Machine ID: Documentation for Bitbucket Pipelines joining#49172
Machine ID: Documentation for Bitbucket Pipelines joining#49172timothyb89 merged 3 commits intomasterfrom
Conversation
This adds guides and other documentation for the `bitbucket` join method, which allows Machine ID bots to join from Bitbucket Pipelines runs without shared secrets. Follow up to #48724
|
🤖 Vercel preview here: https://docs-n8e09puiw-goteleport.vercel.app/docs |
| From this page, note the following values: | ||
| - Identity provider URL (<Var name="identity-provider-url" />) | ||
| - Audience (<Var name="audience" />) | ||
| - Workspace UUID (<Var name="workspace-uuid" />) | ||
| - Repository UUID (<Var name="repository-uuid" />) |
There was a problem hiding this comment.
I'm hoping to have a good variable UX here but the inline values used in some other docs pages don't make a lot of sense once a value is entered since the variable name gets hidden. I'm not sure if this is a reasonable compromise - any thoughts from the docs team?
github-actions
Bot
requested review from
mmcallister,
ptgott,
r0mant,
strideynet,
xinding33 and
zmb3
timothyb89
added
no-changelog
|
|
||
| The `bitbucket` join method is a secure way for Machine ID bots to authenticate | ||
| with the Teleport Auth Service without using any shared secrets. Instead, it | ||
| makes use of an OpenID Connect token that Bitbucket Pipelines injects into the |
There was a problem hiding this comment.
| makes use of an OpenID Connect token that Bitbucket Pipelines injects into the | |
| makes use of an OpenID Connect token that Bitbucket Pipelines inject into the |
There was a problem hiding this comment.
Hmm, I think it's correct as written? "Bitbucket Pipelines" is a singular product so I think "injects" is correct here. If we said "Bitbucket pipelines" referring to individual workflows then we'd want the singular form, but I've tried to refer to them as "Bitbucket Pipelines workflows" or similar.
Amusingly, even Bitbucket frequently calls them workflows instead of pipelines.
| - wget https://cdn.teleport.dev/teleport-v(=teleport.version=)-linux-amd64-bin.tar.gz | ||
| - tar -xvf teleport-v(=teleport.version=)-linux-amd64-bin.tar.gz | ||
|
|
||
| # Run `tbot` in identity mode for SSH access |
There was a problem hiding this comment.
We will have to change this if we backport bitbucket to v16, right?
There was a problem hiding this comment.
Good call, I'll tweak this in the backport to borrow step 5 from the other guides.
|
🤖 Vercel preview here: https://docs-ayu5eldkz-goteleport.vercel.app/docs |
|
🤖 Vercel preview here: https://docs-jk0gyb3un-goteleport.vercel.app/docs |
public-teleport-github-review-bot
Bot
removed request for
mmcallister,
ptgott,
r0mant and
xinding33
|
@timothyb89 See the table below for backport results.
|
3 participants
This adds guides and other documentation for the
bitbucketjoin method, which allows Machine ID bots to join from Bitbucket Pipelines runs without shared secrets.Follow up to #48724