Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sasha/forward ports #2491

Merged
merged 2 commits into from
Jan 17, 2019
Merged

Sasha/forward ports #2491

merged 2 commits into from
Jan 17, 2019

Conversation

klizhentas
Copy link
Contributor

No description provided.

@klizhentas
Fetch groups for GSuite SSO. (#2456)
641d5b8 
Fixes #2455

This commit adds support for fetching
groups for GSuite SSO logins via
OIDC connector interface.

If OIDC connector has a special scope:

`https://www.googleapis.com/auth/admin.directory.group.readonly`

teleport will fetch user's group membership and populate
groups claim.
@klizhentas
Pass kubernetes groups to the remote cluster. (#2484)
49c573f 
This commit allows remote cluster to reference
the kubernetes groups coming from the roles
of the main cluster in the trusted clusters
configuration.

For example, main cluster can have a user
with a role 'main' and kubernetes groups:

kube_groups: ['system:masters']

and SSH logins:

logins: ['root']

Remote cluster can choose to map
this 'main' cluster to it's own:
'remote-admin' cluster in the trusted cluster config:

role_map:
  - remote: 'main'
    local: 'remote-admin'

The role 'remote-admin' of the remote cluster
can now be templated to use the main cluster role main
logins and kubernetes_groups using variables:

logins: ['{{internal.logins}}']
kubernetes_groups: ['{{internal.kubernetes_groups}}']

This is possible because teleport now encodes
both values in X509 certificate metadata
and remote cluster passes these values as 'internal' traits
to the template engine.
@klizhentas klizhentas requested a review from russjones January 17, 2019 02:46
@klizhentas klizhentas merged commit fc0566a into master Jan 17, 2019
@klizhentas klizhentas deleted the sasha/forward-ports branch January 17, 2019 02:56
@russjones russjones mentioned this pull request Dec 24, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@russjones russjones Awaiting requested review from russjones

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@klizhentas