Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v17] [entraid] add setup script for offline clusters. #48088

Merged
merged 9 commits into from
Oct 30, 2024
Merged

[v17] [entraid] add setup script for offline clusters. #48088

merged 9 commits into from
Oct 30, 2024

Conversation

tigrato
Copy link
Contributor

@tigrato tigrato commented Oct 29, 2024

Backport #47863 to branch/v17

changelog: Added support for Entra ID directory synchronization for clusters without public internet access.

tigrato and others added 9 commits October 29, 2024 18:11
@tigrato
[entraid] add setup script for offline clusters.
b67e577 
This PR adds a cli configuration for Entra ID where it's possible to default to system credentials instead of relying on OIDC for authentication in EntraID. OIDC is not always a possibility specially when the cluster is private and not internet acessible.

The UX is the following:

```text

Step 1: Run the Setup Script

1. Open **Azure Cloud Shell** (Bash) using **Google Chrome** or **Safari** for the best compatibility.
2. Upload the setup script using the **Upload** button in the Cloud Shell toolbar.
3. Once uploaded, execute the script by running the following command:
   $ bash entraid.sh

**Important Considerations**:
- You must have **Azure privileged administrator permissions** to complete the integration.
- Ensure you're using the **Bash** environment in Cloud Shell.
- During the script execution, you'll be prompted to run 'az login' to authenticate with Azure. **Teleport** does not store or persist your credentials.
- **Mozilla Firefox** users may experience connectivity issues in Azure Cloud Shell; using Chrome or Safari is recommended.

Once the script completes, type 'continue' to proceed, 'exit' to quit: continue

Step 2: Input Tenant ID and Client ID

With the output of Step 1, please copy and paste the following information:
Enter the Tenant ID: 1056b571-0390-4b08-86c8-2edba8d9ae79
Enter the Client ID: 1056b571-0390-4b08-86c8-2edba8d9ae79

Successfully created EntraID plugin "name".
```

Signed-off-by: Tiago Silva <[email protected]>
@tigrato
move function to api
e65fe7e
@tigrato
handle code review comments
f3863d2
@tigrato @marcoandredinis
Apply suggestions from code review
bcb6609 
Co-authored-by: Marco Dinis <[email protected]>
@tigrato
fix url
bf44ca9
@tigrato
enable group claims
43e78d9
@tigrato
add godoc
00e9c2b
@tigrato
handle code review comments
b88093e
@tigrato
fix gomod
af8117c
@github-actions github-actions bot added backport size/md tctl tctl - Teleport admin tool labels Oct 29, 2024
@public-teleport-github-review-bot public-teleport-github-review-bot bot removed the request for review from mvbrock October 30, 2024 08:37
@tigrato tigrato enabled auto-merge October 30, 2024 09:26
@tigrato tigrato added this pull request to the merge queue Oct 30, 2024
Merged via the queue into branch/v17 with commit 64abb0c Oct 30, 2024
43 checks passed
@tigrato tigrato deleted the bot/backport-47863-branch/v17 branch October 30, 2024 10:02
@camscale camscale mentioned this pull request Nov 3, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marcoandredinis marcoandredinis marcoandredinis approved these changes

@r0mant r0mant r0mant approved these changes

Assignees
No one assigned
Labels
backport size/md tctl tctl - Teleport admin tool
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tigrato @r0mant @marcoandredinis