Skip to content

Commit

Permalink
[v17] Add Account Assignment IDs to IC Account & App Permission Set L…
Browse files Browse the repository at this point in the history
…ists (#49820)

Backports #49747

Account Assignment resources represent potential Identity Center
account assignments that will be created when a Teleport user is
granted access to them via an Access Request.

The UI needs to know which resources represent a given (Account,
Permission Set) pair when building an access request, so this change
allows Teleport to express this relationship in the enclosing
Idenitity Center and App resources, rather than have the UI try
and deduce it.
  • Loading branch information
tcsc authored Dec 5, 2024
1 parent 4c19dd7 commit 78a0a74
Show file tree
Hide file tree
Showing 8 changed files with 2,143 additions and 2,028 deletions.
343 changes: 178 additions & 165 deletions api/gen/proto/go/teleport/identitycenter/v1/identitycenter.pb.go

Large diffs are not rendered by default.

6 changes: 5 additions & 1 deletion api/proto/teleport/identitycenter/v1/identitycenter.proto
Original file line number Diff line number Diff line change
Expand Up @@ -34,13 +34,17 @@ message PermissionSetInfo {
// Role is an optional ARN indicating role provisioned to this account. May be
// empty if the permission set is not provisioned or is not relevant in the
string role = 3;

// AssignmentID is the name of a Teleport Account Assignment resource
// representing this permission set assigned to the enclosing Account.
string assignment_id = 4;
}

// AccountStatus represents any commonly-changing data about an Identity
// Center account.
message AccountStatus {}

// Account is an Identity-Ceneter-managed AWS account
// Account is an Identity-Center-managed AWS account
message Account {
string kind = 1;
string sub_kind = 2;
Expand Down
4 changes: 4 additions & 0 deletions api/proto/teleport/legacy/types/types.proto
Original file line number Diff line number Diff line change
Expand Up @@ -972,6 +972,10 @@ message IdentityCenterPermissionSet {

// Name is the human-readable name of the Permission Set.
string Name = 2 [(gogoproto.jsontag) = "name,omitempty"];

// AssignmentID is the ID of the Teelport Account Assignment resource that
// represents this permission being assigned on the enclosing Account.
string AssignmentID = 3 [(gogoproto.jsontag) = "assignment_name,omitempty"];
}

// AppIdentityCenter encapsulates information about an AWS Identity Center
Expand Down
3 changes: 2 additions & 1 deletion api/types/derived.gen.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3,769 changes: 1,908 additions & 1,861 deletions api/types/types.pb.go

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@ Optional:
Optional:

- `arn` (String) ARN is the fully-formed ARN of the Permission Set.
- `assignment_name` (String) AssignmentID is the ID of the Teelport Account Assignment resource that represents this permission being assigned on the enclosing Account.
- `name` (String) Name is the human-readable name of the Permission Set.


Expand Down
1 change: 1 addition & 0 deletions docs/pages/reference/terraform-provider/resources/app.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,7 @@ Optional:
Optional:

- `arn` (String) ARN is the fully-formed ARN of the Permission Set.
- `assignment_name` (String) AssignmentID is the ID of the Teelport Account Assignment resource that represents this permission being assigned on the enclosing Account.
- `name` (String) Name is the human-readable name of the Permission Set.


Expand Down
44 changes: 44 additions & 0 deletions integrations/terraform/tfschema/types_terraform.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 78a0a74

Please sign in to comment.