floatingatoll
commented
3 years ago The reluctance I have is, I can't assert that the list of subentries under identities is complete.
Added to (a new) WIP list.
Open floatingatoll opened 3 years ago
floatingatoll
commented
3 years ago The reluctance I have is, I can't assert that the list of subentries under identities is complete.
Added to (a new) WIP list.
floatingatoll
commented
3 years ago I think it's actually complete, so, r+
Thanks for the link. Agreed, added r+.
@dividehex Do you see any issues with these changes that might not be obvious to either of us? This is low likelihood, but there's not many folks with domain knowledge, so I thought I'd ask.
floatingatoll
commented
3 years ago Note that the tests appear to be failing due to some sort of mismatch between the expectations of the tests, and the reality of our permissions, so that's either a good sign (these changes are to a meaningful file) and/or a bad sign (these changes require code spelunking and test review).
We found in IAM-866 that the CIS publisher rules don't seem to line up with what we're expecting CIS to do. #523 offers up a set of fixes that we should check against the work done with the LDAP-to-CIS scripts during IAM work week, so this PR starts from that point and opens up with review requests to get the ball rolling.
(CI is temporarily broken; #529, #530)
TODO