Giters

noqdev / iambic

IAMbic is Version-Control for IAM. It centralizes and simplifies cloud access and permissions. It maintains an eventually consistent, human-readable, bi-directional representation of IAM in Git.

Home Page:https://iambic.org

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

(aws role) the default description on a role should be None instead of ""

smoy opened this issue · comments

commented

Describe the bug
Current implementation of IAM role default is "". I notice AWS IAM role can have no description. For example, an IAM role results from AWS CLI get-role is the following

{
    "Role": {
        "Path": "/aws-reserved/sso.amazonaws.com/",
        "RoleName": "REDACTED",
        "RoleId": "REDACTED",
        "Arn": "arn:aws:iam::REDACTED:role/aws-reserved/sso.amazonaws.com/REDACTED",
        "CreateDate": "2023-01-03T20:17:20+00:00",
        "AssumeRolePolicyDocument": {
            "Version": "2012-10-17",
            "Statement": [
                {
                    "Effect": "Allow",
                    "Principal": {
                        "Federated": "arn:aws:iam::REDACTED:saml-provider/AWSSSO_REDACTED_DO_NOT_DELETE"
                    },
                    "Action": [
                        "sts:AssumeRoleWithSAML",
                        "sts:TagSession"
                    ],
                    "Condition": {
                        "StringEquals": {
                            "SAML:aud": "https://signin.aws.amazon.com/saml"
                        }
                    }
                }
            ]
        },
        "MaxSessionDuration": 43200,
        "RoleLastUsed": {
            "LastUsedDate": "2023-04-25T23:18:58+00:00",
            "Region": "us-east-1"
        }
    }
}

That would mean if a user manually run import and submits a pull request. IAMBIC plan would claim the request will attempt to change the cloud because cloud have a description of None. and template simply use "".

To Reproduce
Steps to reproduce the behavior:

  1. One sanity is if run import on IAM role with no description.
  2. examine resulting yaml file to see if description appeared. (it should not be)
  3. run iambic plan. the expectation is there is no changes requires.
  4. The bug is it attempt to change to description with empty string.

Expected behavior
Expectation is import, plan should yield no change (as long as there is change in the cloud resource)

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

  • OS: [e.g. iOS]
  • Browser [e.g. chrome, safari]
  • Version [e.g. 22]

Additional context
Add any other context about the problem here.

Community Engagement
Your vote counts! Please support this bug report by adding a 👍 reaction to the original issue, which will aid the community and maintainers in addressing this problem.

Please refrain from adding "+1" or "me too" comments, as these create unnecessary noise for issue followers and do not help in prioritizing the issue. If you wish to contribute to solving this issue or have submitted a pull request, please leave a comment.