Skip to content

Update AwsAuthManager to support multi-team #65371#65393

Open
haseebmalik18 wants to merge 1 commit intoapache:mainfrom
haseebmalik18:aws-auth-manager-multi-team
Open

Update AwsAuthManager to support multi-team #65371#65393
haseebmalik18 wants to merge 1 commit intoapache:mainfrom
haseebmalik18:aws-auth-manager-multi-team

Conversation

@haseebmalik18
Copy link
Copy Markdown
Contributor

@haseebmalik18 haseebmalik18 commented Apr 16, 2026

AwsAuthManager currently ignores team_name entirely and is_authorized_team raises NotImplementedError, which blocks multi-team for AWS deployments.

Following the KeycloakAuthManager as reference, this PR:

  • Extracts team_name from resource details in is_authorized_* methods
  • Implements is_authorized_team with a new TEAM AVP entity
  • Passes team_name through filter_authorized_* methods to the AVP facade
  • Enhances AVP context with team_name for Cedar policy evaluation
  • Updates the Cedar schema with Team entity type and team_name context on team-scoped actions

closes: #65371

@boring-cyborg boring-cyborg bot added area:providers provider:amazon AWS/Amazon - related issues labels Apr 16, 2026
@haseebmalik18 haseebmalik18 reopened this Apr 16, 2026
@haseebmalik18 haseebmalik18 force-pushed the aws-auth-manager-multi-team branch from d74586a to c93ed5d Compare April 17, 2026 00:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@o-nikolas o-nikolas Awaiting requested review from o-nikolas o-nikolas is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

area:providers provider:amazon AWS/Amazon - related issues

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Update AwsAuthManager to support multi-team

1 participant

@haseebmalik18