Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permissions framework? #18

Closed
sckott opened this issue Nov 8, 2023 · 5 comments
Closed

Permissions framework? #18

sckott opened this issue Nov 8, 2023 · 5 comments
Milestone
v0.1

Comments

@sckott
Copy link
Member

sckott commented Nov 8, 2023
edited
Loading

Thinking about this from the perspective of this image

Screenshot 2023-11-08 at 9 13 18 AM

from the youtube video sean shared

Here's what I'm thinking:

  • suite of fxns for users (already in the works) - aws_user*/aws_users*
  • suite of fxns for groups - aws_group*/aws_groups*
  • suite of fxns for roles - aws_role*/aws_roles*
  • suite of fxns for policies - aws_policy*/aws_policies* - some of these fxns used for attaching policies to users, groups, roles

so in the end we could have a workflow like:

# in each case below aws_policy_attach determines from input whether
# its a group, role, or user. And prefixes policy with `arn:aws:iam::aws:policy`
aws_group_create("testers") %>% aws_policy_attach("ReadOnlyAccess")
aws_role_create("ReadOnlyRole") %>% aws_policy_attach("ReadOnlyAccess")
aws_user_create("jane") %>% aws_policy_attach("AdministratorAccess")

# or if already created, then:
aws_role("ReadOnlyRole") %>% aws_policy_attach("ReadOnlyAccess")

Another example

aws_group_add_users(group = "testers", 
  aws_user_create("jane"),
  aws_user_create("sally"),
  aws_user_create("susy")
)

@seankross feedback plz
sckott added a commit that referenced this issue Nov 8, 2023
@sckott
#18 add fxn families for groups, roles, policies, iam
96fe861
@sckott sckott mentioned this issue Nov 8, 2023
Merged
@seankross
Copy link
Collaborator

So so excited by all of this!! Here's a thought, but I haven't fully thought it through yet. I'll install this and actually get it running to think about the possibilities asap.

aws_users_list() %>% 
    filter(Tag %in% c("A", "B")) %>% 
    pull("Usernames") %>% 
    aws_group_add_users(group = "testers")

@seankross
Copy link
Collaborator

Just copying this from above with no modifications:

# in each case below aws_policy_attach determines from input whether
# its a group, role, or user. And prefixes policy with `arn:aws:iam::aws:policy`
aws_group_create("testers") %>% aws_policy_attach("ReadOnlyAccess")
aws_role_create("ReadOnlyRole") %>% aws_policy_attach("ReadOnlyAccess")
aws_user_create("jane") %>% aws_policy_attach("AdministratorAccess")

# or if already created, then:
aws_role("ReadOnlyRole") %>% aws_policy_attach("ReadOnlyAccess")

I really like this. What should aws_policy_attach return? I'm thinking about how the pipeline could continue (this is likely not too important at this point)

@sckott
Copy link
Member Author

sckott commented Dec 5, 2023

right now aws_policy_attach returns an empty list. it's the result of a call to a paws method, e.g., attach_user_policy that always returns an empty list.

Instead of returning whatever is returned from the paws method, we could return the updated object that the various create functions output? So for example,

  • aws_user_create("jane") returns a tibble with user information, including any policies
  • aws_user_create("jane") %>% aws_policy_attach("AdministratorAccess") is run and returns the same tibble returned above but with any changes made to policies

thoughts (when you're back)?

sckott added a commit that referenced this issue Dec 7, 2023
@sckott
#18 add fxn families for groups, roles, policies, iam
c8a81be
@sckott
Copy link
Member Author

sckott commented Dec 7, 2023

aws_group_create("testers") %>% aws_policy_attach("ReadOnlyAccess") and similar now returns the same thing that aws_group_create and aws_group returns - via the merged PR #19 - among other changes.

I'll leave this open until we're happy with the interface for these fxns.

@sckott
Copy link
Member Author

sckott commented Jan 10, 2024

@seankross Any further thoughts on the permissions fxns for now?

@sckott sckott added this to the v0.1 milestone Feb 6, 2024
@sckott sckott closed this as completed Feb 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.1
Development

No branches or pull requests
2 participants
@sckott @seankross