[Buganizer ID: 497768505] AwsGuardDuty: identity federation support#930
[Buganizer ID: 497768505] AwsGuardDuty: identity federation support#930lemanczykp wants to merge 5 commits into
Conversation
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request enables identity federation for the AWS GuardDuty integration, allowing users to authenticate using Google Cloud OIDC. This change improves security by replacing static AWS access keys with temporary, short-lived tokens generated via AWS STS, while also simplifying credential management. Highlights
New Features🧠 You can now enable Memory (public preview) to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
|
❌ Marketplace Validation Failed Click to view the full reportValidation Report
|
| Validation Name | Details |
|---|---|
| The default value of the 'Verify SSL' param in AWS GuardDuty must be a boolean true | |
| - AWS GuardDuty - Findings Connector is missing a 'Verify SSL' parameter | |
| Integration 'aws_guard_duty' contains connectors with missing documentation link: - AWS GuardDuty - Findings Connector | |
| Action Parameter name: Useful? does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds)|IPs/Ranges | |
| Actions with JSON results missing example files in resources/: GetDetectorDetails, CreateATrustedIPList, GetFindingDetails, ListDetectors, GetATrustedIPList, CreateDetector, ListThreatIntelligenceSets, GetThreatIntelligenceSetDetails, CreateThreatIntelligenceSet, ListFindingsForDetector, GetAllTrustedIPsLists | |
| 'aws_guard_duty' is missing tests/config.json |
There was a problem hiding this comment.
Code Review
This pull request adds Google Cloud Web Identity (OIDC) Federation authentication support to the AWS GuardDuty integration, introducing a new AWSGuardDutyIdentityFederation class and updating the manager, actions, and connector to support OIDC-based AWS role assumption. Feedback on the changes highlights a placeholder ValueError with a typo in utils.py that needs to be corrected, as well as style guide violations regarding the default value of the Verify SSL parameter in definition.yaml and a bare except block in AWSGuardDutyIdentityFederation.py.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
8f2026f to
1c68e78
Compare
|
❌ Marketplace Validation Failed Click to view the full reportValidation Report
|
| Validation Name | Details |
|---|---|
| The default value of the 'Verify SSL' param in AWS GuardDuty must be a boolean true | |
| - AWS GuardDuty - Findings Connector is missing a 'Verify SSL' parameter | |
| Integration 'aws_guard_duty' contains connectors with missing documentation link: - AWS GuardDuty - Findings Connector | |
| Action Parameter name: Useful? does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds)|IPs/Ranges | |
| Actions with JSON results missing example files in resources/: GetDetectorDetails, CreateATrustedIPList, GetFindingDetails, ListDetectors, GetATrustedIPList, CreateDetector, ListThreatIntelligenceSets, GetThreatIntelligenceSetDetails, CreateThreatIntelligenceSet, ListFindingsForDetector, GetAllTrustedIPsLists | |
| 'aws_guard_duty' is missing tests/config.json |
1 similar comment
|
❌ Marketplace Validation Failed Click to view the full reportValidation Report
|
| Validation Name | Details |
|---|---|
| The default value of the 'Verify SSL' param in AWS GuardDuty must be a boolean true | |
| - AWS GuardDuty - Findings Connector is missing a 'Verify SSL' parameter | |
| Integration 'aws_guard_duty' contains connectors with missing documentation link: - AWS GuardDuty - Findings Connector | |
| Action Parameter name: Useful? does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds)|IPs/Ranges | |
| Actions with JSON results missing example files in resources/: GetDetectorDetails, CreateATrustedIPList, GetFindingDetails, ListDetectors, GetATrustedIPList, CreateDetector, ListThreatIntelligenceSets, GetThreatIntelligenceSetDetails, CreateThreatIntelligenceSet, ListFindingsForDetector, GetAllTrustedIPsLists | |
| 'aws_guard_duty' is missing tests/config.json |
…ardDutyIdentityFederation.py Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: lemanczykp <lemanczyk@google.com>
7beac97 to
4e4b030
Compare
|
❌ Marketplace Validation Failed Click to view the full reportValidation Report
|
| Validation Name | Details |
|---|---|
| - AWS GuardDuty - Findings Connector is missing a 'Verify SSL' parameter | |
| Integration 'aws_guard_duty' contains connectors with missing documentation link: - AWS GuardDuty - Findings Connector | |
| Action Parameter name: Useful? does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds)|IPs/Ranges | |
| Actions with JSON results missing example files in resources/: GetDetectorDetails, CreateATrustedIPList, GetFindingDetails, ListDetectors, GetATrustedIPList, CreateDetector, ListThreatIntelligenceSets, GetThreatIntelligenceSetDetails, CreateThreatIntelligenceSet, ListFindingsForDetector, GetAllTrustedIPsLists | |
| 'aws_guard_duty' is missing tests/config.json |
|
❌ Marketplace Validation Failed Click to view the full reportValidation Report
|
| Validation Name | Details |
|---|---|
| - AWS GuardDuty - Findings Connector is missing a 'Verify SSL' parameter | |
| Integration 'aws_guard_duty' contains connectors with missing documentation link: - AWS GuardDuty - Findings Connector | |
| Action Parameter name: Useful? does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds)|IPs/Ranges | |
| Actions with JSON results missing example files in resources/: ListDetectors, CreateDetector, GetAllTrustedIPsLists, GetFindingDetails, GetDetectorDetails, CreateATrustedIPList, GetATrustedIPList, CreateThreatIntelligenceSet, ListThreatIntelligenceSets, GetThreatIntelligenceSetDetails, ListFindingsForDetector | |
| 'aws_guard_duty' is missing tests/config.json |
Description
Added support for identity federation: https://aws.amazon.com/identity/federation/
What problem does this PR solve?
Clients needed a way to authenticate in AWS integrations other that using direct credentials (key,secret).
How does this PR solve the problem?
Now integration supports a way to use federated google account to authenticate and request temporary tokens on each run.
Checklist:
Please ensure you have completed the following items before submitting your PR.
This helps us review your contribution faster and more efficiently.
General Checks:
Open-Source Specific Checks:
For Google Team Members and Reviewers Only: