Latest

Author: ryanclark

.dockerignore

@@ -1,2 +1,3 @@
 .git
-node_modules
+node_modules
+data

.idea/development.iml

@@ -5,13 +5,13 @@ export COMPOSE_FILE = docker-compose.solo.yml
 endif
 
 ifeq ($(wildcard .e),)
-export VITE_CONFIG_DIRECTORY = /app/web/packages/teleport
+export VITE_CONFIG_DIRECTORY = /app/teleport/web/packages/teleport
 export TOOL_FOLDER = tool
 export LICENSE_FILE = ../teleport/empty.pem
 else
-export VITE_CONFIG_DIRECTORY = /app/e/web/teleport
+export VITE_CONFIG_DIRECTORY = /app/web
 export TOOL_FOLDER = e/tool
-export LICENSE_FILE = ../../teleport/e/fixtures/license-all-features.pem
+export LICENSE_FILE = ../../teleport/e/fixtures/license-enterprise.pem
 endif
 
 ## -- 🛟  Lifecycle --
@@ -99,6 +99,11 @@ teleport-logs:
 teleport-shell:
 	docker compose exec -it go.teleport /bin/bash
 
+
+.PHONY: delete-db-volume
+delete-db-volume:
+	docker compose down db -v
+
 ## -- 🔧 Misc --
 
 .PHONY: help

.idea/material_theme_project_new.xml

@@ -3,15 +3,17 @@
 This helps you run a local Teleport environment locally at https://go.teleport, with trusted local certificates (no
 `--insecure` anywhere).
 
-It sets up a single Teleport service that runs the Auth and Proxy services, as well as a container to run Vite so you
+It sets up a single Teleport service that runs the Auth and Proxy services, as well as a container to run Webpack so you
 can build both Teleport and the Web code at the same time. It also runs Application Access with the debug dumper app.
 
 File changes for the Teleport repo are sync'd and then [air](https://github.com/cosmtrek/air) watches for any changes to
 your local Teleport repo, and will rebuild and relaunch Teleport when you change a `.go` or `.yaml` file.
 
-This uses caching for both Go and Vite, so although the first initial run will take a few minutes, subsequent runs
+This uses caching for both Go and Webpack, so although the first initial run will take a few minutes, subsequent runs
 of `make start` will build both Teleport and the frontend and have them up and running in <5s.
 
+This should work on v13+ of Teleport. If you're running v12 or below, checkout the `old` branch and re-run `make build`.
+
 ![make help](images/help.png)
 
 ![Teleport](images/teleport.png)

Makefile

@@ -0,0 +1,25 @@
+root = "."
+tmp_dir = "tmp"
+
+[build]
+bin = "tmp/tag"
+include_ext = ["go", "yaml"]
+exclude_dir = ["web", "e2e", "teleport"]
+exclude_unchanged = true
+follow_symlink = true
+stop_on_error = true
+send_interrupt = true
+kill_delay = 1000
+args_bin = ["start"]
+
+[log]
+time = false
+
+[color]
+main = "magenta"
+watcher = "cyan"
+build = "yellow"
+runner = "green"
+
+[misc]
+clean_on_exit = true

README.md

@@ -0,0 +1,20 @@
+# First stage: Build the Go application
+FROM golang:1.24 AS builder
+
+# Set the Current Working Directory inside the container
+WORKDIR /app
+
+ENV GOPATH "/go"
+ENV GOROOT "/usr/local/go"
+ENV GOOS "linux"
+ENV CGO_ENABLED 1
+ENV GOARCH "amd64"
+
+COPY development/certs/server.key /var/lib/teleport-certs/server.key
+COPY development/certs/server.crt /var/lib/teleport-certs/server.crt
+
+RUN cp /var/lib/teleport-certs/server.crt /usr/local/share/ca-certificates/teleport.crt && update-ca-certificates
+
+RUN go install github.com/air-verse/air@latest
+
+ENTRYPOINT ["/go/bin/air"]

accessgraph/.air.toml

@@ -0,0 +1,16 @@
+backend:
+  postgres:
+    connection: postgres://postgres:localpass@db:5432/postgres?sslmode=disable
+tls:
+  cert: keys/server.crt
+  key: keys/server_docker.key
+
+tracing:
+  enabled: false
+
+log:
+  level: DEBUG
+
+registration_cas:
+  - keys/teleport_host_ca.pem
+  - keys/ca.crt

accessgraph/Dockerfile

@@ -2,26 +2,26 @@ services:
   frontend:
     container_name: frontend
     build:
-      dockerfile: ../development/frontend/Dockerfile
-      context: ../../teleport
-    working_dir: ${VITE_CONFIG_DIRECTORY}
-    command: pnpm start
+      dockerfile: development/frontend/Dockerfile
+      context: ../../
+      target: node-dependencies
+    working_dir: /app/web
+    command: yarn start
     networks:
       - teleport
     ports:
       - 443:3000
     volumes:
-      - ../../teleport/web/:/app/web/
-      - ../../teleport/gen/proto/ts/:/app/gen/proto/ts/
-      - ../../teleport/e/web/:/app/e/web/
-      - ../../teleport/lib/srv/desktop/rdp/rdpclient/:/app/lib/srv/desktop/rdp/rdpclient
+      - ../../access-graph/web:/app/web
+      - ../../access-graph/teleport:/app/teleport
       - ../certs:/app/certs:ro
-      - /usr/local/cargo
+      - ../data/cache/frontend:/webpack/cache:rw,delegated
     environment:
       NODE_OPTIONS: --max-old-space-size=8192
       PROXY_TARGET: go.teleport:443
       VITE_HTTPS_CERT: /app/certs/server.crt
       VITE_HTTPS_KEY: /app/certs/server.key
+      POLY_API_KEY: HvMA3rfToChIPdffmVTJin92c8YpHRQ3
 
   node:
     build:
@@ -30,8 +30,6 @@ services:
       target: static
       args:
         TOOL_FOLDER: ${TOOL_FOLDER}
-    volumes:
-      - /var/lib/teleport
     networks:
       - teleport
 
@@ -68,6 +66,50 @@ services:
       - ../build/.air.toml:/app/.air.toml
       - ../teleport/teleport.yaml:/etc/teleport.yaml
       - ${LICENSE_FILE}:/etc/license.pem
+      - ../../access-graph/keys/ca.crt:/etc/access-graph/keys/ca.crt
+    environment:
+      TELEPORT_UNSTABLE_VC_SYNC_ON_START: yes
+      TELEPORT_ALLOW_NO_SECOND_FACTOR: yes
+      TELEPORT_UNSTABLE_SKIP_VERSION_UPGRADE_CHECK: yes
+    deploy:
+      resources:
+        limits:
+          memory: 48G
+
+  access-graph:
+    build:
+      context: ../..
+      dockerfile: development/accessgraph/Dockerfile
+    command:
+      - --build.cmd
+      - "go build -o tmp/tag ./cmd/tag/main.go"
+    ports:
+      - 50051:50051
+    volumes:
+      - ../accessgraph/config.yaml:/app/config.yaml
+      - ../../access-graph:/app
+      - ../accessgraph/.air.toml:/app/.air.toml
+      - /go/pkg/mod
+      - /root/.cache/go-build
+    networks:
+      - teleport
+
+  db:
+    build:
+      context: ../..
+      dockerfile: development/postgres/Dockerfile
+    restart: always
+    shm_size: 256m
+    ports:
+      - 5434:5432
+    volumes:
+      - /var/lib/postgresql/data
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: localpass
+      POSTGRES_DB: postgres
+    networks:
+      - teleport
 
 networks:
   teleport:

accessgraph/config.yaml

@@ -1,4 +1,4 @@
-FROM golang:1.23 AS base
+FROM golang:1.24 AS base
 
 WORKDIR /app
 
@@ -23,6 +23,10 @@ ARG TOOL_FOLDER
 
 FROM base AS tctl
 
+#RUN dpkg --add-architecture amd64 \
+#    && apt-get update \
+#    && apt-get install -y --no-install-recommends gcc-x86-64-linux-gnu libc6-dev-amd64-cross
+
 ENV GOPATH "/go"
 ENV GOROOT "/usr/local/go"
 ENV GOOS "linux"
@@ -44,7 +48,7 @@ RUN --mount=type=cache,target=/go/pkg/mod \
     --mount=type=cache,target=/root/.cache/go-build \
     go build -o /bin/tctl -ldflags '-w -s' ./tool/tctl
 
-FROM golang:1.23 AS live-reload
+FROM golang:1.24 AS live-reload
 
 COPY development/certs/server.key /var/lib/teleport-certs/server.key
 COPY development/certs/server.crt /var/lib/teleport-certs/server.crt
@@ -53,6 +57,12 @@ RUN cp /var/lib/teleport-certs/server.crt /usr/local/share/ca-certificates/telep
 
 RUN go install github.com/air-verse/air@latest
 
+COPY access-graph/keys/server.crt /var/lib/teleport-certs/access-graph.crt
+COPY access-graph/keys/ca.crt /var/lib/teleport-certs/access-graph-ca.crt
+
+RUN cp /var/lib/teleport-certs/access-graph.crt /usr/local/share/ca-certificates/access-graph.crt && update-ca-certificates
+RUN cp /var/lib/teleport-certs/access-graph-ca.crt /usr/local/share/ca-certificates/access-graph-ca.crt && update-ca-certificates
+
 COPY --from=tctl /bin/tctl /bin/tctl
 
 ENV DEBUG "1"