Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update aws oidc db enrollment role permissions #44717

Merged
merged 2 commits into from
Jul 29, 2024
Merged

update aws oidc db enrollment role permissions #44717

merged 2 commits into from
Jul 29, 2024

Conversation

GavinFrazar
Copy link
Contributor

@GavinFrazar GavinFrazar commented Jul 26, 2024
edited
Loading

This PR adds the permissions necessary for the AWS RDS enrollment created IAM role to list VPCs and subnets.
Related PRs:

Part of:

cc @kimlisa

@GavinFrazar GavinFrazar added the no-changelog Indicates that a PR does not require a changelog entry label Jul 26, 2024
@github-actions github-actions bot requested review from gzdunek and ryanclark July 26, 2024 22:50
@marcoandredinis
Copy link
Contributor

What happens if the user doesn't have the correct permissions?
Eg, let's say they ran the oneoff script that adds the required permissions before this was released.

Are they asked to re-run the script in cloudshell? Or do we just throw an error because they can list databases but can't list VPCs?

@GavinFrazar
Copy link
Contributor Author

What happens if the user doesn't have the correct permissions? Eg, let's say they ran the oneoff script that adds the required permissions before this was released.

Are they asked to re-run the script in cloudshell? Or do we just throw an error because they can list databases but can't list VPCs?

That's a good point and something we have to handle in the frontend code.
cc @kimlisa does #44671 handle that already?

@GavinFrazar GavinFrazar enabled auto-merge July 29, 2024 22:05
@GavinFrazar GavinFrazar added this pull request to the merge queue Jul 29, 2024
Merged via the queue into master with commit 558d71a Jul 29, 2024
41 checks passed
@GavinFrazar GavinFrazar deleted the gavinfrazar/aws-oidc-update-db-enrollment-flow-permissions branch July 29, 2024 22:39
@kimlisa
Copy link
Contributor

kimlisa commented Jul 29, 2024

What happens if the user doesn't have the correct permissions? Eg, let's say they ran the oneoff script that adds the required permissions before this was released.
Are they asked to re-run the script in cloudshell? Or do we just throw an error because they can list databases but can't list VPCs?

That's a good point and something we have to handle in the frontend code. cc @kimlisa does #44671 handle that already?

i'm pretty sure it does, but i'll test it

@public-teleport-github-review-bot
Copy link

@GavinFrazar See the table below for backport results.

Branch Result
branch/v16 Create PR

@GavinFrazar GavinFrazar mentioned this pull request Jul 29, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kimlisa kimlisa kimlisa approved these changes

@marcoandredinis marcoandredinis marcoandredinis approved these changes

Assignees
No one assigned
Labels
backport/branch/v16 no-changelog Indicates that a PR does not require a changelog entry size/sm ui
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@GavinFrazar @marcoandredinis @kimlisa