When using the Confluent Cloud REST API, I can use Identity Tokens by my IdP to "impersonate" an Identity Pool configured in the Confluent Cloud:
https://docs.confluent.io/cloud/current/security/authenticate/workload-identities/identity-providers/oauth/access-rest-apis.html
This also works with the Confluent Terraform Provider:
provider "confluent" {
oauth {
oauth_external_access_token = var.oidc_token
oauth_identity_pool_id = var.my_identity_pool_id
}
}I would love to have this also available somehow in the Confluent CLI, so I could use it completely keyless in pipelines where Terraform is not applicable.
One potential form of using it could be:
confluent login --oauth-external-access-token=$MY_IDP_TOKEN --oauth-identity-pool-id=pool-abc123
Or, if it is technically only usable for some commands, as global flags available on these commands:
confluent kafka topics list --oauth-external-access-token=$MY_IDP_TOKEN --oauth-identity-pool-id=pool-abc123
When using the Confluent Cloud REST API, I can use Identity Tokens by my IdP to "impersonate" an Identity Pool configured in the Confluent Cloud:
https://docs.confluent.io/cloud/current/security/authenticate/workload-identities/identity-providers/oauth/access-rest-apis.html
This also works with the Confluent Terraform Provider:
I would love to have this also available somehow in the Confluent CLI, so I could use it completely keyless in pipelines where Terraform is not applicable.
One potential form of using it could be:
confluent login --oauth-external-access-token=$MY_IDP_TOKEN --oauth-identity-pool-id=pool-abc123Or, if it is technically only usable for some commands, as global flags available on these commands:
confluent kafka topics list --oauth-external-access-token=$MY_IDP_TOKEN --oauth-identity-pool-id=pool-abc123