Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

event-handler: allow DNS alternative names that don't resolve #53006

Merged
merged 1 commit into from
Mar 12, 2025
Merged

event-handler: allow DNS alternative names that don't resolve #53006

merged 1 commit into from
Mar 12, 2025
+29 −75

Conversation

zmb3
Copy link
Collaborator

@zmb3 zmb3 commented Mar 12, 2025
edited
Loading

Remove the requirement that the DNS name resolves in order for it to be included in the configured certificates. This also changes the API so that IP SANs and DNS names are no longer mutually exclusive.

Closes #52981

changelog: The event handler can now generate certificates for DNS names that are not resolvable.

@zmb3 zmb3 requested review from hugoShaka and rosstimothy March 12, 2025 13:49
@github-actions github-actions bot requested review from bernardjkim and tigrato March 12, 2025 13:50
hugoShaka
hugoShaka approved these changes Mar 12, 2025
View reviewed changes
Copy link
Contributor

@hugoShaka hugoShaka left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, the PR is missing a changelog entry.

Have you tested the cert generation command with the change?

@zmb3
Copy link
Collaborator Author

zmb3 commented Mar 12, 2025

Have you tested the cert generation command with the change?

Yes.

$ ./event-handler configure test --dns-names=localhost,example.com,zacb.doesnotexist.com --ip=127.0.0.1

Teleport event handler Not specified, use --ldflags "-X main.Version "1.0.0""

[1] Generated mTLS Fluentd certificates test/ca.crt, test/ca.key, test/server.crt, test/server.key, test/client.crt, test/client.key
[2] Generated sample teleport-event-handler role and user file test/teleport-event-handler-role.yaml
[3] Generated sample fluentd configuration file test/fluent.conf
[4] Generated plugin configuration file test/teleport-event-handler.toml

Follow-along with our getting started guide:

https://goteleport.com/docs/management/export-audit-events/fluentd/

$ cat test/server.crt | openssl x509 -text -noout | grep DNS
                DNS:localhost, DNS:example.com, DNS:zacb.doesnotexist.com, IP Address:127.0.0.1

@zmb3
event-handler: allow DNS alternative names that don't resolve
3b3fc14 
Remove the requirement that the DNS name resolves in order for it
to be included in the configured certificates. This also changes
the API so that IP SANs and DNS names are no longer mutually exclusive.

Closes #52981
@zmb3 zmb3 force-pushed the zmb3/event-handler-certs branch from 0c43ba5 to 3b3fc14 Compare March 12, 2025 15:00
@zmb3 zmb3 added this pull request to the merge queue Mar 12, 2025
Merged via the queue into master with commit 061cbb9 Mar 12, 2025
46 of 47 checks passed
@zmb3 zmb3 deleted the zmb3/event-handler-certs branch March 12, 2025 17:51
@public-teleport-github-review-bot
Copy link

@zmb3 See the table below for backport results.

Branch Result
branch/v15 Failed
branch/v16 Failed
branch/v17 Create PR

zmb3 added a commit that referenced this pull request Mar 12, 2025
@zmb3
Update event handler docs
1c1e2d2 
Documents #53006
@zmb3 zmb3 mentioned this pull request Mar 12, 2025
Merged
github-merge-queue bot pushed a commit that referenced this pull request Mar 13, 2025
@zmb3
Update event handler docs (#53021)
87c1fb3 
Documents #53006
@zmb3 zmb3 mentioned this pull request Mar 13, 2025
Open
zmb3 added a commit that referenced this pull request Mar 13, 2025
@zmb3
Update event handler docs (#53021)
4d65750 
Documents #53006
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hugoShaka hugoShaka hugoShaka approved these changes

@rosstimothy rosstimothy rosstimothy approved these changes

Assignees
No one assigned
Labels
backport/branch/v15 backport/branch/v16 backport/branch/v17 size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

teleport-event-handler --dns-name improvements
3 participants
@zmb3 @hugoShaka @rosstimothy