Skip to content

Improve gp idp login aws #18601

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 25, 2023
Merged

Improve gp idp login aws #18601

merged 2 commits into from
Aug 25, 2023

Conversation

csweichel
Copy link
Contributor

@csweichel csweichel commented Aug 25, 2023
edited by github-actions bot
Loading

Description

Minor improvements to gp idp login aws:

  • enables the specification of the AWS profile instead of the credentials file. This makes integration with existing configurations easier.
  • uses the workspace ID as session name which makes identifying and auditing user actions within AWS possible.
Summary generated by Copilot

🤖 Generated by Copilot at a7d44e1

Simplify and improve idp-login-aws command of gitpod-cli tool. Use gitpod package, aws configure command, and profile option. Add workspace ID to role session name.

How to test

Start a workspace and use gp idp login aws

Documentation

Preview status

Gitpod was successfully deployed to your preview environment.

Build Options

Build
  • /werft with-werft
    Run the build with werft instead of GHA
  • leeway-no-cache
  • /werft no-test
    Run Leeway with --dont-test
Publish
  • /werft publish-to-npm
  • /werft publish-to-jb-marketplace
Installer
  • analytics=segment
  • with-dedicated-emulation
  • workspace-feature-flags
    Add desired feature flags to the end of the line above, space separated
Preview Environment / Integration Tests
  • /werft with-local-preview
    If enabled this will build install/preview
  • /werft with-preview
  • /werft with-large-vm
  • /werft with-gce-vm
    If enabled this will create the environment on GCE infra
  • with-integration-tests=all
    Valid options are all, workspace, webapp, ide, jetbrains, vscode, ssh. If enabled, with-preview and with-large-vm will be enabled.
  • with-monitoring

/hold

@csweichel csweichel requested a review from a team as a code owner August 25, 2023 09:26
akosyakov
akosyakov reviewed Aug 25, 2023
View reviewed changes
components/gitpod-cli/cmd/idp-login-aws.go
return err
}

awsCmd := exec.Command("aws", "sts", "assume-role-with-web-identity", "--role-arn", idpLoginAwsOpts.RoleARN, "--role-session-name", fmt.Sprintf("%s-%d", wsInfo.WorkspaceId, time.Now().Unix()), "--web-identity-token", tkn)
Copy link
Member

@akosyakov akosyakov Aug 25, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@csweichel I'm not familiar, just asking to confirm there is not any breaking changes which would require reconfiguring existing setups on client side

i.e. where role-session-name is used?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's not breaking. Sessions usually time out after one hour.

akosyakov
akosyakov approved these changes Aug 25, 2023
View reviewed changes
Copy link
Member

@akosyakov akosyakov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approve to unblock

cc @loujaybee if we need to cover any option in some docs

@csweichel
Copy link
Contributor Author

approve to unblock

cc @loujaybee if we need to cover any option in some docs

I checked the logs prior to opening this PR. There aren't any flags that would change here.
I'll raise a docs PR irregardless to highlight the session name.

@csweichel
Copy link
Contributor Author

Docs PR is here: https://github.com/gitpod-io/website/pull/3941

@roboquat roboquat merged commit 205e6fc into main Aug 25, 2023
@roboquat roboquat deleted the cw/gp-idp-aws branch August 25, 2023 15:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akosyakov akosyakov akosyakov approved these changes

Assignees
No one assigned
Labels
size/M team: team-experience
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@csweichel @akosyakov @roboquat