Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

provider/aws: Add support for policy to AWS provider assume_role #11501

Merged
merged 1 commit into from
Jan 29, 2017
Merged

provider/aws: Add support for policy to AWS provider assume_role #11501

merged 1 commit into from
Jan 29, 2017

Conversation

stack72
Copy link
Contributor

@stack72 stack72 commented Jan 29, 2017

Fixes: #11461

This will allow the user to pass a policy to further restrict the use
of AssumeRole. It is important to note that it will NOT allow an
expansion of access rights

@stack72
provider/aws: Add support for policy to AWS provider assume_role
50e6c68 
Fixes: #11461

This will allow the user to pass a policy to further restrict the use
of AssumeRole. It is important to note that it will NOT allow an
expansion of access rights
jen20
jen20 approved these changes Jan 29, 2017
View reviewed changes
Copy link
Contributor

@jen20 jen20 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with one minor question re: logging of JSON.

builtin/providers/aws/auth_helpers.go
@@ -146,8 +146,8 @@ func GetCredentials(c *Config) (*awsCredentials.Credentials, error) {

// Otherwise we need to construct and STS client with the main credentials, and verify
// that we can assume the defined role.
log.Printf("[INFO] Attempting to AssumeRole %s (SessionName: %q, ExternalId: %q)",
c.AssumeRoleARN, c.AssumeRoleSessionName, c.AssumeRoleExternalID)
log.Printf("[INFO] Attempting to AssumeRole %s (SessionName: %q, ExternalId: %q, Policy: %q)",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We might want to consider logging the policy on a separate line here as it will be quoted JSON?

@stack72 stack72 merged commit 4ebd207 into master Jan 29, 2017
@stack72 stack72 deleted the f-aws-assumerole-policy branch January 29, 2017 20:32
stack72 added a commit that referenced this pull request Jan 29, 2017
@stack72
provider/aws: Add support for policy to AWS provider assume_role (#11501
41b917b 
)

Fixes: #11461

This will allow the user to pass a policy to further restrict the use
of AssumeRole. It is important to note that it will NOT allow an
expansion of access rights
arcadiatea pushed a commit to ticketmaster/terraform that referenced this pull request Feb 9, 2017
@stack72 @arcadiatea
provider/aws: Add support for policy to AWS provider assume_role (has…
0e99c5f 
…hicorp#11501)

Fixes: hashicorp#11461

This will allow the user to pass a policy to further restrict the use
of AssumeRole. It is important to note that it will NOT allow an
expansion of access rights
@bacoboy bacoboy mentioned this pull request Feb 22, 2017
Closed
@ghost
Copy link

ghost commented Apr 17, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 17, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jen20 jen20 jen20 approved these changes

Assignees
No one assigned
Labels
enhancement provider/aws
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AWS assume_role doesn't support policy as a parameter as SDK supports
2 participants
@stack72 @jen20