felipemadeiros-5a
commented
1 year ago LGTM
Closed rogerfdias closed 1 year ago
felipemadeiros-5a
commented
1 year ago LGTM
patricksanders
commented
1 year ago Thanks!
patricksanders
commented
1 year ago Oh shoot I misunderstood the change here. This was correct before -- details.get('IsTruncated', False) means that it will return False if IsTruncated is missing from details. Without this, we could end up in an infinite loop if IsTruncated is missing from the API response. Going to open a PR to revert the change.
rogerfdias
commented
1 year ago Oh shoot I misunderstood the change here. This was correct before --
details.get('IsTruncated', False)means that it will returnFalseifIsTruncatedis missing fromdetails. Without this, we could end up in an infinite loop ifIsTruncatedis missing from the API response. Going to open a PR to revert the change.
When I tried with details.get('IsTruncated', False) from my Aardvark fork, Aardvark just collected the 200 services from a role that has '*' for the services. When I update for details.get('IsTruncated', True), Aardvark started to collect all the 393 services of the role.
So this parameter IsTruncated for get_service_last_accessed_details is not show for all the responses ?
I`ll do more tests here.
Fixing parameter from Get Access Detaill.
The correct parameter when a role has more than 200 service is "IsTruncate" and needs to be true as says this documentation:
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/iam/client/get_service_last_accessed_details.html
If the current configuration has a role that has more than 200 services, Repokid will think that this role is not using some services that doesn`t have in the database aardvark as aardvark is not able to collect all services from the role due this limitation of the parameter.