Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Duration flag now sets the duration of the access request #663

Merged
merged 2 commits into from
May 21, 2024
Merged

Duration flag now sets the duration of the access request #663

merged 2 commits into from
May 21, 2024

Conversation

ckluy31
Copy link
Contributor

@ckluy31 ckluy31 commented May 17, 2024
edited
Loading

What changed?

This PR allows the duration flag to set the duration of the access request, provided that the duration set is lower than the maximum permissible duration

Why?

How did you test it?

Testing assume with no duration set

calvinluy➜~/Git/granted(calvin/cf-3187-granted-cli-should-use-default-duration-rather-than-max✗)» dassume                                                                                             [18:26:14]

? Please select the profile you would like to assume: Audit/AWSAdministratorAccess                                  
[i] To assume this profile again later without needing to select it, run this command:
> assume Audit/AWSAdministratorAccess 
[i] You don't currently have access to Audit/AWSAdministratorAccess, checking if we can request access...       [target=AWS::Account::"125928628396", role=AWSAdministratorAccess, url=http://localhost:9090]
[WILL ACTIVATE] AWSAdministratorAccess access to Audit will be activated for 10m: http://localhost:8080/access/requests/req_2giwE2c9w2uHbVlbWGSY1EiZihW
[i] Access::Grant::"gra_2giwDzLTT5GlZapHPhOG71sXPxQ": All access is allowed
? Apply proposed access changes Yes
[i] Attempting to grant access...
[i] Access::Grant::"gra_2giwF3pmHqkZulfONoQkd0ecG9V": All access is allowed
[ACTIVATED] AWSAdministratorAccess access to Audit was activated for 3m: http://localhost:8080/access/requests/req_2giwF664sgk0ngJinUJrSvkRwb2
[i] Access::Grant::"gra_2giwF3pmHqkZulfONoQkd0ecG9V": All access is allowed
[✔] [Audit/AWSAdministratorAccess](ap-southeast-2) session credentials will expire in 1 hour

Testing assume with duration that is lower than max duration

calvinluy➜~/Git/granted(calvin/cf-3187-granted-cli-should-use-default-duration-rather-than-max✗)» dassume --duration 6m                                                                               [18:27:13]

? Please select the profile you would like to assume: Audit/AWSAdministratorAccess                                  
[i] To assume this profile again later without needing to select it, run this command:
> assume Audit/AWSAdministratorAccess --duration 6m
[i] You don't currently have access to Audit/AWSAdministratorAccess, checking if we can request access...       [target=AWS::Account::"125928628396", role=AWSAdministratorAccess, url=http://localhost:9090]
[WILL ACTIVATE] AWSAdministratorAccess access to Audit will be activated for 6m: http://localhost:8080/access/requests/req_2giwNnoRbJ83AlFAysAqvfq0slF
[i] Access::Grant::"gra_2giwNrH8ldDr6wJo62Jse85jR3b": All access is allowed
? Apply proposed access changes Yes
[i] Attempting to grant access...
[i] Access::Grant::"gra_2giwO8WRZJSjUbtxGF0ZdoS0VAb": All access is allowed
[ACTIVATED] AWSAdministratorAccess access to Audit was activated for 6m: http://localhost:8080/access/requests/req_2giwO738J9VARgFWCRb7VDpixp3
[i] Access::Grant::"gra_2giwO8WRZJSjUbtxGF0ZdoS0VAb": All access is allowed
[✔] [Audit/AWSAdministratorAccess](ap-southeast-2) session credentials will expire in 1 hour

Testing assume with duration higher than max duration

calvinluy➜~/Git/granted(calvin/cf-3187-granted-cli-should-use-default-duration-rather-than-max✗)» dassume --duration 79m                                                                              [18:29:52]

? Please select the profile you would like to assume: Audit/AWSAdministratorAccess                                  
[i] To assume this profile again later without needing to select it, run this command:
> assume Audit/AWSAdministratorAccess --duration 79m
[i] You don't currently have access to Audit/AWSAdministratorAccess, checking if we can request access...       [target=AWS::Account::"125928628396", role=AWSAdministratorAccess, url=http://localhost:9090]
[✘] error authorizing access: override duration cannot be greater than max duration. 10m0s
[✘] no access changes

Potential risks

Is patch release candidate?

Link to relevant docs PRs

@ckluy31 ckluy31 marked this pull request as ready for review May 20, 2024 08:31
@ckluy31 ckluy31 changed the title (WIP) Duration flag now sets the duration of the access request Duration flag now sets the duration of the access request May 20, 2024
@chrnorm chrnorm merged commit 4fee002 into main May 21, 2024
3 checks passed
@chrnorm chrnorm deleted the calvin/cf-3187-granted-cli-should-use-default-duration-rather-than-max branch May 21, 2024 08:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JoshuaWilkes JoshuaWilkes JoshuaWilkes approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ckluy31 @JoshuaWilkes @chrnorm