Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix when migrating from Manually Created Pivot Role to Auto Create Pivot Role #948

Merged
merged 26 commits into from
Jan 9, 2024
Merged

Fix when migrating from Manually Created Pivot Role to Auto Create Pivot Role #948

merged 26 commits into from
Jan 9, 2024

Conversation

TejasRGitHub
Copy link
Contributor

Feature or Bugfix

  • Bugfix

Detail

  • Changes in the way KMS keys of datasets( S3 buckets ) are specified in the environment role .

Testing

  • Created an environment with manual pivot role and migrated to auto create pivot role.
  • Checked if the datasets previously present in the environment get updated properly.
  • Imported another dataset on this environment successfully.

Relates

Security

Please answer the questions below briefly where applicable, or write N/A. Based on
OWASP 10.

  • Does this PR introduce or modify any input fields or queries - this includes
    fetching data from storage outside the application (e.g. a database, an S3 bucket)? N/A
    • Is the input sanitized?
    • What precautions are you taking before deserializing the data you consume?
    • Is injection prevented by parametrizing queries?
    • Have you ensured no eval or similar functions are used?
  • Does this PR introduce any functionality or component that requires authorization? N/A
    • How have you ensured it respects the existing AuthN/AuthZ mechanisms?
    • Are you logging failed auth attempts?
  • Are you using or adding any cryptographic features? N/A
    • Do you use a standard proven implementations?
    • Are the used keys controlled by the customer? Where are they stored?
  • Are you introducing any new policies/roles/users? Yes
    • Have you used the least-privilege principle? How? Yes, only access to KMS keys which are present on the environment

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

TejasRGitHub and others added 25 commits December 1, 2023 11:05
@TejasRGitHub
Backend and Frontend Changes For External Idp Changes
ed8b16f
Merge branch 'main' of https://github.com/TejasRGitHub/aws-dataall
93e64fe 
Changes from Open Source
@TejasRGitHub
Backend and Frontend Changes For External Idp Changes -1
89af5ab
Merge branch 'main' of https://github.com/TejasRGitHub/aws-dataall
684ed18 
Merged From Open source
@TejasRGitHub
Backend and Frontend Changes For External Idp Changes - 2
f173c2a
@TejasRGitHub
semgrep and linting corrections
0f4b88e
@TejasRGitHub
npm audit corrections
e844dae
@TejasRGitHub
npm audit corrections - 1
e39f7ab
Resolving Merge Conflicts
0bba194
@TejasRGitHub
Resolved Merged Conflicts and added for tests
f67153f
Merge branch 'main' of https://github.com/TejasRGitHub/aws-dataall
ee21ca4 
New Changed Merged
@TejasRGitHub
Fixing Semgrep Error in Frontend
622b923
@TejasRGitHub
Added Redirect URL as a config
83d482b
@TejasRGitHub
Addressing Changes from review comments
e940a6c
@TejasRGitHub
Minor Corections
393a282
@TejasRGitHub
Frontend Global Imports, Backend Validation for custom auth params an…
6f3aee3 
…d alb frontend changes as per custom auth
@TejasRGitHub
Mergin Files from Open source
692e5be
@TejasRGitHub
Addressing review comments - Minor backend deploy changes and fixing …
4cf5f7d 
…naming conventiosn and added guardrails
@TejasRGitHub
user id check from context in resolver function. Fixed tests
bea1836
@TejasRGitHub
Added Guardrails for user id and few frontend linter fixes
92cf30c
@TejasRGitHub
Adding Policy for frontend deployment
09a9a06
@TejasRGitHub
Synching Upstrem and resolving merge conflicts
74c2576
Merge branch 'main' of https://github.com/TejasRGitHub/aws-dataall
5789d22 
Syncing
@TejasRGitHub
Fix for environments update with auto create pivot role - GH Issue -943
da2beb0
@TejasRGitHub
Minor Linting - GH Issue -943
d87ce99
TejasRGitHub
TejasRGitHub commented Jan 8, 2024
View reviewed changes
Copy link
Contributor Author

@TejasRGitHub TejasRGitHub left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updating code to add imported section after checking if datasets are present

backend/dataall/modules/datasets/cdk/env_role_dataset_s3_policy.py Outdated Show resolved Hide resolved
@dlpzx
Copy link
Contributor

dlpzx commented Jan 9, 2024
edited
Loading

Testing in AWS. I took an existing environment with multiple datasets (some imported KMS keys) in a deployment using manual pivot role ---> updated the code with this PR and changed to auto created pivot role in the cdk.json to really re-create the fix.

  • CICD completes without issue
  • update environment by clicking manually "update " in the environment Stack tab. Update is triggered
  • update creates pivot role
  • update modifies environment role and adds the 1 "KMSImportedDatasetAccess" statement to the DataPolicy

Looks great, approving!

dlpzx
dlpzx approved these changes Jan 9, 2024
View reviewed changes
Copy link
Contributor

@dlpzx dlpzx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reviewed and tested

@dlpzx dlpzx merged commit a273e52 into data-dot-all:main Jan 9, 2024
8 checks passed
@noah-paige noah-paige linked an issue Jan 9, 2024 that may be closed by this pull request
Migrating from Manual PivotRole to Auto Create PivotRole Fails for v2.2 #943
Closed
@TejasRGitHub TejasRGitHub mentioned this pull request Jan 17, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dlpzx dlpzx dlpzx approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Migrating from Manual PivotRole to Auto Create PivotRole Fails for v2.2
2 participants
@TejasRGitHub @dlpzx