-
Notifications
You must be signed in to change notification settings - Fork 363
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support structured fields for IAM policies #315
Comments
This would also help with #212 |
@mcavoyk thanks for opening this! We have considered supporting both structured and unstructured simultaneously (with one taking precedence over the other) by having a field such as |
This seems like the same (or a similar) use case to crossplane/crossplane#1603. |
Yeah that is what I'm proposing with the issue, offering both json string field and a structured field, with json string taking precedence.
It's definitely the same sort of use case, around trying to make IAM role for service account easier, but I think having a structured IAM Policy will solve other use cases as well, when a composition would like to create a resource and the policy for an application to access the resource. I don't think the tickets are exclusive in this case, having both would make compositions simpler for policies. |
As these fields are not provided natively in the aws-go-sdk/iam it is not straight forward to implement this. |
Hi there, people! |
I don't, feel free to take it. |
Hi @erickfaustino ! You might be able to reuse the same struct from Bucket Policy. In fact, having the policy struct in one place and letting many policy resources import it would be pretty nice! |
Any updates here? |
bump |
Bump, this would be quite useful. Is this being prioritised at all? Another possibility would be to create a filter such as |
Crossplane does not currently have enough maintainers to address every issue and pull request. This issue has been automatically marked as |
…c.0.36.gc986ff0
What problem are you facing?
Today the
IAMPolicy
type supports aDocument
string field for the IAM policy. This expects a json document for the policy definition. My use case is I would like to create IAM policy within a composition and have fields within the document patched based on other resources within the composition.How could Crossplane help solve your problem?
#289 for s3 bucket policy offers well defined policy fields which are serialized into the json document.
IAMPolicy
should offer something similiar. The json string fieldDocument
would still be preferred if non-empty, but otherwise a structuredPolicyStatement
field could be used.Example with document:
Example with statement:
The text was updated successfully, but these errors were encountered: