generated from TrueCloudLab/basic
[#70] iam: Support aws:MultiFactorAuthPresent key #70
No reviewers
Labels
No labels
Infrastructure
blocked
bug
config
discussion
documentation
duplicate
enhancement
go
help wanted
internal
invalid
kludge
observability
perfomance
question
refactoring
wontfix
No milestone
No project
No assignees
6 participants
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: TrueCloudLab/policy-engine#70
Loading…
Reference in a new issue
No description provided.
Delete branch "mbiryukova/policy-engine:feature/mfa_condition_key"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
79a4ea2fe1
to0033c76a71
[#xx] iam: Support aws:MultiFactorAuthPresent keyto [#70] iam: Support aws:MultiFactorAuthPresent key0033c76a71
toa84a6b6691
@ -198,6 +201,10 @@ func transformKey(key string) string {
return fmt.Sprintf(common.PropertyKeyFormatFrostFSIDUserClaim, userClaimTagPrefix+tagName)
}
if key == condKeyAWSMFAPresent {
I'm not sure we need such tranformation for native policies. AccessBox attributes can be set only in s3/iam services
a84a6b6691
tob4b2325716
@ -218,6 +225,12 @@ func getNativePrincipalsAndConditionFunc(statement Statement, resolver NativeRes
func convertToNativeChainCondition(c Conditions, resolver NativeResolver) ([]GroupedConditions, error) {
return convertToChainConditions(c, func(gr GroupedConditions) (GroupedConditions, error) {
if slices.ContainsFunc(gr.Conditions, func(c chain.Condition) bool {
These 5 lines can be replaced with a simple
for
loop, do we really need to use an external dependency here?I see it is already used in another place, but it will be removed after we bumped minimum go version.
slices
package contains this function too.Probably we can use already existing
for
loop below (line 234)I thought to check key before possible arn resolving, but can use loop below if it doesn't make sense to separate
I suppose it's ok to use the same loop
@ -1642,6 +1642,48 @@ func TestTagsConditions(t *testing.T) {
require.ElementsMatch(t, expectedConditions, nativeChain.Rules[0].Condition)
}
func TestMFACondition(t *testing.T) {
Could you please add negative test also.
What do you expect it should check?
b4b2325716
to04a79f57ef