search

Versent / saml2aws

CLI tool which enables you to login and retrieve AWS temporary credentials using a SAML IDP
https://github.com/Versent/saml2aws
MIT License
2.09k stars 563 forks source link

Implement assume-time policy limiting #1342

Closed eldondevat closed 2 months ago

eldondevat commented 2 months ago

When an STS token is acquired, it's possible to use supplemental policies to limit the permissions of the token. One example use might be assuming an administrative role, but limiting the permissions to a read-only or security-review scope to use to provided credentials in an auditing tool. This PR implements assume-time limiting of permissions with additional managed policies or a local policy document.

codecov-commenter commented 2 months ago

:warning: Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

Attention: Patch coverage is 0% with 16 lines in your changes missing coverage. Please review.

Project coverage is 28.98%. Comparing base (99d6fe4) to head (f4a0d2e). Report is 88 commits behind head on master.

Files with missing lines Patch % Lines
cmd/saml2aws/commands/login.go 0.00% 10 Missing :warning:
pkg/flags/flags.go 0.00% 2 Missing and 2 partials :warning:
cmd/saml2aws/main.go 0.00% 2 Missing :warning:

:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #1342 +/- ## =========================================== - Coverage 42.19% 28.98% -13.21% =========================================== Files 54 70 +16 Lines 6456 9663 +3207 =========================================== + Hits 2724 2801 +77 - Misses 3283 6391 +3108 - Partials 449 471 +22 ``` | [Flag](https://app.codecov.io/gh/Versent/saml2aws/pull/1342/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Versent) | Coverage Δ | | |---|---|---| | [unittests](https://app.codecov.io/gh/Versent/saml2aws/pull/1342/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Versent) | `28.98% <0.00%> (-13.21%)` | :arrow_down: | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Versent#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

mapkon commented 2 months ago

@eldondevat The linter is failing - can you take a look?