Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unrestricted home role and settings #17

Merged
merged 2 commits into from
Jun 11, 2022
Merged

Unrestricted home role and settings #17

merged 2 commits into from
Jun 11, 2022

Conversation

if-igor
Copy link
Sponsor Contributor

@if-igor if-igor commented May 12, 2022

what

  • There are three changes here, all to support the use case where var.restricted_home is set to false
  • Change 1: expose user role arns
  • Change 2: set default home_directory to provided s3 bucket
  • Change 3: Adjust policy to allow access to the root of the s3 bucket instead of the path with username

why

  • Currently, setting var.restricted_home to false will drop the user into the root directory without any permissions
  • Given that the module works with an s3 bucket, it makes sense to change the home_directory in this case to the root of the s3 bucket
  • The policy did not grant access to the user to the root directory
  • Adding role_arns to the output will help anyone who wants to add additional policies to the role

@if-igor if-igor requested review from a team as code owners May 12, 2022 02:17
@if-igor if-igor requested review from a team as code owners May 12, 2022 02:17
@johnclawson
Copy link

Bump! Thanks @if-igor for updating this, it fits my use case perfectly. Hoping for a merge soon.

aknysh
aknysh reviewed Jun 10, 2022
View reviewed changes
outputs.tf
@@ -12,3 +12,8 @@ output "elastic_ips" {
description = "Provisioned Elastic IPs"
value = module.this.enabled && var.eip_enabled ? aws_eip.sftp.*.id : null
}

output "s3_access_role_arns" {
description = "Role ARNs for the S3 access"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
description = "Role ARNs for the S3 access"
description = "Map of users to role ARNs for the S3 access"

@aknysh
Copy link
Member

aknysh commented Jun 10, 2022

@nitrocode please review the PR

@nitrocode
Copy link
Member

@aknysh reviewed :)

@aknysh aknysh merged commit 37020f6 into cloudposse:master Jun 11, 2022
Nuru added a commit that referenced this pull request Jul 29, 2022
@Nuru
Add features from #9 and #17, update tests
84d1bc7
@Nuru Nuru mentioned this pull request Jul 29, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aknysh aknysh aknysh approved these changes

@nitrocode nitrocode nitrocode approved these changes

@dotCipher dotCipher Awaiting requested review from dotCipher dotCipher was automatically assigned from cloudposse/contributors

@Benbentwo Benbentwo Awaiting requested review from Benbentwo Benbentwo was automatically assigned from cloudposse/contributors

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@if-igor @johnclawson @aknysh @nitrocode @cloudpossebot