Permissions framework? about sixtyfour HOT 5 CLOSED

So so excited by all of this!! Here's a thought, but I haven't fully thought it through yet. I'll install this and actually get it running to think about the possibilities asap.

aws_users_list() %>% 
    filter(Tag %in% c("A", "B")) %>% 
    pull("Usernames") %>% 
    aws_group_add_users(group = "testers")

from sixtyfour.

Just copying this from above with no modifications:

# in each case below aws_policy_attach determines from input whether
# its a group, role, or user. And prefixes policy with `arn:aws:iam::aws:policy`
aws_group_create("testers") %>% aws_policy_attach("ReadOnlyAccess")
aws_role_create("ReadOnlyRole") %>% aws_policy_attach("ReadOnlyAccess")
aws_user_create("jane") %>% aws_policy_attach("AdministratorAccess")

# or if already created, then:
aws_role("ReadOnlyRole") %>% aws_policy_attach("ReadOnlyAccess")

I really like this. What should aws_policy_attach return? I'm thinking about how the pipeline could continue (this is likely not too important at this point)

from sixtyfour.

right now aws_policy_attach returns an empty list. it's the result of a call to a paws method, e.g., attach_user_policy that always returns an empty list.

Instead of returning whatever is returned from the paws method, we could return the updated object that the various create functions output? So for example,

• aws_user_create("jane") returns a tibble with user information, including any policies
• aws_user_create("jane") %>% aws_policy_attach("AdministratorAccess") is run and returns the same tibble returned above but with any changes made to policies

thoughts (when you're back)?

from sixtyfour.

aws_group_create("testers") %>% aws_policy_attach("ReadOnlyAccess") and similar now returns the same thing that aws_group_create and aws_group returns - via the merged PR #19 - among other changes.

I'll leave this open until we're happy with the interface for these fxns.

from sixtyfour.

@seankross Any further thoughts on the permissions fxns for now?

from sixtyfour.