Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding sso:CreateApplicationAssignment so can manage QS Groups via Console #7537

Merged
merged 1 commit into from
Jul 18, 2024
Merged

Adding sso:CreateApplicationAssignment so can manage QS Groups via Console #7537

merged 1 commit into from
Jul 18, 2024

Conversation

julialawrence
Copy link
Contributor

A reference to the issue / Description of it

ministryofjustice/analytical-platform#4271

We need to be able to add additional Identity Center groups to QuickSight but doing so via Terraform results in attempt to replace the whole subscription:
https://github.com/ministryofjustice/modernisation-platform-environments/actions/runs/9990342858/job/27610845085?pr=7138#step:11:703

We are raising a bug ticket with the aws provider but in the meantime we need to add additional groups to enable testing.

How does this PR fix the problem?

This SSO permission will allow us to add groups via the QuickSight admin console since the groupings are managed via Identity Center

How has this been tested?

It hasn't. It needs to be tested post-deployment. The specific permission was identified after a cloudtrail search.

Deployment Plan / Instructions

There shouldn't be any impact on deployment.

Checklist (check x in [ ] of list items)

  • I have performed a self-review of my own code
  • All checks have passed
  • I have made corresponding changes to the documentation
  • Plan and discussed how it should be deployed to PROD (If needed)

@julialawrence julialawrence requested a review from a team as a code owner July 18, 2024 13:25
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/bootstrap/single-sign-on

Running Trivy in terraform/environments/bootstrap/single-sign-on
2024-07-18T13:27:38Z INFO Need to update DB
2024-07-18T13:27:38Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-18T13:27:40Z INFO Vulnerability scanning is enabled
2024-07-18T13:27:40Z INFO Misconfiguration scanning is enabled
2024-07-18T13:27:40Z INFO Need to update the built-in policies
2024-07-18T13:27:40Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-18T13:27:40Z INFO Secret scanning is enabled
2024-07-18T13:27:40Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-18T13:27:40Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-18T13:27:41Z INFO Number of language-specific files num=0
2024-07-18T13:27:41Z INFO Detected config files num=1

policies.tf (terraform)

Tests: 620 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 620)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/bootstrap/single-sign-on

*****************************

Running Checkov in terraform/environments/bootstrap/single-sign-on
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 96, Failed checks: 0, Skipped checks: 50


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
terraform/environments/bootstrap/single-sign-on

*****************************

Running tflint in terraform/environments/bootstrap/single-sign-on
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/bootstrap/single-sign-on

*****************************

Running Trivy in terraform/environments/bootstrap/single-sign-on
2024-07-18T13:27:38Z	INFO	Need to update DB
2024-07-18T13:27:38Z	INFO	Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-18T13:27:40Z	INFO	Vulnerability scanning is enabled
2024-07-18T13:27:40Z	INFO	Misconfiguration scanning is enabled
2024-07-18T13:27:40Z	INFO	Need to update the built-in policies
2024-07-18T13:27:40Z	INFO	Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-18T13:27:40Z	INFO	Secret scanning is enabled
2024-07-18T13:27:40Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-18T13:27:40Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-18T13:27:41Z	INFO	Number of language-specific files	num=0
2024-07-18T13:27:41Z	INFO	Detected config files	num=1

policies.tf (terraform)
=======================
Tests: 620 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 620)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

@julialawrence julialawrence changed the title Adding sso:CreateApplicationAssignment so can manage QS Groups via Consoe Adding sso:CreateApplicationAssignment so can manage QS Groups via Console Jul 18, 2024
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/bootstrap/single-sign-on

Running Trivy in terraform/environments/bootstrap/single-sign-on
2024-07-18T13:29:09Z INFO Need to update DB
2024-07-18T13:29:09Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-18T13:29:11Z INFO Vulnerability scanning is enabled
2024-07-18T13:29:11Z INFO Misconfiguration scanning is enabled
2024-07-18T13:29:11Z INFO Need to update the built-in policies
2024-07-18T13:29:11Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-18T13:29:11Z INFO Secret scanning is enabled
2024-07-18T13:29:11Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-18T13:29:11Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-18T13:29:12Z INFO Number of language-specific files num=0
2024-07-18T13:29:12Z INFO Detected config files num=1

policies.tf (terraform)

