Skip to content

[v16] Move auth preference module validation to RPC layer #54763

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 15, 2025
Merged

[v16] Move auth preference module validation to RPC layer #54763

merged 1 commit into from
May 15, 2025

Conversation

rosstimothy
Copy link
Contributor

Backport #54687 to branch/v16

changelog: Prevent restrictive validation of cluster auth preferences from causing non-auth instances to become healthy.

@rosstimothy rosstimothy force-pushed the tross/backport-54687/v16 branch from 56d2e09 to 30d982b Compare May 13, 2025 16:38
@rosstimothy rosstimothy changed the title [v16] Move auth preference module validation to RPC layer (#54687) [v16] Move auth preference module validation to RPC layer May 13, 2025
@rosstimothy rosstimothy force-pushed the tross/backport-54687/v16 branch 4 times, most recently from 5f55f27 to f4f8a6e Compare May 13, 2025 17:54
@rosstimothy
Move auth preference module validation to RPC layer (#54687)
9cdd8bf 
The module validation rejects auth preferences that have second
factor disabled without the environment variable override. Doing
this in the storage layer means that in order to disable second
factor the environment variable needs to be set on _all_ teleport
processes not just Auth. This can result in caches of downstream
agents from becoming healthy until the manual override is applied.
The intent is to prevent modifying an the auth preference to disable
second factor, which when moved to the RPC layer, has the same
affect without the possibility of caches performing extra validation.
@rosstimothy rosstimothy force-pushed the tross/backport-54687/v16 branch from f4f8a6e to 9cdd8bf Compare May 13, 2025 18:53
@rosstimothy rosstimothy marked this pull request as ready for review May 13, 2025 20:09
@github-actions github-actions bot requested review from espadolini and hugoShaka May 13, 2025 20:10
@rosstimothy rosstimothy added this pull request to the merge queue May 15, 2025
Merged via the queue into branch/v16 with commit a3565ba May 15, 2025
41 checks passed
@rosstimothy rosstimothy deleted the tross/backport-54687/v16 branch May 15, 2025 12:16
@doggydogworld doggydogworld mentioned this pull request May 15, 2025
Merged
@bayandin bayandin mentioned this pull request May 17, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@espadolini espadolini espadolini approved these changes

@hugoShaka hugoShaka hugoShaka approved these changes

Assignees
No one assigned
Labels
backport size/md
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rosstimothy @espadolini @hugoShaka