This PR allows the duration flag to set the duration of the access request, provided that the duration set is lower than the maximum permissible duration
Why?
How did you test it?
Testing assume with no duration set
calvinluy➜~/Git/granted(calvin/cf-3187-granted-cli-should-use-default-duration-rather-than-max✗)» dassume [18:26:14]
? Please select the profile you would like to assume: Audit/AWSAdministratorAccess
[i] To assume this profile again later without needing to select it, run this command:
> assume Audit/AWSAdministratorAccess
[i] You don't currently have access to Audit/AWSAdministratorAccess, checking if we can request access... [target=AWS::Account::"125928628396", role=AWSAdministratorAccess, url=http://localhost:9090]
[WILL ACTIVATE] AWSAdministratorAccess access to Audit will be activated for 10m: http://localhost:8080/access/requests/req_2giwE2c9w2uHbVlbWGSY1EiZihW
[i] Access::Grant::"gra_2giwDzLTT5GlZapHPhOG71sXPxQ": All access is allowed
? Apply proposed access changes Yes
[i] Attempting to grant access...
[i] Access::Grant::"gra_2giwF3pmHqkZulfONoQkd0ecG9V": All access is allowed
[ACTIVATED] AWSAdministratorAccess access to Audit was activated for 3m: http://localhost:8080/access/requests/req_2giwF664sgk0ngJinUJrSvkRwb2
[i] Access::Grant::"gra_2giwF3pmHqkZulfONoQkd0ecG9V": All access is allowed
[✔] [Audit/AWSAdministratorAccess](ap-southeast-2) session credentials will expire in 1 hour
Testing assume with duration that is lower than max duration
calvinluy➜~/Git/granted(calvin/cf-3187-granted-cli-should-use-default-duration-rather-than-max✗)» dassume --duration 6m [18:27:13]
? Please select the profile you would like to assume: Audit/AWSAdministratorAccess
[i] To assume this profile again later without needing to select it, run this command:
> assume Audit/AWSAdministratorAccess --duration 6m
[i] You don't currently have access to Audit/AWSAdministratorAccess, checking if we can request access... [target=AWS::Account::"125928628396", role=AWSAdministratorAccess, url=http://localhost:9090]
[WILL ACTIVATE] AWSAdministratorAccess access to Audit will be activated for 6m: http://localhost:8080/access/requests/req_2giwNnoRbJ83AlFAysAqvfq0slF
[i] Access::Grant::"gra_2giwNrH8ldDr6wJo62Jse85jR3b": All access is allowed
? Apply proposed access changes Yes
[i] Attempting to grant access...
[i] Access::Grant::"gra_2giwO8WRZJSjUbtxGF0ZdoS0VAb": All access is allowed
[ACTIVATED] AWSAdministratorAccess access to Audit was activated for 6m: http://localhost:8080/access/requests/req_2giwO738J9VARgFWCRb7VDpixp3
[i] Access::Grant::"gra_2giwO8WRZJSjUbtxGF0ZdoS0VAb": All access is allowed
[✔] [Audit/AWSAdministratorAccess](ap-southeast-2) session credentials will expire in 1 hour
Testing assume with duration higher than max duration
calvinluy➜~/Git/granted(calvin/cf-3187-granted-cli-should-use-default-duration-rather-than-max✗)» dassume --duration 79m [18:29:52]
? Please select the profile you would like to assume: Audit/AWSAdministratorAccess
[i] To assume this profile again later without needing to select it, run this command:
> assume Audit/AWSAdministratorAccess --duration 79m
[i] You don't currently have access to Audit/AWSAdministratorAccess, checking if we can request access... [target=AWS::Account::"125928628396", role=AWSAdministratorAccess, url=http://localhost:9090]
[✘] error authorizing access: override duration cannot be greater than max duration. 10m0s
[✘] no access changes
What changed?
This PR allows the duration flag to set the duration of the access request, provided that the duration set is lower than the maximum permissible duration
Why?
How did you test it?
Testing assume with no duration set
Testing assume with duration that is lower than max duration
Testing assume with duration higher than max duration
Potential risks
Is patch release candidate?
Link to relevant docs PRs