Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Param bound #7502

Merged
merged 42 commits into from
Jun 10, 2021
Merged

Param bound #7502

merged 42 commits into from
Jun 10, 2021

Conversation

edwardfoyle
Copy link
Contributor

Description of changes

Reopening #7144

Adds a new advanced project configuration option to specify a permissions boundary that will be applied to all IAM roles in the project. This is broken into 3 components:

  1. add a permissions boundary state manager to amplify-cli-core
  2. add a prompt to amplify configure project that writes the boundary to the state manager
  3. adds a permissions boundary template modifier to the pre-push cloudformation transformer that reads the value from the state manager and applies it to cfn templates

Issue #, if available

#4618

Description of how you validated changes

Manually validated as well as unit tested and e2e tested

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

rajrajhans and others added 30 commits April 12, 2021 10:21
@rajrajhans @edwardfoyle
fix(amplify-provider-awscloudformation): fix tests failing due to sys…
6f0c6c7 
…tem-config-manager.js (aws-amplify#7053)
@edwardfoyle
feat: s3 sse by default
7228ddb
@edwardfoyle
chore: fix init push issue
707a370
@edwardfoyle
chore: cleanup
d960307
@edwardfoyle
test: whole lotta tests
aab7976
@edwardfoyle
test: update nondeterministic test
61659bc
@edwardfoyle
fix: serialize modifiers and improve test error handling
733301d
@edwardfoyle
fix: add parameterization to ResourceModifier
921038e
@edwardfoyle
fix: add type to sig
a71caab
@edwardfoyle
test: update test with new modifier structure
2a59d5a
@edwardfoyle
test: fix test
7561636
@edwardfoyle
feat: add permission boundary to IAM roles
2fe4187
@edwardfoyle
fix: update iam role modifier
abba2a2
@edwardfoyle
Merge remote-tracking branch 'upstream/master' into param-bound
dd28cf3
@edwardfoyle
test: add e2e test for perm bound
838f7dc
@edwardfoyle
test: add unit tests for perm bound modifier
08d81a5
@edwardfoyle
fix: fix regex
da7a4e7
@edwardfoyle
feat: switch to env-specific config
f51ebdd
@edwardfoyle
chore: dumping env perm bound changes
afbc857
@edwardfoyle
feat: fixup env-specific config and add headless support
70f85c4
@edwardfoyle
Merge remote-tracking branch 'upstream/master' into param-bound
f5fa7e2
@edwardfoyle
chore: cleaning up things
0e09990
@edwardfoyle
test: more unit tests and e2e test
68228f3
@edwardfoyle
test: small test tweaks
91ef0c4
@edwardfoyle
Merge remote-tracking branch 'upstream/master' into param-bound
1eea72e
@edwardfoyle
chore: reverting some unintentional linting changes
4099db4
@edwardfoyle
fix: add update to env help text
56e10c8
@edwardfoyle
test: add mock
cbe9a0f
@edwardfoyle
chore: address PR comments
9ff685b
@edwardfoyle
Merge remote-tracking branch 'upstream/master' into param-bound
ccfd139
@edwardfoyle edwardfoyle requested a review from a team as a code owner June 10, 2021 21:20
@codecov-commenter
Copy link

Codecov Report

Merging #7502 (9be7bce) into master (4f8b5b6) will increase coverage by 0.11%.
The diff coverage is 78.83%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #7502      +/-   ##
==========================================
+ Coverage   52.68%   52.79%   +0.11%     
==========================================
  Files         519      523       +4     
  Lines       26012    26137     +125     
  Branches     5085     5113      +28     
==========================================
+ Hits        13704    13800      +96     
- Misses      11334    11368      +34     
+ Partials      974      969       -5
Impacted Files Coverage Δ
packages/amplify-cli/src/commands/env.ts 80.55% <ø> (ø)
...y-provider-awscloudformation/src/push-resources.ts 9.92% <0.00%> (-0.02%) ⬇️
packages/amplify-util-mock/src/func/index.ts 94.11% <0.00%> (ø)
...rovider-awscloudformation/src/aws-utils/aws-iam.ts 27.27% <27.27%> (ø)
...extensions/amplify-helpers/get-provider-plugins.ts 47.05% <33.33%> (-36.28%) ⬇️
...ackages/amplify-cli/src/init-steps/s9-onSuccess.ts 15.00% <50.00%> (+0.85%) ⬆️
...lify-provider-awscloudformation/src/initializer.ts 51.90% <85.71%> (ø)
...n/src/permissions-boundary/permissions-boundary.ts 89.65% <89.65%> (ø)
...s/amplify-cli-core/src/permissionsBoundaryState.ts 96.00% <96.00%> (ø)
packages/amplify-cli-core/src/index.ts 96.00% <100.00%> (+0.16%) ⬆️
... and 8 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4f8b5b6...9be7bce. Read the comment docs.

@akshbhu akshbhu merged commit 08f7a3c into aws-amplify:master Jun 10, 2021
@github-actions
Copy link

👋 Hi, this pull request was referenced in the v5.0.0 release!

Check out the release notes here https://github.com/aws-amplify/amplify-cli/releases/tag/v5.0.0.

@github-actions github-actions bot added the referenced-in-release Issues referenced in a published release changelog label Jun 15, 2021
cjihrig pushed a commit to ctjlewis/amplify-cli that referenced this pull request Jul 12, 2021
@edwardfoyle @rajrajhans @cjihrig-aws
feat: Define IAM Permissions Boundary for Project (aws-amplify#7502) …
8b9958a 
…(ref aws-amplify#4618)

* fix(amplify-provider-awscloudformation): fix tests failing due to system-config-manager.js (aws-amplify#7053)

* feat: s3 sse by default

* chore: fix init push issue

* chore: cleanup

* test: whole lotta tests

* test: update nondeterministic test

* fix: serialize modifiers and improve test error handling

* fix: add parameterization to ResourceModifier

* fix: add type to sig

* test: update test with new modifier structure

* test: fix test

* feat: add permission boundary to IAM roles

* fix: update iam role modifier

* test: add e2e test for perm bound

* test: add unit tests for perm bound modifier

* fix: fix regex

* feat: switch to env-specific config

* chore: dumping env perm bound changes

* feat: fixup env-specific config and add headless support

* chore: cleaning up things

* test: more unit tests and e2e test

* test: small test tweaks

* chore: reverting some unintentional linting changes

* fix: add update to env help text

* test: add mock

* chore: address PR comments

* chore: use module var instead of global var

* chore: rename permission boundary -> permissions boundary

* fix: merge tpi instead of overwrite

* chore: remove newline

* fix: load creds for new env when checking policy

* fix: test fixes

* test: fix unit tests

* test: fix profile selection

* fix: change permissions boundary success text

Co-authored-by: Raj Rajhans <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@attilah attilah attilah approved these changes

Assignees
No one assigned
Labels
referenced-in-release Issues referenced in a published release changelog
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@edwardfoyle @codecov-commenter @attilah @akshbhu @rajrajhans