Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding support for WIF based auth to Webhook Datasource module #21

Merged
merged 7 commits into from
Mar 8, 2024
Merged

Adding support for WIF based auth to Webhook Datasource module #21

merged 7 commits into from
Mar 8, 2024

Conversation

ravinadhruve10
Copy link
Contributor

Change summary:

To add auth support for validating cloud ingestion resources :-

  • Adding the support for creating WIF resources with AWS provider.
  • Allowing external trusted identity to be able to impersonate the SA and use temporary service tokens for authentication. This is to allow Sysdig backend to be able to talk to GCP to access and read the cloud resources.
  • Using assumed role attribute as the signature for trusted identity.
  • Creating and binding a custom role to the SA, with just the right set of permissions to read data ingestion cloud resources.
  • Updating the module outputs with the fields to pass in as metadata to Sysdig backend to do the auth.

@ravinadhruve10 ravinadhruve10 requested a review from a team as a code owner February 28, 2024 06:49
@ravinadhruve10
Adding support for WIF based auth to Webhook Datasource module
0c783d8 
Change summary:
-----------------
To add auth support for validating cloud ingestion resources :-
- Adding the support for creating WIF resources with AWS provider.
- Allowing external trusted identity to be able to impersonate
  the SA and use temporary service tokens for authentication. This
  is to allow Sysdig backend to be able to talk to GCP to access
  and read the cloud resources.
- Using assumed role attribute as the signature for trusted identity.
- Creating and binding a custom role to the SA, with just the right
  set of permissions to read data ingestion cloud resources.
- Updating the module outputs with the fields to pass in as metadata
  to Sysdig backend to do the auth.
@ravinadhruve10
Fix fmt
c2d039e
@ravinadhruve10
Fix sysdig provider version in tests
424c95c
@ravinadhruve10
Restrict the WIF identity signtaure to use external_id within the ass…
f2dd546 
…umed role
@ravinadhruve10
Fix org installs for webhook datasource with org-level permissions
b6de5f6
@ravinadhruve10
Add README and tests
f82bf30
@ravinadhruve10 ravinadhruve10 force-pushed the cdr-validation-support branch from 0a1ebf1 to f82bf30 Compare March 7, 2024 23:38
mdkulkarni15
mdkulkarni15 approved these changes Mar 8, 2024
View reviewed changes
Copy link
Contributor

@mdkulkarni15 mdkulkarni15 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ravinadhruve10 ravinadhruve10 merged commit 3ee5fc4 into master Mar 8, 2024
6 checks passed
@ravinadhruve10 ravinadhruve10 deleted the cdr-validation-support branch March 8, 2024 23:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mdkulkarni15 mdkulkarni15 mdkulkarni15 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ravinadhruve10 @mdkulkarni15