Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Script to configure IAM for the DeployService #28436

Merged
merged 3 commits into from
Jul 4, 2023
Merged

Script to configure IAM for the DeployService #28436

merged 3 commits into from
Jul 4, 2023

Conversation

marcoandredinis
Copy link
Contributor

@marcoandredinis marcoandredinis commented Jun 28, 2023
edited

Demo:

$ bash -c "$(curl 'https://marcodinis.teleportdemo.net/webapi/scripts/integrations/configure/deployservice-iam.sh?integrationName=teleportdev&awsRegion=eu-west-1&taskRole=MarcoNewTaskRole&role=MarcoCloudStageAWSOIDC')"
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1523  100  1523    0     0   6247      0 --:--:-- --:--:-- --:--:--  6267
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  126M  100  126M    0     0  5449k      0  0:00:23  0:00:23 --:--:-- 5577k
> ./bin/teleport integration configure deployservice-iam --cluster="lenix" --name="teleportdev" --aws-region="eu-west-1" --role="MarcoCloudStageAWSOIDC" --task-role="MarcoNewTaskRole"
...


marcodinis@MarcoM1 ~/s/teleport (master) > bash -c "$(curl 'https://marcodinis.teleportdemo.net/webapi/scripts/integrations/configure/deployservice-iam.sh?integrationName=teleportdev&awsRegion=eu-west-1&taskRole=MarcoNewTaskRole&role=MarcoCloudStageAWSOIDC')"
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1523  100  1523    0     0   4090      0 --:--:-- --:--:-- --:--:--  4127
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  253M  100  253M    0     0   727k      0  0:05:57  0:05:57 --:--:--  748k
> ./bin/teleport integration configure deployservice-iam --cluster="lenix" --name="teleportdev" --aws-region="eu-west-1" --role="MarcoCloudStageAWSOIDC" --task-role="MarcoNewTaskRole"
2023/07/03 17:58:23 TaskRole: Boundary Policy "MarcoNewTaskRoleBoundary" created.
2023/07/03 17:58:23 TaskRole: Role "MarcoNewTaskRole" created with Boundary "arn:aws:iam::278576220453:policy/MarcoNewTaskRoleBoundary".
2023/07/03 17:58:23 TaskRole: IAM Policy "MarcoNewTaskRole" added to Role "MarcoNewTaskRole".
2023/07/03 17:58:24 IntegrationRole: IAM Policy "DeployService" added to Role "MarcoCloudStageAWSOIDC"

Requires #28088

@marcoandredinis marcoandredinis force-pushed the marco/oneoff_configure_deployservice_iam branch from f131b68 to 81099f7 Compare June 29, 2023 08:12
kimlisa
kimlisa reviewed Jul 3, 2023
View reviewed changes
lib/web/apiserver.go Outdated
@@ -762,6 +762,7 @@ func (h *Handler) bindDefaultEndpoints() {
// AWS OIDC Integration Actions
h.POST("/webapi/sites/:site/integrations/aws-oidc/:name/databases", h.WithClusterAuth(h.awsOIDCListDatabases))
h.POST("/webapi/sites/:site/integrations/aws-oidc/:name/deployservice", h.WithClusterAuth(h.awsOIDCDeployService))
h.GET("/webapi/sites/:site/integrations/:name/configure-deployservice-iam", h.WithLimiter(h.awsOIDCConfigureDeployServiceIAM))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i think we should make the endpoint look similar to these scripts endpoint as

teleport/lib/web/apiserver.go

Line 593 in 81099f7

h.GET("/webapi/scripts/desktop-access/configure/:token/configure-ad.ps1", h.WithLimiter(h.desktopAccessScriptConfigureHandle))

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Trying to adapt, it would be something like:
/webapi/scripts/integration/configure/deployservice-iam.sh
We can do that 👍
We'll need to add the integration name as query param

@marcoandredinis marcoandredinis force-pushed the marco/oneoff_configure_deployservice_iam branch 3 times, most recently from 950338d to 8a5d4d8 Compare July 3, 2023 16:50
@marcoandredinis marcoandredinis marked this pull request as ready for review July 3, 2023 17:07
@marcoandredinis marcoandredinis force-pushed the marco/oneoff_configure_deployservice_iam branch from 8a5d4d8 to 6a91796 Compare July 3, 2023 17:12
jakule
jakule approved these changes Jul 3, 2023
View reviewed changes
Copy link
Contributor

@jakule jakule left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Few minor things.

api/utils/aws/identifiers_test.go Outdated Show resolved Hide resolved
lib/web/integrations_awsoidc.go Outdated Show resolved Hide resolved
lib/web/integrations_awsoidc.go Show resolved Hide resolved
lib/web/integrations_awsoidc_test.go Outdated Show resolved Hide resolved
@kimlisa kimlisa mentioned this pull request Jul 4, 2023
Merged
1 task
@marcoandredinis marcoandredinis force-pushed the marco/oneoff_configure_deployservice_iam branch from 6a91796 to a3ea539 Compare July 4, 2023 07:32
@marcoandredinis marcoandredinis added discover Issues related to Teleport Discover backport/branch/v13 labels Jul 4, 2023
kimlisa
kimlisa approved these changes Jul 4, 2023
View reviewed changes
api/utils/aws/identifiers_test.go Outdated Show resolved Hide resolved
@marcoandredinis marcoandredinis force-pushed the marco/oneoff_configure_deployservice_iam branch from a3ea539 to 4d42a81 Compare July 4, 2023 14:52
@marcoandredinis marcoandredinis added this pull request to the merge queue Jul 4, 2023
Merged via the queue into master with commit 37243f8 Jul 4, 2023
23 checks passed
@marcoandredinis marcoandredinis deleted the marco/oneoff_configure_deployservice_iam branch July 4, 2023 15:28
@public-teleport-github-review-bot
Copy link

@marcoandredinis See the table below for backport results.

Branch Result
branch/v13 Failed

@marcoandredinis marcoandredinis mentioned this pull request Jul 4, 2023
Merged
marcoandredinis added a commit that referenced this pull request Jul 4, 2023
@marcoandredinis
Script to configure IAM for the DeployService (#28436)
9f2a315 
* Script to configure IAM for the DeployService

* use any instead of interface{}

* fix test typo
github-merge-queue bot pushed a commit that referenced this pull request Jul 5, 2023
@marcoandredinis
Script to configure IAM for the DeployService (#28436) (#28643)
14c767f 
* Script to configure IAM for the DeployService

* use any instead of interface{}

* fix test typo
@r0mant r0mant mentioned this pull request Jul 14, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jakule jakule jakule approved these changes

@kimlisa kimlisa kimlisa approved these changes

Assignees
No one assigned
Labels
backport/branch/v13 discover Issues related to Teleport Discover size/md
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@marcoandredinis @jakule @kimlisa