Skip to content
This repository has been archived by the owner on Nov 8, 2021. It is now read-only.

Merge of my AssumeRole branch, and some other forks #24

Merged
merged 23 commits into from
Apr 4, 2017
Merged

Merge of my AssumeRole branch, and some other forks #24

merged 23 commits into from
Apr 4, 2017

Conversation

mvanbaak
Copy link
Contributor

I took the ideas of some of the other forks, and folded it all in one version.

  • Allow specifying an ASSUMEROLE arn to fetch users from another AWS account
  • Allow specifying which IAM groups you want to import
  • Allow specifying a list of local groups to add the imported users to
  • Mark all imported users with a special marker group so in the next run we can delete users no longer in the synced IAM groups (or if the IAM user has been deleted)
  • Updated install.sh to take these things into account

Thanks to usertesting for most of the work about specifying the IAM groups to import and their work on deleting obsolete users.

@mvanbaak
If defined, use IAM AssumeRole to fetch users and ssh keys from anoth…
035a0fa 
…er AWS account
@mvanbaak
Untested: Fold the ability to use IAM AssumeRole in the showcase CF t…
032a000 
…emplate
@mvanbaak
Import only specified IAM groups
801a600 
While trying to implement this feature looking at the many forks,
I decided to mix the various implementations into something for
ourselves.

Split up the script in functions
Created some meaningfull global variables
@mvanbaak
Change variable name so its the same as in the import_users.sh. Use r…
c764fc3 
…ead -r
@mvanbaak
Restore ability to import all users by leaving IAM_AUTHORIZED_GROUPS …
f542069 
…empty
@mvanbaak
Restore ability to specify an IAM group that should be added to sudo
0c2ecee
@mvanbaak
Add assumerole to install.sh
18c68c6
@mvanbaak
Document how to setup cross account access
5d13b72
@mvanbaak
Use same markdown style as the README.md
0425e3f
@mvanbaak
Default to import all IAM users and update install.sh to explain how …
fb3735d 
…to limit the IAM groups to import
@mvanbaak
Make the LOCAL_GROUPS optional and document in install.sh
3b4d044
@mvanbaak
Handle iam users with a dash in the name
0d8260f
@mvanbaak
Remove users no longer in the IAM groups we give access to the instance
9b798e0
@mvanbaak
Handle the situation where a user is in more then one IAM group we wa…
85d0722 
…nt to sync
@mvanbaak
use full path to usermod binary
0f4a465
@mvanbaak
some more absolute paths to binaries that are normally not in the $PA…
afeae26 
…TH of cron
@mvanbaak
And use absolute path to groupadd as well since cron could not find it
2ab1b06
@mvanbaak
fix typo
26eb008
@magnusewe magnusewe mentioned this pull request Mar 20, 2017
Merged
@magnusewe
Copy link

Great work! Regarding 0d8260f, why would you not allow hyphens in usernames? For example there is the default ec2-user in AWS.

@mvanbaak
Copy link
Contributor Author

You are right. It's something we have internally as 'rule' but it should be removed from this opensource version. Thanks for spotting it. Will undo that commit from my branch.

@michaelwittig michaelwittig mentioned this pull request Mar 28, 2017
Closed
shinenelson
shinenelson approved these changes Apr 3, 2017
View reviewed changes
Copy link
Contributor

@shinenelson shinenelson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work @mvanbaak. Your code quality is amazing! Keep up the good work!

@michaelwittig michaelwittig merged commit 5831d02 into widdix:master Apr 4, 2017
@michaelwittig michaelwittig mentioned this pull request Apr 4, 2017
Closed
This was referenced Apr 4, 2017
Closed
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@shinenelson shinenelson shinenelson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@mvanbaak @magnusewe @shinenelson @michaelwittig