Skip to content

Commit

Permalink
Add WorkloadIdentity CRUD service
Browse files Browse the repository at this point in the history
  • Loading branch information
strideynet committed Dec 9, 2024
1 parent 6525c37 commit 75e38b9
Show file tree
Hide file tree
Showing 6 changed files with 1,364 additions and 1 deletion.
1 change: 1 addition & 0 deletions api/types/events/oneof.go
Original file line number Diff line number Diff line change
Expand Up @@ -798,6 +798,7 @@ func ToOneOf(in AuditEvent) (*OneOf, error) {
out.Event = &OneOf_ContactDelete{
ContactDelete: e,
}

case *WorkloadIdentityCreate:
out.Event = &OneOf_WorkloadIdentityCreate{
WorkloadIdentityCreate: e,
Expand Down
14 changes: 14 additions & 0 deletions lib/auth/grpcserver.go
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ import (
usersv1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/users/v1"
usertaskv1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/usertasks/v1"
vnetv1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/vnet/v1"
workloadidentityv1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/workloadidentity/v1"
userpreferencesv1pb "github.com/gravitational/teleport/api/gen/proto/go/userpreferences/v1"
"github.com/gravitational/teleport/api/internalutils/stream"
"github.com/gravitational/teleport/api/metadata"
Expand All @@ -95,6 +96,7 @@ import (
"github.com/gravitational/teleport/lib/auth/kubewaitingcontainer/kubewaitingcontainerv1"
"github.com/gravitational/teleport/lib/auth/loginrule/loginrulev1"
"github.com/gravitational/teleport/lib/auth/machineid/machineidv1"
"github.com/gravitational/teleport/lib/auth/machineid/workloadidentityv1"
"github.com/gravitational/teleport/lib/auth/notifications/notificationsv1"
"github.com/gravitational/teleport/lib/auth/presence/presencev1"
"github.com/gravitational/teleport/lib/auth/trust/trustv1"
Expand Down Expand Up @@ -5095,6 +5097,18 @@ func NewGRPCServer(cfg GRPCServerConfig) (*GRPCServer, error) {
}
machineidv1pb.RegisterSPIFFEFederationServiceServer(server, spiffeFederationService)

workloadIdentityResourceService, err := workloadidentityv1.NewResourceService(&workloadidentityv1.ResourceServiceConfig{
Authorizer: cfg.Authorizer,
Backend: cfg.AuthServer.Services.WorkloadIdentities,
Cache: cfg.AuthServer.Cache,
Emitter: cfg.Emitter,
Clock: cfg.AuthServer.GetClock(),
})
if err != nil {
return nil, trace.Wrap(err, "creating workload identity resource service")
}
workloadidentityv1pb.RegisterWorkloadIdentityResourceServiceServer(server, workloadIdentityResourceService)

dbObjectImportRuleService, err := dbobjectimportrulev1.NewDatabaseObjectImportRuleService(dbobjectimportrulev1.DatabaseObjectImportRuleServiceConfig{
Authorizer: cfg.Authorizer,
Backend: cfg.AuthServer.Services,
Expand Down
Loading

0 comments on commit 75e38b9

Please sign in to comment.