Support max session duration for roles #18
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context
Max session duration allows you to allow users to assign a role for longer than the default 1h
Changes
This PR adds support by adding an additional field to IAMY roles and the necessary plumbing to make that work
Discussion
I feel a little uncomfortable with how
marshalRoleAsync
works, by updating a pointer to a struct "owned" by another go routine. Go race condition detector doesn't detect anything, but it feels like a foot gun for later development.