Contents/Info.plist
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,13 @@
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
<string>1.0</string>
<string>17.0.0</string>
<key>CFBundleSupportedPlatforms</key>
<array>
<string>MacOSX</string>
</array>
<key>CFBundleVersion</key>
<string>1.0</string>
<string>17.0.0</string>
<key>DTCompiler</key>
<string>com.apple.compilers.llvm.clang.1_0</string>
<key>DTPlatformBuild</key>
Expand Down
3 changes: 2 additions & 1 deletion docs/cspell.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -193,6 +193,7 @@
"SIEM",
"SIGINT",
"SIGUSR",
"SIXEL",
"SLAVEOF",
"SLES",
"SLOWLOG",
Expand Down Expand Up @@ -1030,4 +1031,4 @@
"**/reference/terraform-provider/**",
"**/reference/operator-resources/**"
]
}
}
2 changes: 1 addition & 1 deletion examples/chart/access/datadog/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
.version: &version "17.0.0-rc.3"
.version: &version "17.0.0"

apiVersion: v2
name: teleport-plugin-datadog
Expand Down
4 changes: 2 additions & 2 deletions examples/chart/access/datadog/tests/__snapshot__/configmap_test.yaml.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,6 @@ should match the snapshot:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-datadog
app.kubernetes.io/version: 17.0.0-rc.3
helm.sh/chart: teleport-plugin-datadog-17.0.0-rc.3
app.kubernetes.io/version: 17.0.0
helm.sh/chart: teleport-plugin-datadog-17.0.0
name: RELEASE-NAME-teleport-plugin-datadog
8 changes: 4 additions & 4 deletions examples/chart/access/datadog/tests/__snapshot__/deployment_test.yaml.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ should match the snapshot:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-datadog
app.kubernetes.io/version: 17.0.0-rc.3
helm.sh/chart: teleport-plugin-datadog-17.0.0-rc.3
app.kubernetes.io/version: 17.0.0
helm.sh/chart: teleport-plugin-datadog-17.0.0
name: RELEASE-NAME-teleport-plugin-datadog
spec:
replicas: 1
Expand All @@ -22,8 +22,8 @@ should match the snapshot:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-datadog
app.kubernetes.io/version: 17.0.0-rc.3
helm.sh/chart: teleport-plugin-datadog-17.0.0-rc.3
app.kubernetes.io/version: 17.0.0
helm.sh/chart: teleport-plugin-datadog-17.0.0
spec:
containers:
- command:
Expand Down
2 changes: 1 addition & 1 deletion examples/chart/access/discord/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
.version: &version "17.0.0-rc.3"
.version: &version "17.0.0"

apiVersion: v2
name: teleport-plugin-discord
Expand Down
4 changes: 2 additions & 2 deletions examples/chart/access/discord/tests/__snapshot__/configmap_test.yaml.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,6 @@ should match the snapshot:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-discord
app.kubernetes.io/version: 17.0.0-rc.3
helm.sh/chart: teleport-plugin-discord-17.0.0-rc.3
app.kubernetes.io/version: 17.0.0
helm.sh/chart: teleport-plugin-discord-17.0.0
name: RELEASE-NAME-teleport-plugin-discord
8 changes: 4 additions & 4 deletions examples/chart/access/discord/tests/__snapshot__/deployment_test.yaml.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ should match the snapshot:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-discord
app.kubernetes.io/version: 17.0.0-rc.3
helm.sh/chart: teleport-plugin-discord-17.0.0-rc.3
app.kubernetes.io/version: 17.0.0
helm.sh/chart: teleport-plugin-discord-17.0.0
name: RELEASE-NAME-teleport-plugin-discord
spec:
replicas: 1
Expand All @@ -22,8 +22,8 @@ should match the snapshot:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-discord
app.kubernetes.io/version: 17.0.0-rc.3
helm.sh/chart: teleport-plugin-discord-17.0.0-rc.3
app.kubernetes.io/version: 17.0.0
helm.sh/chart: teleport-plugin-discord-17.0.0
spec:
containers:
- command:
Expand Down
2 changes: 1 addition & 1 deletion examples/chart/access/email/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
.version: &version "17.0.0-rc.3"
.version: &version "17.0.0"

apiVersion: v2
name: teleport-plugin-email
Expand Down
24 changes: 12 additions & 12 deletions examples/chart/access/email/tests/__snapshot__/configmap_test.yaml.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,8 @@ should match the snapshot (mailgun on):
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-email
app.kubernetes.io/version: 17.0.0-rc.3
helm.sh/chart: teleport-plugin-email-17.0.0-rc.3
app.kubernetes.io/version: 17.0.0
helm.sh/chart: teleport-plugin-email-17.0.0
name: RELEASE-NAME-teleport-plugin-email
should match the snapshot (smtp on):
1: |
Expand Down Expand Up @@ -59,8 +59,8 @@ should match the snapshot (smtp on):
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-email
app.kubernetes.io/version: 17.0.0-rc.3
helm.sh/chart: teleport-plugin-email-17.0.0-rc.3
app.kubernetes.io/version: 17.0.0
helm.sh/chart: teleport-plugin-email-17.0.0
name: RELEASE-NAME-teleport-plugin-email
should match the snapshot (smtp on, no starttls):
1: |
Expand Down Expand Up @@ -92,8 +92,8 @@ should match the snapshot (smtp on, no starttls):
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-email
app.kubernetes.io/version: 17.0.0-rc.3
helm.sh/chart: teleport-plugin-email-17.0.0-rc.3
app.kubernetes.io/version: 17.0.0
helm.sh/chart: teleport-plugin-email-17.0.0
name: RELEASE-NAME-teleport-plugin-email
should match the snapshot (smtp on, password file):
1: |
Expand Down Expand Up @@ -125,8 +125,8 @@ should match the snapshot (smtp on, password file):
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-email
app.kubernetes.io/version: 17.0.0-rc.3
helm.sh/chart: teleport-plugin-email-17.0.0-rc.3
app.kubernetes.io/version: 17.0.0
helm.sh/chart: teleport-plugin-email-17.0.0
name: RELEASE-NAME-teleport-plugin-email
should match the snapshot (smtp on, roleToRecipients set):
1: |
Expand Down Expand Up @@ -161,8 +161,8 @@ should match the snapshot (smtp on, roleToRecipients set):
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-email
app.kubernetes.io/version: 17.0.0-rc.3
helm.sh/chart: teleport-plugin-email-17.0.0-rc.3
app.kubernetes.io/version: 17.0.0
helm.sh/chart: teleport-plugin-email-17.0.0
name: RELEASE-NAME-teleport-plugin-email
should match the snapshot (smtp on, starttls disabled):
1: |
Expand Down Expand Up @@ -194,6 +194,6 @@ should match the snapshot (smtp on, starttls disabled):
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-email
app.kubernetes.io/version: 17.0.0-rc.3
helm.sh/chart: teleport-plugin-email-17.0.0-rc.3
app.kubernetes.io/version: 17.0.0
helm.sh/chart: teleport-plugin-email-17.0.0
name: RELEASE-NAME-teleport-plugin-email
Loading

0 comments on commit 5ed70a3

Please sign in to comment.