Teleport OIDC Errors on existing s3 bucket name

gravitational / teleport

The easiest, and most secure way to access and protect all of your infrastructure.

https://goteleport.com

GNU Affero General Public License v3.0

16.97k stars 1.71k forks source link

Teleport OIDC Errors on existing s3 bucket name #40794

Open stevenGravy opened 2 months ago

stevenGravy commented 2 months ago

Expected behavior:

S3 buckets do need to be unique. With the OIDC integration with S3 a defensive check is best done before anything else runs. Then give instructions that the S3 name needs to be unique.

Current behavior:

A api error forbidden will show if the user selected a existing S3 bucket name.

Bug details:

Teleport version: 15.2.2
Recreation steps

Do a Teleport AWS integration with OIDC. Specify a existing bucket (sample)

Run the script.

marcoandredinis commented 1 month ago

Selecting an existing S3 bucket is not an issue. As long as it supports ACLs.

Maybe we can be more explicit about that: https://github.com/gravitational/teleport/pull/41724