-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove denied AWS Roles in AWS Role Web picker #41585
Conversation
lib/services/access_checker.go
Outdated
case types.KindApp: | ||
if !resourceIsApp || !resourceAsApp.IsAWSConsole() { | ||
return nil, trace.BadParameter("received unsupported resource type for Application kind: %T", resource) | ||
} | ||
|
||
loginGetter = role.GetAWSRoleARNs |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added a test for this case.
This PR uses the accessChecker to remove AWS Roles which users don't have access to. Previously all the AWS Roles that the user had access to would be listed. After this change, only the AWS Roles available in the AppServer will be displayed.
7287f3a
to
a56772a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Co-authored-by: Gavin Frazar <gavin.frazar@goteleport.com>
@marcoandredinis See the table below for backport results.
|
* Remove denied AWS Roles in AWS Role Web picker This PR uses the accessChecker to remove AWS Roles which users don't have access to. Previously all the AWS Roles that the user had access to would be listed. After this change, only the AWS Roles available in the AppServer will be displayed. * fix error for non-aws apps * Update lib/services/access_checker.go Co-authored-by: Gavin Frazar <gavin.frazar@goteleport.com> --------- Co-authored-by: Gavin Frazar <gavin.frazar@goteleport.com>
* Remove denied AWS Roles in AWS Role Web picker This PR uses the accessChecker to remove AWS Roles which users don't have access to. Previously all the AWS Roles that the user had access to would be listed. After this change, only the AWS Roles available in the AppServer will be displayed. * fix error for non-aws apps * Update lib/services/access_checker.go --------- Co-authored-by: Gavin Frazar <gavin.frazar@goteleport.com>
* Remove denied AWS Roles in AWS Role Web picker This PR uses the accessChecker to remove AWS Roles which users don't have access to. Previously all the AWS Roles that the user had access to would be listed. After this change, only the AWS Roles available in the AppServer will be displayed. * fix error for non-aws apps * Update lib/services/access_checker.go Co-authored-by: Gavin Frazar <gavin.frazar@goteleport.com> --------- Co-authored-by: Gavin Frazar <gavin.frazar@goteleport.com>
This PR uses the accessChecker to remove AWS Roles which users don't have access to.
Previously, all the AWS Roles that the user had access to would be listed.
After this change, only the AWS Roles actually available to the user will be displayed.
changelog: Remove invalid AWS Roles from Web UI picker
See #41499 for more details
Fixes: #41499