dataall icon indicating copy to clipboard operation
dataall copied to clipboard
verified publisher icon data-dot-all

[Gh 884] IAM policy splitting for requestor IAM policies

Open TejasRGitHub opened this issue 1 year ago • 2 comments

Feature or Bugfix

  • Feature

Detail

  • Updates the process of modifying the IAM policies after approve / revoke to add / delete resources and also split the policies into chunks
  • Updates the managed IAM policies to have indexes at the end
  • Contains backward compatibility and other additional checks to make sure correct policies are created and older policies are deleted
  • Contains a UI update to address this issue - https://github.com/data-dot-all/dataall/issues/1459

Relates

  • https://github.com/data-dot-all/dataall/issues/884
  • https://github.com/data-dot-all/dataall/issues/1459

Security

Please answer the questions below briefly where applicable, or write N/A. Based on OWASP 10.

  • Does this PR introduce or modify any input fields or queries - this includes fetching data from storage outside the application (e.g. a database, an S3 bucket)? No
    • Is the input sanitized?
    • What precautions are you taking before deserializing the data you consume?
    • Is injection prevented by parametrizing queries?
    • Have you ensured no eval or similar functions are used?
  • Does this PR introduce any functionality or component that requires authorization? No
    • How have you ensured it respects the existing AuthN/AuthZ mechanisms?
    • Are you logging failed auth attempts?
  • Are you using or adding any cryptographic features? No
    • Do you use a standard proven implementations?
    • Are the used keys controlled by the customer? Where are they stored?No
  • Are you introducing any new policies/roles/users? yes
    • Have you used the least-privilege principle? How? yes

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

TejasRGitHub avatar Oct 17 '24 19:10 TejasRGitHub

Can we fix the integration tests? Why are they failing?

anushka-singh avatar Oct 21 '24 15:10 anushka-singh

@dlpzx , pushed updated PR. Integration tests are failing and will fix them once the PR is reviewed and in a good shape.

TejasRGitHub avatar Oct 24 '24 00:10 TejasRGitHub

@dlpzx , I have updated the PR and replied to your comments where I thought more discussion is needed.

I have updated the tests that I had done while submitting the PR. I will perform those tests once the PR is ready for merging. Also, I will fix all the integration test which are failing once the PR is in good shape.

Thanks Again for taking the time to review and providing your insightful review comments

TejasRGitHub avatar Oct 30 '24 18:10 TejasRGitHub

Hi @dlpzx , I have updated the PR and fixed unit tests. ✅ . Also , I have tested the code with the test cases ( as described in the PR details section ). I have updated the PR with a few code changes - for some fixes I found during testing - and also refactored code to simplify. Can you please take a look at the latest changes and let me know if this PR still looks good

TejasRGitHub avatar Nov 05 '24 00:11 TejasRGitHub

@petrkalos , @dlpzx , Thanks for approving this PR. I have resolved the merge conflicts which were present.

TejasRGitHub avatar Jan 30 '25 17:01 TejasRGitHub