Maintain history of role changes and support rollback to prior versions

gravitational / teleport

The easiest, and most secure way to access and protect all of your infrastructure.

https://goteleport.com

GNU Affero General Public License v3.0

17.39k stars 1.74k forks source link

Maintain history of role changes and support rollback to prior versions #41525

Open pschisa opened 4 months ago

pschisa commented 4 months ago

What would you like Teleport to do?

Store prior versions of Teleport roles after edits/changes are made.

What problem does this solve?

Audit of changes made to a role and allows for easy rollback if mistakes are made within a role.

If a workaround exists, please include it.

Use a tctl get roles yaml file, terraform provider, or helm operator to manage the role resource to ensure no drift and allow rollback.

mrdoornbos commented 4 months ago

zmb3 commented 4 months ago

@pschisa could you clarify what you're looking for here? I'm not sure what Add stored versioning of Teleport roles after edits/changes are made means.

pschisa commented 4 months ago

@zmb3 The intention is to maintain a user revision history of the role so that previous saved states of the role can be reviewed and rolled back to as needed.

zmb3 commented 4 months ago

Thanks, I've updated the title to make this more clear.

In full transparency, this would be a pretty big change and given that you can accomplish this today with IaC workflows involving the Terraform Provider or Kube Operator it's not likely to be picked up soon.