역할 접근 요청

Just-in-time 접근 요청을 사용하여 상승된 권한을 가진 새 역할을 요청하는 방법

Teleport의 Just-in-time 접근 요청을 사용하면 사용자가 권한을 높이기 위해 추가 역할에 대한 접근을 요청할 수 있습니다. 요청은 ChatOps를 통해 또는 유연한 Authorization Workflow API를 통해 어디서든 에스컬레이션할 수 있습니다. 전제 조건 # A running Teleport Enterprise cluster. If you want to get started with Teleport, sign up for a free trial or set up a demo environment . The tctl and tsh clients. Installing `tctl` and `tsh` clients Determine the version of your Teleport cluster. The tctl and tsh clients must be at most one major version behind your Teleport cluster version. Send a GET request to the Proxy Service at /v1/webapi/find and use a JSON query tool to obtain your cluster version. Replace with the web address of your Teleport Proxy Service: $ TELEPORT_DOMAIN= $ TELEPORT_VERSION="$(curl -s https://$TELEPORT_DOMAIN/v1/webapi/find | jq -r '.server_version')" Follow the instructions for your platform to install tctl and tsh clients: To check that you can connect to your Teleport cluster, sign in with tsh login , then verify that you can run tctl commands using your current credentials. For example, run the following command, assigning to the domain name of the Teleport Proxy Service in your cluster and to your Teleport username: $ tsh login --proxy= --user= $ tctl status # Cluster (=teleport.url=) # Version (=teleport.version=) # CA pin (=presets.ca_pin=) If you can connect to the cluster and run the tctl status command, you can use your current credentials to run subsequent tctl commands from your workstation. If you host your own Teleport cluste