[v15] Client tools autoupdates

api/client/webclient/webclient.go

@@ -296,6 +296,8 @@ type PingResponse struct {
 	ServerVersion string `json:"server_version"`
 	// MinClientVersion is the minimum client version required by the server.
 	MinClientVersion string `json:"min_client_version"`
+	// AutoUpdateSettings contains the auto update settings.
+	AutoUpdate AutoUpdateSettings `json:"auto_update"`
 	// ClusterName contains the name of the Teleport cluster.
 	ClusterName string `json:"cluster_name"`
 
@@ -329,6 +331,14 @@ type ProxySettings struct {
 	AssistEnabled bool `json:"assist_enabled"`
 }
 
+// AutoUpdateSettings contains information about the auto update requirements.
+type AutoUpdateSettings struct {
+	// ToolsVersion defines the version of {tsh, tctl} for client auto update.
+	ToolsVersion string `json:"tools_version"`
+	// ToolsAutoUpdate indicates if the requesting tools client should be updated.
+	ToolsAutoUpdate bool `json:"tools_auto_update"`
+}
+
 // KubeProxySettings is kubernetes proxy settings
 type KubeProxySettings struct {
 	// Enabled is true when kubernetes proxy is enabled

api/proto/teleport/autoupdate/v1/autoupdate.proto

@@ -33,8 +33,15 @@ message AutoUpdateConfig {
 
 // AutoUpdateConfigSpec encodes the parameters of the autoupdate config object.
 message AutoUpdateConfigSpec {
-  // ToolsAutoupdate encodes the feature flag to enable/disable tools autoupdates.
-  bool tools_autoupdate = 1;
+  reserved 1;
+  reserved "tools_autoupdate"; // ToolsAutoupdate is replaced by tools.mode.
+  AutoUpdateConfigSpecTools tools = 2;
+}
+
+// AutoUpdateConfigSpecTools encodes the parameters for client tools auto updates.
+message AutoUpdateConfigSpecTools {
+  // Mode defines state of the client tools auto update.
+  string mode = 1;
 }
 
 // AutoUpdateVersion is a resource singleton with version required for
@@ -50,6 +57,14 @@ message AutoUpdateVersion {
 
 // AutoUpdateVersionSpec encodes the parameters of the autoupdate versions.
 message AutoUpdateVersionSpec {
-  // ToolsVersion is the semantic version required for tools autoupdates.
-  string tools_version = 1;
+  reserved 1;
+  reserved "tools_version"; // ToolsVersion is replaced by tools.target_version.
+  AutoUpdateVersionSpecTools tools = 2;
+}
+
+// AutoUpdateVersionSpecTools encodes the parameters for client tools auto updates.
+message AutoUpdateVersionSpecTools {
+  // TargetVersion specifies the semantic version required for tools to establish a connection with the cluster.
+  // Client tools after connection to the cluster going to be updated to this version automatically.
+  string target_version = 1;
 }

api/proto/teleport/legacy/types/events/events.proto

@@ -6777,6 +6777,13 @@ message AutoUpdateConfigCreate {
     (gogoproto.embed) = true,
     (gogoproto.jsontag) = ""
   ];
+
+  // Status indicates whether the creation was successful.
+  Status Status = 5 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
 }
 
 // AutoUpdateConfigUpdate is emitted when an auto update config is updated.
@@ -6808,6 +6815,13 @@ message AutoUpdateConfigUpdate {
     (gogoproto.embed) = true,
     (gogoproto.jsontag) = ""
   ];
+
+  // ResourceMetadata is a common resource event metadata
+  ResourceMetadata Resource = 5 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
 }
 
 // AutoUpdateConfigDelete is emitted when an auto update config is deleted.
@@ -6839,6 +6853,13 @@ message AutoUpdateConfigDelete {
     (gogoproto.embed) = true,
     (gogoproto.jsontag) = ""
   ];
+
+  // Status indicates whether the deletion was successful.
+  Status Status = 5 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
 }
 
 // AutoUpdateVersionCreate is emitted when an auto update version is created.
@@ -6870,6 +6891,13 @@ message AutoUpdateVersionCreate {
     (gogoproto.embed) = true,
     (gogoproto.jsontag) = ""
   ];
+
+  // Status indicates whether the creation was successful.
+  Status Status = 5 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
 }
 
