-
Notifications
You must be signed in to change notification settings - Fork 336
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
returns boolean if a user has access to console login #2012
returns boolean if a user has access to console login #2012
Conversation
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 3m 48s |
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 5m 22s |
@valkiriaaquatica thanks for your contribution to this repository. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just minor updates to return the full LoginProfile
information in the output, as this should be necessary for other use cases
Docs Build 📝Thank you for contribution!✨ This PR has been merged and your docs changes will be incorporated when they are next published. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apologies for the significant change requests, the IAM modules have recently been subject to some refactoring work including adding decorators for some of the common error handling code.
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 5m 13s |
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 5m 38s |
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 5m 27s |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just minor change in the changelog fragment
I have added that now return in the return json the parameter console_access in boolean format to know if the user has or not access to login by console to the account. It can be used in cases where you only want users to access with keys or by landing zones...
Co-authored-by: Bikouo Aubin <[email protected]>
Co-authored-by: Bikouo Aubin <[email protected]>
Co-authored-by: Bikouo Aubin <[email protected]>
Co-authored-by: Mark Chappell <[email protected]>
Co-authored-by: Mark Chappell <[email protected]>
instead of boolean it returns user info so if a user has console access info will be returned Co-authored-by: Mark Chappell <[email protected]>
Co-authored-by: Bikouo Aubin <[email protected]>
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 5m 38s |
@valkiriaaquatica thanks for the efforts you've put into this. Don't worry about the docs, it's my fault and I'll get them written. This isn't my day job so there's a certain amount of "getting around to it" involved (and everyone knows that writing code is more interesting than docs and tests :) ). |
Build succeeded (gate pipeline). ✔️ ansible-galaxy-importer SUCCESS in 5m 01s |
8b138e3
into
ansible-collections:main
Backport to stable-7: 💚 backport PR created✅ Backport PR branch: Backported as #2023 🤖 @patchback |
returns boolean if a user has access to console login Summary I've introduced a new feature that includes in the response a console_access parameter, which is a boolean indicating whether an iam user has the ability to log in through the AWS console. This addition is particularly useful for scenarios where administrative constraints require users to access AWS services exclusively via API keys or through controlled environments, such as landing zones, without using the AWS console login interface. Issue Type Feature Pull Request Component Name: botocore includes the botocore interaction, specifically regarding the console_access information retrievals Additional Information With this update, the module now provides visibility into whether an IAM user is permitted console access. This could be pivotal for enforcing stricter security protocols, ensuring users do not bypass VPN requirements, API keys, or other access control measures by logging in through the AWS console Before the change a normal response: { "arn": "arn:aws:iam::11111111:user/terraform", "create_date": "2018-04-18T14:12:44+00:00", "path": "/", "tags": {}, "user_id": "12345abcd", "user_name": "terraform" } After the change: { "arn": "arn:aws:iam::11111111:user/terraform", "console_access": false, "create_date": "2018-04-18T14:12:44+00:00", "path": "/", "tags": {}, "user_id": "12345abcd", "user_name": "terraform" } Reviewed-by: Bikouo Aubin Reviewed-by: Mark Chappell (cherry picked from commit 8b138e3)
[PR #2012/8b138e39 backport][stable-7] returns boolean if a user has access to console login This is a backport of PR #2012 as merged into main (8b138e3). Summary I've introduced a new feature that includes in the response a console_access parameter, which is a boolean indicating whether an iam user has the ability to log in through the AWS console. This addition is particularly useful for scenarios where administrative constraints require users to access AWS services exclusively via API keys or through controlled environments, such as landing zones, without using the AWS console login interface. Issue Type Feature Pull Request Component Name: botocore includes the botocore interaction, specifically regarding the console_access information retrievals Additional Information With this update, the module now provides visibility into whether an IAM user is permitted console access. This could be pivotal for enforcing stricter security protocols, ensuring users do not bypass VPN requirements, API keys, or other access control measures by logging in through the AWS console Before the change a normal response: { "arn": "arn:aws:iam::11111111:user/terraform", "create_date": "2018-04-18T14:12:44+00:00", "path": "/", "tags": {}, "user_id": "12345abcd", "user_name": "terraform" } After the change: { "arn": "arn:aws:iam::11111111:user/terraform", "console_access": false, "create_date": "2018-04-18T14:12:44+00:00", "path": "/", "tags": {}, "user_id": "12345abcd", "user_name": "terraform" } Reviewed-by: Alina Buzachis Reviewed-by: Helen Bailey <[email protected]>
fix unsafe asserts SUMMARY Closes ansible-collections#2012 ISSUE TYPE Bugfix Pull Request COMPONENT NAME integrationtests Reviewed-by: Mark Chappell Reviewed-by: Alina Buzachis This commit was initially merged in https://github.com/ansible-collections/community.aws See: ansible-collections/community.aws@4bdcecd
fix unsafe asserts SUMMARY Closes ansible-collections#2012 ISSUE TYPE Bugfix Pull Request COMPONENT NAME integrationtests Reviewed-by: Mark Chappell Reviewed-by: Alina Buzachis This commit was initially merged in https://github.com/ansible-collections/community.aws See: ansible-collections/community.aws@4bdcecd
fix unsafe asserts SUMMARY Closes ansible-collections#2012 ISSUE TYPE Bugfix Pull Request COMPONENT NAME integrationtests Reviewed-by: Mark Chappell Reviewed-by: Alina Buzachis This commit was initially merged in https://github.com/ansible-collections/community.aws See: ansible-collections/community.aws@4bdcecd
fix unsafe asserts SUMMARY Closes ansible-collections#2012 ISSUE TYPE Bugfix Pull Request COMPONENT NAME integrationtests Reviewed-by: Mark Chappell Reviewed-by: Alina Buzachis This commit was initially merged in https://github.com/ansible-collections/community.aws See: ansible-collections/community.aws@4bdcecd
fix unsafe asserts SUMMARY Closes ansible-collections#2012 ISSUE TYPE Bugfix Pull Request COMPONENT NAME integrationtests Reviewed-by: Mark Chappell Reviewed-by: Alina Buzachis This commit was initially merged in https://github.com/ansible-collections/community.aws See: ansible-collections/community.aws@4bdcecd
Summary
I've introduced a new feature that includes in the response a console_access parameter, which is a boolean indicating whether an iam user has the ability to log in through the AWS console. This addition is particularly useful for scenarios where administrative constraints require users to access AWS services exclusively via API keys or through controlled environments, such as landing zones, without using the AWS console login interface.
Issue Type
Component Name: botocore
includes the botocore interaction, specifically regarding the console_access information retrievals
Additional Information
With this update, the module now provides visibility into whether an IAM user is permitted console access. This could be pivotal for enforcing stricter security protocols, ensuring users do not bypass VPN requirements, API keys, or other access control measures by logging in through the AWS console
Before the change a normal response:
After the change: