Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds option to use ambient creds to IC integration config #51013

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Adds option to use ambient creds to IC integration config #51013

wants to merge 3 commits into from
+547 −442

Conversation

tcsc
Copy link
Contributor

@tcsc tcsc commented Jan 14, 2025

Adds the option for the AWS Identity Center to draw its AWS client
config (including credentials and roles to assume) from the Teleport
processes' environment.

This change only includes the modifications to the protobuf plugin
settings. Actual functional changes are to follow.

@tcsc
Adds option to use ambient creds to IC integration config
85467d7 
Adds the option for the AWS Identity Center to draw its AWS client
config (including credentials and roles to assume) from the Teleport
processes' environment.

This change only includes the modifications to the protobuf plugin
settings. Actual functional changes are to follow.
@tcsc tcsc added no-changelog Indicates that a PR does not require a changelog entry backport/branch/v17 aws-iam-identity-center labels Jan 14, 2025
@github-actions github-actions bot requested review from avatus and rudream January 14, 2025 08:21
smallinsky
smallinsky reviewed Jan 14, 2025
View reviewed changes
api/proto/teleport/legacy/types/types.proto Outdated
Comment on lines 6816 to 6818
// UseAmbientAwsCreds indicates that the integration should use the ambient
// AWS credentials rather than
bool use_ambient_aws_creds = 7;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we use an existing method to distinguish credentials?

Can we consider reusing the approach introduced in the Entra ID integration, as defined in the following file:
Link to code

In this integration, credentials are distinguished by SOURCE_OIDC and SOURCE_SYSTEM_CREDENTIALS.

WDYT ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, makes sense the number of times we've had to shift from a boolean to an enum when other options turn up.

flyinghermit
flyinghermit approved these changes Jan 14, 2025
View reviewed changes
Copy link
Contributor

@flyinghermit flyinghermit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good once https://github.com/gravitational/teleport/pull/51013/files#r1914712365 is addressed.

@tcsc tcsc enabled auto-merge January 15, 2025 09:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smallinsky smallinsky smallinsky approved these changes

@flyinghermit flyinghermit flyinghermit approved these changes

Assignees
No one assigned
Labels
aws-iam-identity-center backport/branch/v17 no-changelog Indicates that a PR does not require a changelog entry size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tcsc @flyinghermit @smallinsky