Skip to content

[v15] AWS OIDC Integration: use S3 bucket as IdP issuer#39489

Merged
kimlisa merged 3 commits intobranch/v15from
marco/v15/backport_awsoidc_s3_setup
Mar 18, 2024
Merged

[v15] AWS OIDC Integration: use S3 bucket as IdP issuer#39489
kimlisa merged 3 commits intobranch/v15from
marco/v15/backport_awsoidc_s3_setup

Conversation

@marcoandredinis
Copy link
Copy Markdown
Contributor

@marcoandredinis marcoandredinis commented Mar 18, 2024
edited
Loading

@public-teleport-github-review-bot
Copy link
Copy Markdown

public-teleport-github-review-bot Bot commented Mar 18, 2024

@marcoandredinis - this PR will require admin approval to merge due to its size. Consider breaking it up into a series smaller changes.

@marcoandredinis marcoandredinis added the no-changelog Indicates that a PR does not require a changelog entry label Mar 18, 2024
@marcoandredinis
AWS OIDC: Accept custom issuers (#38785)
33784a3 
* AWS OIDC: Accept custom issuers

This PR adds a new field into the AWS OIDC fields:
- issuer

This is the issuer that was configured in AWS.
It is used by teleport to set the `issuer/iss` field when generating the
JWT.
This way we'll be able to set a custom issuer.
As an example, we could set this to be a public S3 bucket which doesn't
suffer from the thumbprint validation issuer.

* ensure issuer is a valid https url

* use s3 uri instead of any url for issuer

* typo and require s3 fields

* add missing s3 location when creating integration

* improve error messages
@marcoandredinis
AWS OIDC IdP Configuration: support S3 buckets as provider (#39026)
945841c 
This PR adds support for setting the AWS OIDC Integration with an S3
bucket as issuer.
@marcoandredinis
AWS OIDC: Require S3 for configure IdP Script (#39113)
dfa2b42 
There are two new required fields for generating the configure IdP
script:
- s3Bucket
- s3Prefix

This must form a valid URI when joining them:
s3://<s3Bucket>/<s3Prefix>
@marcoandredinis marcoandredinis force-pushed the marco/v15/backport_awsoidc_s3_setup branch from 25bb465 to dfa2b42 Compare March 18, 2024 18:40
@marcoandredinis marcoandredinis added this pull request to the merge queue Mar 18, 2024
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Mar 18, 2024
@kimlisa kimlisa added this pull request to the merge queue Mar 18, 2024
Merged via the queue into branch/v15 with commit 6e330bc Mar 18, 2024
@kimlisa kimlisa deleted the marco/v15/backport_awsoidc_s3_setup branch March 18, 2024 20:36
@programmerq programmerq mentioned this pull request Jul 15, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@r0mant r0mant r0mant approved these changes

@kimlisa kimlisa kimlisa approved these changes

+1 more reviewer

@AntonAM AntonAM AntonAM approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport discovery no-changelog Indicates that a PR does not require a changelog entry size/xl

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@marcoandredinis @r0mant @AntonAM @kimlisa