[v17] Add Identity Center Account Assignments to Unified Resource Cache #49976
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tcsc
added
backport
no-changelog
tcsc
requested review from
smallinsky and
flyinghermit
and removed request for
smallinsky
r0mant
approved these changes
Dec 10, 2024
flyinghermit
approved these changes
Dec 10, 2024
public-teleport-github-review-bot
bot
removed the request for review
from smallinsky
tcsc
force-pushed
the
tcsc/branch/v17/idc-expose-account-assignmens-via-resource-cache
branch
from
238c042 to
a16d3ec
Compare
Backports #49580 and #49977 Adds Identity Center Account Assignments to the Unified resource cache so they can be requested in access requests. Unfortunately we can't just include an `identitycenterv1.AccountAssignment` directly in the resource cache ListResources output because the legacy protobuf codegen used for the authservice and the new codegen used for identitycenter/v1 produce incompatible serialization code, so resulting generated code does not compile. To get around this issue, this change introduces a parallel (and slightly simplified) definition of an IdentityCenterAccountAssignment in the authservice protobuf spec to act as the wire format for this type. The cached `identitycenterv1.AccountAssignment` resources are copied into a `proto.IdentityCenterAccountAssignment` on a cache read. Includes: - adding resources to cache - adding account assignment paginated resource - account assignment role condition matching for RBAC
tcsc
force-pushed
the
tcsc/branch/v17/idc-expose-account-assignmens-via-resource-cache
branch
from
a16d3ec to
bf62f45
Compare
github-merge-queue bot
pushed a commit
that referenced
this pull request
Dec 10, 2024
…he (#49976) Backports #49580 and #49977 Adds Identity Center Account Assignments to the Unified resource cache so they can be requested in access requests. Unfortunately we can't just include an `identitycenterv1.AccountAssignment` directly in the resource cache ListResources output because the legacy protobuf codegen used for the authservice and the new codegen used for identitycenter/v1 produce incompatible serialization code, so resulting generated code does not compile. To get around this issue, this change introduces a parallel (and slightly simplified) definition of an IdentityCenterAccountAssignment in the authservice protobuf spec to act as the wire format for this type. The cached `identitycenterv1.AccountAssignment` resources are copied into a `proto.IdentityCenterAccountAssignment` on a cache read. Includes: - adding resources to cache - adding account assignment paginated resource - account assignment role condition matching for RBAC
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
tcsc
deleted the
tcsc/branch/v17/idc-expose-account-assignmens-via-resource-cache
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backports #49580 and #49977
Adds Identity Center Account Assignments to the Unified resource cache
so they can be requested in access requests.
Unfortunately we can't just include an
identitycenterv1.AccountAssignmentdirectly in the resource cache ListResources output because the legacy
protobuf codegen used for the authservice and the new codegen used for
identitycenter/v1 produce incompatible serialization code, so resulting
generated code does not compile.
To get around this issue, this change introduces a parallel (and slightly
simplified) definition of an IdentityCenterAccountAssignment in the authservice
protobuf spec to act as the wire format for this type. The cached
identitycenterv1.AccountAssignmentresources are copied into aproto.IdentityCenterAccountAssignmenton a cache read.Includes: