GCP CLI access #17257
Comments
r0mant
added
feature-request
|
@mdwn As we talked about before, let's start with GCP CLI access so cover only checkboxes 2 and 3 from the description. Web console access will be covered later when we implement OIDC provider interface in Teleport which should work for both Azure and GCP. @Tener @smallinsky just FYI |
|
The draft branch for the RFD covering this can be seen here: https://github.com/gravitational/teleport/blob/mike.wilson/gcp-cli-rfd/rfd/0095-gcp-cli-support.md. This is very much in early stages, but if you're curious about where/what I'm thinking so far, you can see it there. |
@r0mant I have started the work on Azure CLI access already; there are some Azure peculiarities to work through, but my initial impressions are good. I have Web access will indeed most likely require Teleport to implement an OIDC provider interface (or a SAML IdP?). |
Description
Teleport currently provides a way to log users in AWS console using federation API as well as access to AWS API via
tsh awsandtsh proxy awscommands:https://goteleport.com/docs/application-access/guides/aws-console/
Accessing Azure console/API is currently in progress.
We would like to add support for similar functionality for accessing GCP.
Success criteria
tsh gcpcommand users can use to interact with GCP API.tsh proxy gcpwhich GCP API clients can use (e.g. terraform).Next steps
Console access:
We need to investigate if GCP provides similar kind of functionality as AWS federation API that would allow Teleport to generate a sign-in link.Useful references
The text was updated successfully, but these errors were encountered: