Open
Conversation
* fix role trust policy when `trust_role` is set * fix `for` expressions that range over a null value, which is not supported in terraform v1.5.7 * fix broken validation block condition to catch `use_oidc_integration=false` when `trust_role` is not set * fix nonsensitive(null) warning when `create=false` * set nullable=false for match_aws_* variables * add a precondition to enforce `use_oidc_integration=true` when using `teleport_discovery_group_name="cloud-discovery-group"`, because cloud cluster discovery services must use OIDC credentials * describe the allowed values for var.aws_matchers.types
GavinFrazar
added
aws
GavinFrazar
temporarily deployed
to
docs-amplify
GitHub Actions
Inactive
github-actions
bot
requested review from
bernardjkim,
hugoShaka,
marcoandredinis,
mmcallister,
ptgott,
r0mant,
tigrato and
zmb3
Contributor
|
Amplify deployment status
|
8 tasks
GavinFrazar
requested review from
greedy52
and removed request for
bernardjkim,
hugoShaka,
mmcallister,
ptgott,
tigrato and
zmb3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
trust_roleis setforexpressions that range over a null value, which is notsupported in terraform v1.5.7
use_oidc_integration=falsewhentrust_roleis not setcreate=falseuse_oidc_integration=truewhen usingteleport_discovery_group_name="cloud-discovery-group", because cloudcluster discovery services must use OIDC credentials
No changelog for the unsupported
forexpressions fix because we didn't release that yet.Changelog: Fixed teleport/discovery/aws Terraform module to support IAM role assumption as the discovery service credential source.
Manual Test Plan
Test environment
discover-5cloud staging tenant running19.0.0-dev.alexh.15and ourteleport-dev-2AWS accountTest Cases
terraform applywith an invalid configuration and verify that a helpful error message is displayeduse_oidc_integration=trueandtrust_role != nulluse_oidc_integration=falseandtrust_role = nulluse_oidc_integration=falseandteleport_discovery_group_name = "cloud-discovery-group"trust_role.role_arn = nulltrust_role.role_arn = ""use_oidc_integration = trueassume_roleis null andintegrationis settrust_role != nullassume_roleis set andintegrationis nulltrust_role.external_id != ""and verify that the external id condition is added to the discovery service iam role's trust policyterraform applywith the module using legacymatch_aws_*inputsaws_matchersinput instead of the legacy inputs and verify that nothing changed after re-applyingterraform applythe module usingaws_matchersinput with legacy inputs unset