From fa0767e926143219324be47dd09f36c0f936c432 Mon Sep 17 00:00:00 2001 From: Forrest Marshall Date: Wed, 12 Feb 2020 10:56:08 -0800 Subject: [PATCH] fix tsh identity output & trusted CA init on login --- lib/client/api.go | 1 + tool/tsh/tsh.go | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/client/api.go b/lib/client/api.go index 42fb5d19e92c2..7645f8f7ce8f2 100644 --- a/lib/client/api.go +++ b/lib/client/api.go @@ -1708,6 +1708,7 @@ func (tc *TeleportClient) Login(ctx context.Context, activateKey bool) (*Key, er key.Cert = response.Cert key.TLSCert = response.TLSCert key.ProxyHost = webProxyHost + key.TrustedCA = response.HostSigners // Check that a host certificate for at least one cluster was returned and // extract the name of the current cluster from the first host certificate. diff --git a/tool/tsh/tsh.go b/tool/tsh/tsh.go index b9cd5348ecad2..944e365e8264a 100644 --- a/tool/tsh/tsh.go +++ b/tool/tsh/tsh.go @@ -419,7 +419,7 @@ func onLogin(cf *CLIConf) { if profile != nil && !profile.IsExpired(clockwork.NewRealClock()) { switch { // in case if nothing is specified, print current status - case cf.Proxy == "" && cf.SiteName == "" && cf.DesiredRoles == "": + case cf.Proxy == "" && cf.SiteName == "" && cf.DesiredRoles == "" && cf.IdentityFileOut == "": printProfiles(cf.Debug, profile, profiles) return // in case if parameters match, print current status @@ -447,7 +447,7 @@ func onLogin(cf *CLIConf) { // proxy is unspecified or the same as the currently provided proxy, // but desired roles are specified, treat this as a privilege escalation // request for the same login session. - case (cf.Proxy == "" || host(cf.Proxy) == host(profile.ProxyURL.Host)) && cf.DesiredRoles != "": + case (cf.Proxy == "" || host(cf.Proxy) == host(profile.ProxyURL.Host)) && cf.DesiredRoles != "" && cf.IdentityFileOut == "": executeAccessRequest(cf) return // otherwise just passthrough to standard login