Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Machine ID: GCP Delegated Joining support #28663

Merged
merged 5 commits into from
Jul 6, 2023
Merged

Machine ID: GCP Delegated Joining support #28663

merged 5 commits into from
Jul 6, 2023
+42 −43

Conversation

strideynet
Copy link
Contributor

@strideynet strideynet commented Jul 5, 2023
edited

Closes #28457

Enables GCP joining support in Machine ID using the existing support in the Teleport Auth Server - also refactors the bot joining in the Auth Server to be a bit cleaner and reduce duplication of the list of supported join methods.

Tested with a GCP VM and the following join token resource:

kind: token
version: v2
metadata:
  name: bot-gcp
spec:
  roles: [Bot]
  join_method: gcp
  bot_name: gcp
  gcp:
    allow:
      - project_ids: ["my-project-110110"]

@strideynet strideynet marked this pull request as ready for review July 5, 2023 13:01
strideynet
strideynet commented Jul 5, 2023
View reviewed changes
lib/auth/bot.go
@@ -262,6 +263,18 @@ func (s *Server) getBotUsers(ctx context.Context) ([]types.User, error) {
return botUsers, nil
}

// supportedBotJoinMethods should match SupportedJoinMethods declared in
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It'd be nice to have these eventually share the same variable - but I don't want to have a dependency on lib/tbot from lib/auth at this moment - I'll have a further think about this, but this is at least better than before.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not export the one in lib/auth and use it from lib/tbot?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah - I think that seems more sensible, or even possibly exporting it from api. I'd prefer to keep that out of the scope of this, as once I started pulling this thread, there's potentially some other code I'd like to move around too.

espadolini
espadolini approved these changes Jul 6, 2023
View reviewed changes
lib/auth/bot.go
@@ -262,6 +263,18 @@ func (s *Server) getBotUsers(ctx context.Context) ([]types.User, error) {
return botUsers, nil
}

// supportedBotJoinMethods should match SupportedJoinMethods declared in
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not export the one in lib/auth and use it from lib/tbot?

@public-teleport-github-review-bot public-teleport-github-review-bot bot removed the request for review from ryanclark July 6, 2023 14:05
@strideynet strideynet enabled auto-merge July 6, 2023 14:16
@strideynet strideynet added this pull request to the merge queue Jul 6, 2023
Merged via the queue into master with commit 5306331 Jul 6, 2023
23 checks passed
@strideynet strideynet deleted the strideynet/tbot-gcp-join-support branch July 6, 2023 14:34
@public-teleport-github-review-bot
Copy link

@strideynet See the table below for backport results.

Branch Result
branch/v13 Create PR

@strideynet strideynet mentioned this pull request Jul 6, 2023
Merged
ravicious pushed a commit that referenced this pull request Jul 11, 2023
@strideynet @ravicious
Machine ID: GCP Delegated Joining support (#28663)
05a6fc0 
* Add GCP joining support to tbot

* Comment SPAG

* Fix imports

* Actually fix imports
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@espadolini espadolini espadolini approved these changes

@tigrato tigrato tigrato approved these changes

@bl-nero bl-nero bl-nero approved these changes

Assignees
No one assigned
Labels
backport/branch/v13 machine-id size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Machine ID: Support GCP delegated joining
4 participants
@strideynet @espadolini @tigrato @bl-nero