Limit on number of roles

[hjkatz]

Extension Version

1.7.6

Description

I think there's a limit somewhere on the number of roles that can be added into the custom key section for a user profile.

For whatever reason I cannot add more than 9 roles, either through the UI or via the config (by explicitly going through and adding one at a time and shuffling them around).

I have a very large config, but I think I could share snippets if you want. I wanted to ask first if you had any idea what might be going on?

Browsers

Chrome

OS

Mac

[WTFender]

@hjkatz its likely a browser storage limit that has been on my radar. I've run into it with larger configs as well.

Approximately how many profiles / permission sets do you have custom settings for? Dozens, hundreds?

[hjkatz]

$ cat new_config.json| jq '.appProfiles | length'
82

$ cat new_config.json| jq '.iamLogins | length'
1

$ cat new_config.json| jq '.settings | length'
9

$ cat new_config.json| jq '.users[0].custom.profiles | length'
64

I think there are custom settings for ~35 profiles.

I also noticed that there are some p-abcd1234 ids that are in appProfiles but not in custom.profiles, which I found odd.

[hjkatz]

Also I'm having trouble interacting with the extension's storage. Do you have a recommendation where I can view it, edit it, or interact with it via a browser console or cli?

[WTFender]

@hjkatz appProfiles is your complete list of permission sets - if you're logging in with multiple users/AWS SSO directories, this will be appProfiles from all of those users/dirs.

The custom.profiles only includes appProfiles that you've set custom values for (the user's customizations).

I use this chrome extension for debugging storage, but based on what you've shared, it's definitely hitting limits. Also the configuration JSON you see is compiled from a few different storage objects.

https://chromewebstore.google.com/detail/storage-area-explorer/ocfjjjjhkpapocigimmppepjgfdecjkb

I can take a peek into this later today - hopefully an easy refactoring to undo the limit.

[hjkatz]

@WTFender I would be most grateful if you took a look.

For now we worked around this by using a combination of roles approach:

1. First we have our users use SSO extender to login to an Account
2. Then we have them click a "switch roles" link that we have in a table: https://repost.aws/knowledge-center/iam-user-role-link

This works well for our non-technical users.

[hjkatz]

Oh! And another idea we wanted to try, but weren't very successful with, is trying to do minimal configs or subsets of the custom field. If you have any ideas down that approach I'm interested too.

Thanks again and enjoy your weekend!

[WTFender]

@hjkatz I added a setting to control whether your user customizations are saved in local or sync storage; this increases the max JSON size from 8kb to 10MB, which should let you add a ton more roles.

It's enabled by default, so you'll need to uncheck the setting:

That said, I'll probably figure out a better way to enable sync with more data.

[hjkatz]

So this seems to work when I add roles via the UI, but not when I try to upload a new config.json (the full thing).

[WTFender]

@hjkatz Just confirming, you mean copy/pasting the whole JSON into the "Edit Profile" area and saving, right?

Are you seeing the Unable to save config JSON. message? Or does it just do nothing?

Thanks!

[hjkatz]

Yes, and it just does nothing. No messages popup or are in the console.

[WTFender]

@hjkatz I still need to fix a few bugs, but there should be a new version today/tomorrow with a new settings page & working config importer.

I've removed all of the unnecessary stuff from the config to make it simpler to simply export & share them; with the intent of making user onboarding easier.

Example:

{
  "user": {
    "displayName": "",
    "sessionLabelSso": "{{user}}/{{profile}} @ {{account}}",
    "sessionLabelIam": "{{user}}/{{role}} @ {{account}} via {{profile}}",
    "colorDefault": "222f3e",
    "colorFooter": true,
    "colorHeader": true,
    "labelFooter": true,
    "labelHeader": true,
    "labelIcon": false,
    "profiles": {
      "p-7977aadd145dad95": {
        "color": "",
        "label": null,
        "favorite": false,
        "iamRoles": [
          {
            "profileId": "p-7977aadd145dad95",
            "accountId": "391785637824",
            "roleName": "KubernetesAdmin",
            "color": "ff0040",
            "label": "KubeAdmin"
          }
        ]
      },
      "p-b90e4f53476ba443": {
        "color": "",
        "label": null,
        "favorite": false,
        "iamRoles": [
          {
            "profileId": "p-b90e4f53476ba443",
            "accountId": "391785637824",
            "roleName": "KubernetesAdmin",
            "color": "ff0040",
            "label": "KubeAdmin"
          }
        ]
      },
      "p-c6c901f1ab79d4b6": {
        "favorite": false,
        "label": null,
        "iamRoles": [],
        "color": "097314",
        "icon": "❶"
      }
    },
    "hotkeys": {
      "openProfile1": "",
      "openProfile2": "",
      "openProfile3": ""
    }
  },
  "extension": {
    "defaultUser": "lastUserId",
    "enableSync": false,
    "lastUserId": "926707cb89-3005f226-4b86-4abb-996d-3c2702b0fe1a",
    "lastProfileId": null,
    "firefoxContainers": true,
    "iconColor": "red",
    "showReleaseNotes": false,
    "showAllProfiles": false,
    "tableSettings": {
      "showAllUsers": false,
      "showIamRoles": true,
      "showIcon": true,
      "sortCustom": false,
      "sortApp": "desc",
      "sortProfile": false
    },
    "updatedAt": 1707918319344
  }
}