Open
Description
openedon May 24, 2023
Expected behavior: tsh logout --proxy=teleport.example.com --user=gus should remove one specific entry completely from tsh status (this is how things worked in the past - I think the last time I tested this was probably back in Teleport 11)
Current behavior: tsh logout with --proxy and --user parameters breaks tsh status output.
gus@apollo:~ % tsh status
> Profile URL: <proxy-redacted>
Logged in as: <user-redacted>
Cluster: <cluster-redacted>
Roles: <roles-redacted>
Logins: ubuntu, ec2-user, root
Kubernetes: enabled
Kubernetes groups: developer, system:masters
Valid until: 2023-05-25 00:32:27 -0300 ADT [valid for 7h56m0s]
Extensions: login-ip, permit-agent-forwarding, permit-port-forwarding, permit-pty, private-key-policy
Profile URL: https://example.teleportdemo.com:443
Logged in as: gus
Cluster: example.teleportdemo.com
Roles: access, auditor, aws, editor
Logins: user, root
Kubernetes: enabled
Kubernetes cluster: "example-kube-cluster"
Kubernetes groups: system:masters
Valid until: 2023-05-20 01:02:15 -0300 ADT [EXPIRED]
Extensions: login-ip, permit-agent-forwarding, permit-port-forwarding, permit-pty, private-key-policy
gus@apollo:~ % tsh logout --proxy=example.teleportdemo.com --user=gus
Logged out gus from example.teleportdemo.com.
gus@apollo:~ % tsh status
> Profile URL: <proxy-redacted>
Logged in as: <user-redacted>
Cluster: <cluster-redacted>
Roles: <roles-redacted>
Logins: ubuntu, ec2-user, root
Kubernetes: enabled
Kubernetes groups: developer, system:masters
Valid until: 2023-05-25 00:32:27 -0300 ADT [valid for 7h56m0s]
Extensions: login-ip, permit-agent-forwarding, permit-port-forwarding, permit-pty, private-key-policy
Profile URL: https://example.teleportdemo.com:443
Logged in as: gus
Cluster: example.teleportdemo.com
Roles:
Kubernetes: enabled
Kubernetes cluster: "example-kube-cluster"
Valid until: 2023-05-24 16:36:00.982337 -0300 ADT m=+0.122746876 [EXPIRED]
Extensions:
Other notes:
- The "Valid until" timestamp on the incorrect
example.teleportdemo.comentry matches the current time and changes every time you run the command. - This bug is present whether the credentials have already expired or are current.
- Tested with
tsh 11.2.0,tsh 11.3.0,tsh 11.3.8,tsh 11.3.11,tsh 12.3.3,tsh 13.0.2- same result. - This seems to be because some of the individual directory's files are still present after the
tsh logoutcommand runs:
gus@apollo:~ % tree ~/.tsh
/Users/gus/.tsh
├── config
│ └── config.yaml
├── current-profile
├── <proxy-redacted>.yaml
├── example.teleportdemo.com.yaml
├── keys
│ ├── <proxy-redacted>
│ │ ├── cas
│ │ │ ├── <cluster-redacted>.pem
│ │ │ └── <leaf-redacted>.pem
│ │ ├── certs.pem
│ │ ├── <user-redacted>
│ │ ├── <user-redacted>-ssh
│ │ │ └── <cluster-redacted>-cert.pub
│ │ ├── gus@goteleport.com-x509.pem
│ │ └── gus@goteleport.com.pub
│ ├── example.teleportdemo.com
│ │ ├── cas
│ │ │ └── example.teleportdemo.com.pem
│ │ └── certs.pem
│ └── <homelab-proxy-redacted>
│ ├── cas
│ │ └── <homelab-cluster-redacted>.pem
│ └── certs.pem
├── known_hosts
└── <homelab-cluster-redacted>.yaml
Bug details:
- Teleport version:
tsh 11.2.0,tsh 11.3.0,tsh 11.3.8,tsh 11.3.11,tsh 12.3.3,tsh 13.0.2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
