diff --git a/api/src/backend/api/specs/v1.yaml b/api/src/backend/api/specs/v1.yaml index 966f09a6ec..9d3c78e1ed 100644 --- a/api/src/backend/api/specs/v1.yaml +++ b/api/src/backend/api/specs/v1.yaml @@ -7141,6 +7141,9 @@ components: type: string description: The Amazon Resource Name (ARN) of the role to assume. Required for AWS role assumption. + external_id: + type: string + description: An identifier to enhance security for role assumption. aws_access_key_id: type: string description: The AWS access key ID. Only required if the environment @@ -7159,10 +7162,6 @@ components: maximum: 43200 default: 3600 description: The duration (in seconds) for the role session. - external_id: - type: string - description: An optional identifier to enhance security for - role assumption; may be required by the role administrator. role_session_name: type: string description: |- @@ -7175,6 +7174,7 @@ components: pattern: ^[a-zA-Z0-9=,.@_-]+$ required: - role_arn + - external_id - type: object title: Azure Static Credentials properties: @@ -8352,6 +8352,9 @@ components: type: string description: The Amazon Resource Name (ARN) of the role to assume. Required for AWS role assumption. + external_id: + type: string + description: An identifier to enhance security for role assumption. aws_access_key_id: type: string description: The AWS access key ID. Only required if the environment @@ -8369,10 +8372,6 @@ components: maximum: 43200 default: 3600 description: The duration (in seconds) for the role session. - external_id: - type: string - description: An optional identifier to enhance security for role - assumption; may be required by the role administrator. role_session_name: type: string description: |- @@ -8385,6 +8384,7 @@ components: pattern: ^[a-zA-Z0-9=,.@_-]+$ required: - role_arn + - external_id - type: object title: Azure Static Credentials properties: @@ -8533,6 +8533,9 @@ components: type: string description: The Amazon Resource Name (ARN) of the role to assume. Required for AWS role assumption. + external_id: + type: string + description: An identifier to enhance security for role assumption. aws_access_key_id: type: string description: The AWS access key ID. Only required if the environment @@ -8551,10 +8554,6 @@ components: maximum: 43200 default: 3600 description: The duration (in seconds) for the role session. - external_id: - type: string - description: An optional identifier to enhance security for - role assumption; may be required by the role administrator. role_session_name: type: string description: |- @@ -8567,6 +8566,7 @@ components: pattern: ^[a-zA-Z0-9=,.@_-]+$ required: - role_arn + - external_id - type: object title: Azure Static Credentials properties: @@ -8732,6 +8732,9 @@ components: type: string description: The Amazon Resource Name (ARN) of the role to assume. Required for AWS role assumption. + external_id: + type: string + description: An identifier to enhance security for role assumption. aws_access_key_id: type: string description: The AWS access key ID. Only required if the environment @@ -8749,10 +8752,6 @@ components: maximum: 43200 default: 3600 description: The duration (in seconds) for the role session. - external_id: - type: string - description: An optional identifier to enhance security for role - assumption; may be required by the role administrator. role_session_name: type: string description: |- @@ -8765,6 +8764,7 @@ components: pattern: ^[a-zA-Z0-9=,.@_-]+$ required: - role_arn + - external_id - type: object title: Azure Static Credentials properties: diff --git a/api/src/backend/api/v1/serializers.py b/api/src/backend/api/v1/serializers.py index a47cb27035..8405b1dfdc 100644 --- a/api/src/backend/api/v1/serializers.py +++ b/api/src/backend/api/v1/serializers.py @@ -1010,7 +1010,7 @@ class KubernetesProviderSecret(serializers.Serializer): class AWSRoleAssumptionProviderSecret(serializers.Serializer): role_arn = serializers.CharField() - external_id = serializers.CharField(required=False) + external_id = serializers.CharField() role_session_name = serializers.CharField(required=False) session_duration = serializers.IntegerField( required=False, min_value=900, max_value=43200 @@ -1057,6 +1057,10 @@ class AWSRoleAssumptionProviderSecret(serializers.Serializer): "description": "The Amazon Resource Name (ARN) of the role to assume. Required for AWS role " "assumption.", }, + "external_id": { + "type": "string", + "description": "An identifier to enhance security for role assumption.", + }, "aws_access_key_id": { "type": "string", "description": "The AWS access key ID. Only required if the environment lacks pre-configured " @@ -1078,11 +1082,6 @@ class AWSRoleAssumptionProviderSecret(serializers.Serializer): "default": 3600, "description": "The duration (in seconds) for the role session.", }, - "external_id": { - "type": "string", - "description": "An optional identifier to enhance security for role assumption; may be " - "required by the role administrator.", - }, "role_session_name": { "type": "string", "description": "An identifier for the role session, useful for tracking sessions in AWS logs. " @@ -1096,7 +1095,7 @@ class AWSRoleAssumptionProviderSecret(serializers.Serializer): "pattern": "^[a-zA-Z0-9=,.@_-]+$", }, }, - "required": ["role_arn"], + "required": ["role_arn", "external_id"], }, { "type": "object",