Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(aws role) the default description on a role should be None instead of "" #624

Open
smoy opened this issue Aug 29, 2023 · 0 comments
Open

(aws role) the default description on a role should be None instead of "" #624

smoy opened this issue Aug 29, 2023 · 0 comments

Comments

@smoy
Copy link
Contributor

smoy commented Aug 29, 2023

Describe the bug
Current implementation of IAM role default is "". I notice AWS IAM role can have no description. For example, an IAM role results from AWS CLI get-role is the following

{
    "Role": {
        "Path": "/aws-reserved/sso.amazonaws.com/",
        "RoleName": "REDACTED",
        "RoleId": "REDACTED",
        "Arn": "arn:aws:iam::REDACTED:role/aws-reserved/sso.amazonaws.com/REDACTED",
        "CreateDate": "2023-01-03T20:17:20+00:00",
        "AssumeRolePolicyDocument": {
            "Version": "2012-10-17",
            "Statement": [
                {
                    "Effect": "Allow",
                    "Principal": {
                        "Federated": "arn:aws:iam::REDACTED:saml-provider/AWSSSO_REDACTED_DO_NOT_DELETE"
                    },
                    "Action": [
                        "sts:AssumeRoleWithSAML",
                        "sts:TagSession"
                    ],
                    "Condition": {
                        "StringEquals": {
                            "SAML:aud": "https://signin.aws.amazon.com/saml"
                        }
                    }
                }
            ]
        },
        "MaxSessionDuration": 43200,
        "RoleLastUsed": {
            "LastUsedDate": "2023-04-25T23:18:58+00:00",
            "Region": "us-east-1"
        }
    }
}

That would mean if a user manually run import and submits a pull request. IAMBIC plan would claim the request will attempt to change the cloud because cloud have a description of None. and template simply use "".

To Reproduce
Steps to reproduce the behavior:

  1. One sanity is if run import on IAM role with no description.
  2. examine resulting yaml file to see if description appeared. (it should not be)
  3. run iambic plan. the expectation is there is no changes requires.
  4. The bug is it attempt to change to description with empty string.

Expected behavior
Expectation is import, plan should yield no change (as long as there is change in the cloud resource)

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

  • OS: [e.g. iOS]
  • Browser [e.g. chrome, safari]
  • Version [e.g. 22]

Additional context
Add any other context about the problem here.

Community Engagement
Your vote counts! Please support this bug report by adding a 👍 reaction to the original issue, which will aid the community and maintainers in addressing this problem.

Please refrain from adding "+1" or "me too" comments, as these create unnecessary noise for issue followers and do not help in prioritizing the issue. If you wish to contribute to solving this issue or have submitted a pull request, please leave a comment.
@smoy smoy assigned smoy and unassigned smoy Aug 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@smoy