Open dblackhall-tyro opened 3 weeks ago
I believe we need to modify the filterByTargetRole
generation process. It doesn't seem to work correctly when the path consists of multiple parts. For instance, if a role path is structured like /company/dept/roleName
, the current implementation might not handle it properly.
Additionally, when logging in with federated credentials, does the Management Console display usernames with paths that consist of multiple parts?
Example:
/company/dept/
company/dept/roleName
I believe we need to modify the filterByTargetRole generation process. It doesn't seem to work correctly when the path consists of multiple parts. For instance, if a role path is structured like /company/dept/roleName, the current implementation might not handle it properly.
Going back and looking at the code again I think I understand what you mean. Should I move the logic into the convertComplexTarget
function?
Additionally, when logging in with federated credentials, does the Management Console display usernames with paths that consist of multiple parts?
This I can be helpful with. The management console displays only the roleName e.g roleName/dblackhall@example.com
In my organisation some roles have been created with paths: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names
This PR extends the matching logic to match on roles with a path