gravitational / teleport

The easiest, and most secure way to access and protect all of your infrastructure.
https://goteleport.com
GNU Affero General Public License v3.0
17.54k stars 1.75k forks source link

Support requesting access to `saml_idp_service_provider` resource from `tsh` #38447

Open flyinghermit opened 8 months ago

flyinghermit commented 8 months ago

What would you like Teleport to do?

We should support requesting access to saml_idp_service_provider resource, simlar to other resources such as nodes, database, apps etc.

Error searching for saml apps:

$ ./tsh request search --kind saml_idp_service_provider
ERROR: enum value must be one of node,kube_cluster,db,app,windows_desktop,user_group,pod,secret,configmap,namespace,service,serviceaccount,kube_node,persistentvolume,persistentvolumeclaim,deployment,replicaset,statefulset,daemonset,clusterrole,kube_role,clusterrolebinding,rolebinding,cronjob,job,certificatesigningrequest,ingress, got 'saml'

Error creating request:

$ ./tsh request create --resource /tele.dev/saml_idp_service_provider/gcp
ERROR: Resource kind "saml_idp_service_provider" is invalid or unsupported

What problem does this solve?

Enable Resource Access Request for SAML apps.

If a workaround exists, please include it.

n.a

flyinghermit commented 2 months ago

The resource access request will be available in the Web UI starting v17, addressed by https://github.com/gravitational/teleport/pull/44706 and https://github.com/gravitational/teleport.e/pull/4767.

I am still keeping this ticket open to gauge the interest for the same in tsh.