Closed sckott closed 5 months ago
> aws_bucket_add_user("test1-2024-03-15", "jeff", "read")
✔ jeff now has read access to bucket test1-2024-03-15
Warning message:
Unknown or uninitialised column: `PolicyName`.
Seemed to have worked though:
> aws_bucket_get_permissions("test1-2024-03-15")
# A tibble: 3 × 2
user permissions
<chr> <chr>
1 jeff read
2 scott admin
3 sean admin
Warning message: Unknown or uninitialised column:
PolicyName
.
Thanks i'll take a look at that warning
That warning is fixed now
This looks good and is working well for me. In terms of the discussion items:
what should these fxns return? right now they're not returning anything, or at least not on purpose.
Good question I don't know for sure. Whatever it returns it should probably be invisible. Maybe we should look at usethis for ideas since it's also meant to be used interactively and the main thing it "returns" is messages to the user.
i assume we treat admin group permissions different from user specific permissions for a bucket, yes?
Yes, I don't have ambitions to wade deeply into this, especially not inn v0.1
do the actions allowed in s3_actions_read and s3_actions_full look good? or different ones for default? they are based on the aws managed policies for read and full access, respectively
I will get back to you in an issue and edit this comment so it's tagged here.
note that creating a policy document is different for S3 buckets because buckets are globally unique - so I created a new fxn for just s3 to create policy documents
Sounds and looks good to me.
WRT what to return from fxns:
usethis
just returns invisible()
e.g., here usethis
does and make sure to do invisible()
instead of the cli message@seankross okay - fxns are returning invisble now. I still need to:
aws_bucket_change_user
actually work@seankross okay, aws_bucket_change_user
is useable now. i still need to
aws_bucket_change_user
but you can still try it
One important note: Given the desire for a simple interface to permissions - just read and write - these functions will probably only work if users do not edit their own policies and then try to use these functions. As you've seen there's no simple mapping from the policies to read or write, so we make some shortcuts here to make it possible. Just something to be aware of
Additional fun needed:
paws
has a function create_access_key(UserName)
@seankross can you test out the new fxn aws_user_creds
? note the copy to clipboard is default not turned on, set copy_to_cp = TRUE
to use it. I'm not sure if we should have it on by default or not. And please look at the output it give sin the clipboard and whether you think it should be changed at all.
the workflow you talked about with function names:
aws_user_create()
- create the useraws_bucket_add_user()
- add that user to some bucketsaws_user_creds()
- send that user their keysTo start:
aws_user_creds()
has a very nice message and should therefore probaly return invisibly.usethis::edit_r_environ()
?more to come
Thanks. We could return invisibly - but do you think there's a use case for doing something downstream with the keys? Which is harder if they have to copy/paste them from a message.
Yeah, seems like a good idea on edit_r_environ
Please also take a look at the docs for aws_user_creds
@seankross aws_user_creds()
now returns invisible, and added the note about r environ edit
Oof sorry I did't communicate this clearly: I liked the object that aws_user_creds
returned, I just thought it would look cleaner in the R console if it returned that same object but returned it invisibly.
fixed
@sckott whenever we print the dev keys to the console can we print the AWS region too? I know that's copied into the clipboard, but I feel like putting it in the console wouldn't hurt.
@seankross will do
@sckott overall looks good to me, merge at your discretion.
@seankross waiting to merge this until we merge more-magic into this branch
🚀 Deployed on https://deploy-preview-43--teal-chaja-b4836e.netlify.app
some discussion items:
s3_actions_read
ands3_actions_full
look good? or different ones for default? they are based on the aws managed policies for read and full access, respectively