Tests: 620 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 620)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/bootstrap/single-sign-on

*****************************

Running Checkov in terraform/environments/bootstrap/single-sign-on
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 96, Failed checks: 0, Skipped checks: 50


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
terraform/environments/bootstrap/single-sign-on

*****************************

Running tflint in terraform/environments/bootstrap/single-sign-on
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/bootstrap/single-sign-on

*****************************

Running Trivy in terraform/environments/bootstrap/single-sign-on
2024-07-18T13:29:09Z	INFO	Need to update DB
2024-07-18T13:29:09Z	INFO	Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-18T13:29:11Z	INFO	Vulnerability scanning is enabled
2024-07-18T13:29:11Z	INFO	Misconfiguration scanning is enabled
2024-07-18T13:29:11Z	INFO	Need to update the built-in policies
2024-07-18T13:29:11Z	INFO	Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-18T13:29:11Z	INFO	Secret scanning is enabled
2024-07-18T13:29:11Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-18T13:29:11Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-18T13:29:12Z	INFO	Number of language-specific files	num=0
2024-07-18T13:29:12Z	INFO	Detected config files	num=1

policies.tf (terraform)
=======================
Tests: 620 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 620)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

@julialawrence julialawrence force-pushed the feature/add-ability-to-manage-quicksight-groups-to-sandbox branch from 749ca05 to a720882 Compare July 18, 2024 13:37
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/bootstrap/single-sign-on

Running Trivy in terraform/environments/bootstrap/single-sign-on
2024-07-18T13:39:26Z INFO Need to update DB
2024-07-18T13:39:26Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-18T13:39:28Z INFO Vulnerability scanning is enabled
2024-07-18T13:39:28Z INFO Misconfiguration scanning is enabled
2024-07-18T13:39:28Z INFO Need to update the built-in policies
2024-07-18T13:39:28Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-18T13:39:28Z INFO Secret scanning is enabled
2024-07-18T13:39:28Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-18T13:39:28Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-18T13:39:29Z INFO Number of language-specific files num=0
2024-07-18T13:39:29Z INFO Detected config files num=1

policies.tf (terraform)

Tests: 620 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 620)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/bootstrap/single-sign-on

*****************************

Running Checkov in terraform/environments/bootstrap/single-sign-on
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 96, Failed checks: 0, Skipped checks: 50


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
terraform/environments/bootstrap/single-sign-on

*****************************

Running tflint in terraform/environments/bootstrap/single-sign-on
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/bootstrap/single-sign-on

*****************************

Running Trivy in terraform/environments/bootstrap/single-sign-on
2024-07-18T13:39:26Z	INFO	Need to update DB
2024-07-18T13:39:26Z	INFO	Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-18T13:39:28Z	INFO	Vulnerability scanning is enabled
2024-07-18T13:39:28Z	INFO	Misconfiguration scanning is enabled
2024-07-18T13:39:28Z	INFO	Need to update the built-in policies
2024-07-18T13:39:28Z	INFO	Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-18T13:39:28Z	INFO	Secret scanning is enabled
2024-07-18T13:39:28Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-18T13:39:28Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-18T13:39:29Z	INFO	Number of language-specific files	num=0
2024-07-18T13:39:29Z	INFO	Detected config files	num=1

policies.tf (terraform)
=======================
Tests: 620 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 620)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

@julialawrence julialawrence added this pull request to the merge queue Jul 18, 2024
Merged via the queue into main with commit a4f54d4 Jul 18, 2024
12 checks passed
@julialawrence julialawrence deleted the feature/add-ability-to-manage-quicksight-groups-to-sandbox branch July 18, 2024 13:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sukeshreddyg sukeshreddyg sukeshreddyg approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@julialawrence @sukeshreddyg