-
Notifications
You must be signed in to change notification settings - Fork 501
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(aws): Support syncing AWS SSO Account Assignments for non management accounts #10881
Conversation
This PR has the following changes to source plugin(s) tables:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This makes sense.
I can't think of a use case where the information for accounts for provisioned permission set (https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountsForProvisionedPermissionSet.html) would not be contained in Account Assignments.
I like the addition of request_region
and request_account_id
to the permission set table.
Makes sense to do this as separate from #10870 since that could be breaking.
🤖 I have created a release *beep* *boop* --- ## [18.0.0](plugins-source-aws-v17.4.0...plugins-source-aws-v18.0.0) (2023-05-29) ### ⚠ BREAKING CHANGES * **aws:** Change names of columns which had `_ar_ns` instead of `_arns` ([#10802](#10802)) * This release introduces an internal change to our type system to use [Apache Arrow](https://arrow.apache.org/). This should not have any visible breaking changes, however due to the size of the change we are introducing it under a major version bump to communicate that it might have some bugs that we weren't able to catch during our internal tests. If you encounter an issue during the upgrade, please submit a [bug report](https://github.com/cloudquery/cloudquery/issues/new/choose). You will also need to update destinations depending on which one you use: - Azure Blob Storage >= v3.2.0 - BigQuery >= v3.0.0 - ClickHouse >= v3.1.1 - DuckDB >= v1.1.6 - Elasticsearch >= v2.0.0 - File >= v3.2.0 - Firehose >= v2.0.2 - GCS >= v3.2.0 - Gremlin >= v2.1.10 - Kafka >= v3.0.1 - Meilisearch >= v2.0.1 - Microsoft SQL Server >= v4.2.0 - MongoDB >= v2.0.1 - MySQL >= v2.0.2 - Neo4j >= v3.0.0 - PostgreSQL >= v4.2.0 - S3 >= v4.4.0 - Snowflake >= v2.1.1 - SQLite >= v2.2.0 ### This Release has the Following Changes to Tables - Table `aws_apigateway_rest_api_authorizers`: column `provider_ar_ns` removed from table (:warning: breaking) - Table `aws_apigateway_rest_api_authorizers`: column added with name `provider_arns` and type `list<item: utf8, nullable>` - Table `aws_autoscaling_groups`: column `target_group_ar_ns` removed from table (:warning: breaking) - Table `aws_autoscaling_groups`: column added with name `target_group_arns` and type `list<item: utf8, nullable>` - Table `aws_cloudformation_stacks`: column `notification_ar_ns` removed from table (:warning: breaking) - Table `aws_cloudformation_stacks`: column added with name `notification_arns` and type `list<item: utf8, nullable>` - Table `aws_cognito_identity_pools`: column `open_id_connect_provider_ar_ns` removed from table (:warning: breaking) - Table `aws_cognito_identity_pools`: column `saml_provider_ar_ns` removed from table (:warning: breaking) - Table `aws_cognito_identity_pools`: column added with name `open_id_connect_provider_arns` and type `list<item: utf8, nullable>` - Table `aws_cognito_identity_pools`: column added with name `saml_provider_arns` and type `list<item: utf8, nullable>` - Table `aws_ssoadmin_permission_sets`: column added with name `request_account_id` and type `utf8` - Table `aws_ssoadmin_permission_sets`: column added with name `request_region` and type `utf8` ### Features * Update to use [Apache Arrow](https://arrow.apache.org/) type system ([#10797](#10797)) ([e355d14](e355d14)) ### Bug Fixes * **aws:** Change names of columns which had `_ar_ns` instead of `_arns` ([#10802](#10802)) ([e00ac44](e00ac44)) * **aws:** Remove Hardcoded fix for AWS issue ([#10972](#10972)) ([ede53a7](ede53a7)) * **aws:** Support syncing AWS SSO Account Assignments for non management accounts ([#10881](#10881)) ([a715e4f](a715e4f)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs to v1.20.11 ([#11066](#11066)) ([be8e23b](be8e23b)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/codebuild to v1.20.13 ([#11067](#11067)) ([c3c831a](c3c831a)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/cognitoidentity to v1.15.11 ([#11068](#11068)) ([6708fec](6708fec)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider to v1.22.10 ([#11069](#11069)) ([28698dc](28698dc)) * **deps:** Update module github.com/aws/aws-sdk-go-v2/service/costexplorer to v1.25.10 ([#11070](#11070)) ([8da3107](8da3107)) * **deps:** Update module github.com/cloudquery/plugin-sdk to v1.45.0 ([#11041](#11041)) ([035e461](035e461)) * **deps:** Update module github.com/cloudquery/plugin-sdk/v3 to v3.6.7 ([#11043](#11043)) ([3c6d885](3c6d885)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
This PR has the following changes to source plugin(s) tables:
|
Summary
closes #10844
Rather than just using the management account id as the input for
ListAccountAssignments
we now callListAccountsForProvisionedPermissionSet
and use the list of Account Ids returned as the input.This will increase the number of API calls required, but there is no way of parallelizing the requests without implementing #14601