Add Account Assignment IDs to IC App Permission Set List

Account Assignment resources represent potential Identity Center account assignments that will be created when a Teleport user is granted access to them via an Access Request. The UI needs to know which resources represent a given (Account, Permission Set) pair when building an access request, so this change allows Teleport to express this relationship in the enclosing Idenitity Center and App resources, rather than have the UI try and deduce it.
gravitational · Dec 4, 2024 · 3cc204d · 3cc204d
1 parent 01fc9f0
commit 3cc204d
Show file tree

Hide file tree

Showing 8 changed files with 2,175 additions and 2,059 deletions.
diff --git a/api/gen/proto/go/teleport/identitycenter/v1/identitycenter.pb.go b/api/gen/proto/go/teleport/identitycenter/v1/identitycenter.pb.go
diff --git a/api/proto/teleport/identitycenter/v1/identitycenter.proto b/api/proto/teleport/identitycenter/v1/identitycenter.proto
@@ -34,13 +34,17 @@ message PermissionSetInfo {
   // Role is an optional ARN indicating role provisioned to this account. May be
   // empty if the permission set is not provisioned or is not relevant in the
   string role = 3;
+
+  // AssignmentID is the name of a Teleport Account Assignment resource
+  // representing this permission set assigned to the enclosing Account.
+  string assignment_id = 4;
 }
 
 // AccountStatus represents any commonly-changing data about an Identity
 // Center account.
 message AccountStatus {}
 
-// Account is an Identity-Ceneter-managed AWS account
+// Account is an Identity-Center-managed AWS account
 message Account {
   string kind = 1;
   string sub_kind = 2;

diff --git a/api/proto/teleport/legacy/types/types.proto b/api/proto/teleport/legacy/types/types.proto
@@ -1009,6 +1009,10 @@ message IdentityCenterPermissionSet {
 
   // Name is the human-readable name of the Permission Set.
   string Name = 2 [(gogoproto.jsontag) = "name,omitempty"];
+
+  // AssignmentName is the name of the account assignment that represents this
+  // permission set on the account enclosing this permission set
+  string AssignmentName = 3 [(gogoproto.jsontag) = "assignment_name,omitempty"];
 }
 
 // AppIdentityCenter encapsulates information about an AWS Identity Center

diff --git a/api/types/derived.gen.go b/api/types/derived.gen.go
diff --git a/api/types/types.pb.go b/api/types/types.pb.go
diff --git a/docs/pages/reference/terraform-provider/data-sources/app.mdx b/docs/pages/reference/terraform-provider/data-sources/app.mdx
@@ -95,6 +95,7 @@ Optional:
 Optional:
 
 - `arn` (String) ARN is the fully-formed ARN of the Permission Set.
+- `assignment_name` (String) AssignmentName is the name of the account assignment that represents this permission set on the account enclosing this permission set
 - `name` (String) Name is the human-readable name of the Permission Set.
 
 

diff --git a/docs/pages/reference/terraform-provider/resources/app.mdx b/docs/pages/reference/terraform-provider/resources/app.mdx
@@ -114,6 +114,7 @@ Optional:
 Optional:
 
 - `arn` (String) ARN is the fully-formed ARN of the Permission Set.
+- `assignment_name` (String) AssignmentName is the name of the account assignment that represents this permission set on the account enclosing this permission set
 - `name` (String) Name is the human-readable name of the Permission Set.
 
 

diff --git a/integrations/terraform/tfschema/types_terraform.go b/integrations/terraform/tfschema/types_terraform.go