Skip to content
/ qsgpm Public

A commandline tool for management of QuickSight Group and CustomPermission

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mashiike/qsgpm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
.github
.github
 
 
cmd/qsgpm
cmd/qsgpm
 
 
internal/quicksightx
internal/quicksightx
 
 
testdata
testdata
 
 
.gitignore
.gitignore
 
 
.goreleaser.yml
.goreleaser.yml
 
 
.tagpr
.tagpr
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
aws.go
aws.go
 
 
config.go
config.go
 
 
config_test.go
config_test.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
groups.go
groups.go
 
 
qsgpm.go
qsgpm.go
 
 
user.go
user.go
 
 

Repository files navigation

Latest GitHub release Github Actions test Go Report Card License

qsgpm

A commandline tool for management of QuickSight Group and CustomPermission

Install

binary packages

Releases.

QuickStart

$ qsgpm --help                       
NAME:
   qsgpm - A commandline tool for management of QuickSight Group and CustomPermission

USAGE:
   qsgpm --config <config file>

VERSION:
   current

COMMANDS:
   help, h  Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --config value, -c value     config file path [$CONFIG, $QSGPM_CONFIG]
   --dry-run                    (default: false) [$QSGPM_DRY_RUN]
   --log-level value, -l value  output log level (debug|info|notice|warn|error) (default: "info") [$QSGPM_LOG_LEVEL]
   --help, -h                   show help (default: false)
   --version, -v                print the version (default: false)

The simplest configuration is:

required_version: ">=0.0.0"

user:
  namespace: default
groups:
  - all

rules:
  - user:
      role: Admin
    groups:
      - admin

  - user:
      role: Author
    groups:
      - author
    custom_permission: DefaultAuthor

  - user:
      role: Reader
    groups:
      - reader

The above setting means that all users will belong to the group "all" and also to the group for each account role, and Author will have a custom permission named DefaultAuthor.

What conditions do the rules match for users? and if they match, which group they belong to and what custom permissions they should have. The rule matches only one. The Yaml array is evaluated from the top and the first matching rule is applied to each user.

For example, for a more complex configuration where the QuickSight user is an external user, the following is an example of another configuration.

required_version: ">=0.0.0"

user:
  identity_type: IAM
  namespace: default
groups:
  - all

rules:
  - user:
      role: Admin
    groups:
      - admin

   - user:
      identity_type: QuickSight 
      email_suffix: "@internal.example.com"
      role: Author
    groups:
      - internal_author
      - author
    custom_permission: InternalAuthor

   - user:
      role: Author
    groups:
      - external_author
      - author
    custom_permission: ExternalAuthor

  - user:
      session_name_suffix: "@external.example.com"
      role: Author
    groups:
      - external_author
      - author
    custom_permission: ExternalAuthor
  
  - user:
      role: Author
    groups:
      - internal_author
      - author
    custom_permission: InternalAuthor


  - user:
      role: Reader
    groups:
      - reader

LICENSE

MIT

About

A commandline tool for management of QuickSight Group and CustomPermission

Topics

quicksight

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 3

v0.2.0 Latest
Jun 15, 2023
+ 2 releases

Contributors 3

  •  
  •  
  •  

Languages