Refresh the JIRA Cloud access requests guide - Githubissues

gravitational / teleport

The easiest, and most secure way to access and protect all of your infrastructure.

https://goteleport.com

GNU Affero General Public License v3.0

16.98k stars 1.71k forks source link

Refresh the JIRA Cloud access requests guide #14580

Closed ptgott closed 6 months ago

ptgott commented 1 year ago

Details

See #14236

Category

Improve Existing

ptgott commented 1 year ago

Status update:

This project is blocked while I figure out how to include instructions for providing TLS credentials to the teleport-jira-plugin Helm chart.

It's straightforward to fetch TLS credentials for the plugin when deploying it on a host, since you can run Caddy to answer the ACME-HTTP01 challenge via its own internal webserver (I've included these instructions in my branch).

However, for our teleport-jira-plugin Helm chart, it looks like you need to install the chart in order to deploy a Kubernetes Service, then use the address of the load balancer created by the Service to request TLS credentials. In other words, the sequence is the reversal of the steps when running Teleport on a VM: you need to run the plugin first, then create DNS records. I'll need to figure out another way to structure the guide.

ptgott commented 1 year ago

Here's my plan for moving this forward.

I'll add these instructions for Kubernetes deployments:

Install cert-manager
Install the NGINX ingress controller
Create a cert-manager Issuer (in my case, I am configuring cert-manager to use the ACME HTTP01 1. challenge using the NGINX ingress controller)
Install the teleport-jira-plugin chart
Create a cert-manager Certificate for the domain name you want to assign to the webhook
Create a DNS record for the webhook's domain name

This is a different order than the one for VMs, so I am going to look into using a long Tabs component to separate the Kubernetes and VM instructions. To reduce the length of the Tabs component, I'll combine the "Set up HTTPS" step with the installation step.

ptgott commented 1 year ago

As pointed out in #17528, the current Jira guide is out of date. Let's make sure that we document all of the ways that the Jira Access Request plugin manages Jira project boards.

ptgott commented 1 year ago

This is in progress in my branch, paul.gottschling/14580-jira-plugin, but this hasn't been a high-enough priority to work on. I'll start working on this again when time opens up.

ptgott commented 1 year ago

Let's also address issue #8086 (below the line), which I am merging with this issue

https://github.com/gravitational/teleport-plugins/pull/240 has added a new /status endpoint to the Jira plugin.

https://github.com/gravitational/teleport-plugins/pull/238 has added a new type parameter to the configuration to allow for setting the Jira type to a custom value other than task.

Both of these updates should be incorporated into the Jira plugin documentation for users to be able to easily know about and utilize these new features https://goteleport.com/docs/enterprise/workflow/ssh-approval-jira-cloud/ https://goteleport.com/docs/enterprise/workflow/ssh-approval-jira-server/