Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MFA integration tests for assume_role #639

Merged
merged 19 commits into from
Jun 30, 2023
Merged

MFA integration tests for assume_role #639

merged 19 commits into from
Jun 30, 2023

Conversation

omus
Copy link
Member

@omus omus commented Jun 26, 2023

Follow up to #638. Adds an IAM user with MFA devices such that we can validate the mfa_serial and token keywords provided by assume_role. In order to get this to work we needed to add the following:

  1. Support generating TOTP codes (see totp.jl)
  2. Creating an IAM user with access keys and at least one associated MFA device
  3. A restrictive IAM user policy which requires MFA to be used
  4. Efficient use of MFA devices such that concurrent tests can avoid being blocked when TOTP codes have been used/consumed.

The design of our MFA device setup is documented in the setup.jl file. The TLDR is by using multiple pre-setup MFA devices we can avoid having to wait or perform synchronization between multiple running tests using the AWS resources.

omus
omus commented Jun 26, 2023
View reviewed changes
test/resources/setup.jl
@@ -0,0 +1,193 @@
#!/usr/bin/env julia --project
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Having a separate project/manifest isn't strictly necessary but avoids situations where you try to bootstrap the AWS resource setup with an in development version of AWS.jl which may could be broken.

@omus omus requested a review from mattBrzezinski June 26, 2023 16:02
@omus omus self-assigned this Jun 26, 2023
github-actions[bot]
github-actions bot reviewed Jun 26, 2023
View reviewed changes
test/resources/setup.jl Outdated Show resolved Hide resolved
test/resources/setup.jl Outdated Show resolved Hide resolved
test/resources/setup.jl Outdated Show resolved Hide resolved
test/resources/setup.jl Outdated Show resolved Hide resolved
test/resources/setup.jl Outdated Show resolved Hide resolved
test/resources/setup.jl Outdated Show resolved Hide resolved
test/resources/setup.jl Outdated Show resolved Hide resolved
test/resources/totp.jl Outdated Show resolved Hide resolved
test/resources/totp.jl Show resolved Hide resolved
test/resources/totp.jl Outdated Show resolved Hide resolved
mattBrzezinski
mattBrzezinski approved these changes Jun 26, 2023
View reviewed changes
test/resources/setup.jl Outdated Show resolved Hide resolved
test/resources/setup.jl Show resolved Hide resolved
test/resources/setup.jl Show resolved Hide resolved
omus
omus commented Jun 27, 2023
View reviewed changes
Project.toml Outdated Show resolved Hide resolved
omus and others added 2 commits June 27, 2023 16:05
@omus @mattBrzezinski
Final changes
2c76ad5 
Co-authored-by: mattBrzezinski <3.brzezinski@gmail.com>
@omus
Merge branch 'master' into cv/mfa-integration
01a8c8b
@omus
Copy link
Member Author

omus commented Jun 30, 2023

As this doesn't actually need a version bump I'll remove that and merge this

omus
omus commented Jun 30, 2023
View reviewed changes
Project.toml Outdated Show resolved Hide resolved
@omus omus merged commit bce88f4 into master Jun 30, 2023
@omus omus deleted the cv/mfa-integration branch June 30, 2023 21:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@mattBrzezinski mattBrzezinski mattBrzezinski approved these changes

Assignees

@omus omus

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@omus @mattBrzezinski