Comments (2)
Eric Miller
Slack link
Hello, I have a UX note/question for assumed roles. Essentially, I have two profiles.
SSO profile. This assumes by IdentityCenter role.
Assumed role. This uses profile 1 to assume another role.
Role #1 has credential_process = granted .... Role #2 does not. This has the effect that, when running assume profile-2, all of the env vars (e.g. session token) are exported.
This has the effect that, when using assume , the credentials expire after 1h due to role chaining timeouts. I've been using export AWS_PROFILE= exclusively, but I'd rather if the folks I support could just use assume and get the "easy" result.Two thoughts on how this could be implemented.
One, we could implement a recursive function to implement this by default. Check the role assumption chain to see if anything uses credential_process.isCredentialProcess(profile) -> bool: if profile.sourceProfile is not None: return isCredentialProcess(getProfile(sourceProfile)) return profile.credential_process is not None
Two, we could implement a flag in the profile itself, e.g. granted_default_no_export = true that would have the same effect as credential_process on what variables are exported.
from granted.
The recursive function should probably also keep track of the set of profile names in the stack, in order to check for a loop.
from granted.
Related Issues (20)
- Support populating required variable with fixed value
- Deleting auto created chrome profile causes assume -c to stop working HOT 1
- Panic interface {} is nil, not string
- Security Vulnerability - Lateral Movement HOT 4
- AWS command hanging after assume when running on WSL HOT 1
- Feature request: Introducing “sudo” functionality into Granted HOT 1
- Update documentation - Granted does not work with Session Manager Plugin out of the box
- Assumed Role - Randomized UserId gntd-<random-suffix>
- Support refreshable AWS SSO sessions HOT 1
- Unclear warning with no way to quiet the error text. HOT 2
- Registry: MOTD
- Add the role that was retrieved to the error message when role assumption fails (AWS)
- Feature Request: Automatically populate [Default] with assumed profile HOT 7
- IAM Federated logins (console) should have easily attributable username in Cloudtrail list view.
- BaseProfile variable defined in config.yml for Profile Registries does not work
- Add option to clear the whole Granted cache
- [Feature request] Use a specific browser profile for authentication HOT 5
- File keychain backend should bail in credential process rather than hanging HOT 1
- Prefix-Duplicate-Profiles flag not respected
- Discrepancy in the behavior when '--save-to' and '--export' flags are used together
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from granted.