 // AutoUpdateVersionUpdate is emitted when an auto update version is updated.
@@ -6901,6 +6929,13 @@ message AutoUpdateVersionUpdate {
     (gogoproto.embed) = true,
     (gogoproto.jsontag) = ""
   ];
+
+  // ResourceMetadata is a common resource event metadata
+  ResourceMetadata Resource = 5 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
 }
 
 // AutoUpdateVersionDelete is emitted when an auto update version is deleted.
@@ -6932,6 +6967,13 @@ message AutoUpdateVersionDelete {
     (gogoproto.embed) = true,
     (gogoproto.jsontag) = ""
   ];
+
+  // Status indicates whether the deletion was successful.
+  Status Status = 5 [
+    (gogoproto.nullable) = false,
+    (gogoproto.embed) = true,
+    (gogoproto.jsontag) = ""
+  ];
 }
 
 // CrownJewelCreate is emitted when a Access Graph CrownJewel is created.

api/types/autoupdate/config.go

@@ -26,6 +26,13 @@ import (
 	"github.com/gravitational/teleport/api/types"
 )
 
+const (
+	// ToolsUpdateModeEnabled enables client tools automatic updates.
+	ToolsUpdateModeEnabled = "enabled"
+	// ToolsUpdateModeDisabled disables client tools automatic updates.
+	ToolsUpdateModeDisabled = "disabled"
+)
+
 // NewAutoUpdateConfig creates a new auto update configuration resource.
 func NewAutoUpdateConfig(spec *autoupdate.AutoUpdateConfigSpec) (*autoupdate.AutoUpdateConfig, error) {
 	config := &autoupdate.AutoUpdateConfig{
@@ -58,6 +65,11 @@ func ValidateAutoUpdateConfig(c *autoupdate.AutoUpdateConfig) error {
 	if c.Spec == nil {
 		return trace.BadParameter("Spec is nil")
 	}
+	if c.Spec.Tools != nil {
+		if c.Spec.Tools.Mode != ToolsUpdateModeDisabled && c.Spec.Tools.Mode != ToolsUpdateModeEnabled {
+			return trace.BadParameter("ToolsMode is not valid")
+		}
+	}
 
 	return nil
 }

api/types/autoupdate/config_test.go

@@ -41,7 +41,9 @@ func TestNewAutoUpdateConfig(t *testing.T) {
 		{
 			name: "success tools autoupdate disabled",
 			spec: &autoupdate.AutoUpdateConfigSpec{
-				ToolsAutoupdate: false,
+				Tools: &autoupdate.AutoUpdateConfigSpecTools{
+					Mode: ToolsUpdateModeDisabled,
+				},
 			},
 			assertErr: func(t *testing.T, err error, a ...any) {
 				require.NoError(t, err)
@@ -53,14 +55,18 @@ func TestNewAutoUpdateConfig(t *testing.T) {
 					Name: types.MetaNameAutoUpdateConfig,
 				},
 				Spec: &autoupdate.AutoUpdateConfigSpec{
-					ToolsAutoupdate: false,
+					Tools: &autoupdate.AutoUpdateConfigSpecTools{
+						Mode: ToolsUpdateModeDisabled,
+					},
 				},
 			},
 		},
 		{
 			name: "success tools autoupdate enabled",
 			spec: &autoupdate.AutoUpdateConfigSpec{
-				ToolsAutoupdate: true,
+				Tools: &autoupdate.AutoUpdateConfigSpecTools{
+					Mode: ToolsUpdateModeEnabled,
+				},
 			},
 			assertErr: func(t *testing.T, err error, a ...any) {
 				require.NoError(t, err)
@@ -72,7 +78,9 @@ func TestNewAutoUpdateConfig(t *testing.T) {
 					Name: types.MetaNameAutoUpdateConfig,
 				},
 				Spec: &autoupdate.AutoUpdateConfigSpec{
-					ToolsAutoupdate: true,
+					Tools: &autoupdate.AutoUpdateConfigSpecTools{
+						Mode: ToolsUpdateModeEnabled,
+					},
 				},
 			},
 		},
@@ -83,6 +91,17 @@ func TestNewAutoUpdateConfig(t *testing.T) {
 				require.ErrorContains(t, err, "Spec is nil")
 			},
 		},
+		{
+			name: "invalid tools mode",
+			spec: &autoupdate.AutoUpdateConfigSpec{
+				Tools: &autoupdate.AutoUpdateConfigSpecTools{
+					Mode: "invalid-mode",
+				},
+			},
+			assertErr: func(t *testing.T, err error, a ...any) {
+				require.ErrorContains(t, err, "ToolsMode is not valid")
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

api/types/autoupdate/version.go

@@ -60,11 +60,13 @@ func ValidateAutoUpdateVersion(v *autoupdate.AutoUpdateVersion) error {
 		return trace.BadParameter("Spec is nil")
 	}
 
-	if v.Spec.ToolsVersion == "" {
-		return trace.BadParameter("ToolsVersion is unset")
-	}
-	if _, err := semver.NewVersion(v.Spec.ToolsVersion); err != nil {
-		return trace.BadParameter("ToolsVersion is not a valid semantic version")
+	if v.Spec.Tools != nil {
+		if v.Spec.Tools.TargetVersion == "" {
+			return trace.BadParameter("TargetVersion is unset")
+		}
+		if _, err := semver.NewVersion(v.Spec.Tools.TargetVersion); err != nil {
+			return trace.BadParameter("TargetVersion is not a valid semantic version")
+		}
 	}
 
 	return nil

api/types/autoupdate/version_test.go

@@ -41,7 +41,9 @@ func TestNewAutoUpdateVersion(t *testing.T) {
 		{
 			name: "success tools autoupdate version",
 			spec: &autoupdate.AutoUpdateVersionSpec{
-				ToolsVersion: "1.2.3-dev",
+				Tools: &autoupdate.AutoUpdateVersionSpecTools{
+					TargetVersion: "1.2.3-dev",
+				},
 			},
 			assertErr: func(t *testing.T, err error, a ...any) {
 				require.NoError(t, err)
@@ -53,26 +55,32 @@ func TestNewAutoUpdateVersion(t *testing.T) {
 					Name: types.MetaNameAutoUpdateVersion,
 				},
 				Spec: &autoupdate.AutoUpdateVersionSpec{
-					ToolsVersion: "1.2.3-dev",
+					Tools: &autoupdate.AutoUpdateVersionSpecTools{
+						TargetVersion: "1.2.3-dev",
+					},
 				},
 			},
 		},
 		{
 			name: "invalid empty tools version",
 			spec: &autoupdate.AutoUpdateVersionSpec{
-				ToolsVersion: "",
+				Tools: &autoupdate.AutoUpdateVersionSpecTools{
+					TargetVersion: "",
+				},
 			},
 			assertErr: func(t *testing.T, err error, a ...any) {
-				require.ErrorContains(t, err, "ToolsVersion is unset")
+				require.ErrorContains(t, err, "TargetVersion is unset")
 			},
 		},
 		{
 			name: "invalid semantic tools version",
 			spec: &autoupdate.AutoUpdateVersionSpec{
-				ToolsVersion: "17-0-0",
+				Tools: &autoupdate.AutoUpdateVersionSpecTools{
+					TargetVersion: "17-0-0",
+				},
 			},
 			assertErr: func(t *testing.T, err error, a ...any) {
-				require.ErrorContains(t, err, "ToolsVersion is not a valid semantic version")
+				require.ErrorContains(t, err, "TargetVersion is not a valid semantic version")
 			},
 		},
 		{

api/types/events/events.go

@@ -2255,3 +2255,27 @@ func (m *CrownJewelUpdate) TrimToMaxSize(_ int) AuditEvent {
 func (m *CrownJewelDelete) TrimToMaxSize(_ int) AuditEvent {
 	return m
 }
+
+func (m *AutoUpdateConfigCreate) TrimToMaxSize(_ int) AuditEvent {
+	return m
+}
+
+func (m *AutoUpdateConfigUpdate) TrimToMaxSize(_ int) AuditEvent {
+	return m
+}
+
+func (m *AutoUpdateConfigDelete) TrimToMaxSize(_ int) AuditEvent {
+	return m
+}
+
+func (m *AutoUpdateVersionCreate) TrimToMaxSize(_ int) AuditEvent {
+	return m
+}
+
+func (m *AutoUpdateVersionUpdate) TrimToMaxSize(_ int) AuditEvent {
+	return m
+}
+
+func (m *AutoUpdateVersionDelete) TrimToMaxSize(_ int) AuditEvent {
+	return m
+}