Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix when migrating from Manually Created Pivot Role to Auto Create Pivot Role #948

Merged
merged 26 commits into from
Jan 9, 2024
Merged
Changes from all commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
ed8b16f
Backend and Frontend Changes For External Idp Changes
TejasRGitHub Nov 29, 2023
93e64fe
Merge branch 'main' of https://github.com/TejasRGitHub/aws-dataall
Dec 1, 2023
89af5ab
Backend and Frontend Changes For External Idp Changes -1
TejasRGitHub Dec 1, 2023
684ed18
Merge branch 'main' of https://github.com/TejasRGitHub/aws-dataall
Dec 1, 2023
f173c2a
Backend and Frontend Changes For External Idp Changes - 2
TejasRGitHub Dec 1, 2023
0f4b88e
semgrep and linting corrections
TejasRGitHub Dec 1, 2023
e844dae
npm audit corrections
TejasRGitHub Dec 1, 2023
e39f7ab
npm audit corrections - 1
TejasRGitHub Dec 1, 2023
0bba194
Resolving Merge Conflicts
Dec 1, 2023
f67153f
Resolved Merged Conflicts and added for tests
TejasRGitHub Dec 1, 2023
ee21ca4
Merge branch 'main' of https://github.com/TejasRGitHub/aws-dataall
Dec 1, 2023
622b923
Fixing Semgrep Error in Frontend
TejasRGitHub Dec 4, 2023
83d482b
Added Redirect URL as a config
TejasRGitHub Dec 5, 2023
e940a6c
Addressing Changes from review comments
TejasRGitHub Dec 5, 2023
393a282
Minor Corections
TejasRGitHub Dec 5, 2023
6f3aee3
Frontend Global Imports, Backend Validation for custom auth params an…
TejasRGitHub Dec 8, 2023
692e5be
Mergin Files from Open source
TejasRGitHub Dec 8, 2023
4cf5f7d
Addressing review comments - Minor backend deploy changes and fixing …
TejasRGitHub Dec 11, 2023
bea1836
user id check from context in resolver function. Fixed tests
TejasRGitHub Dec 11, 2023
92cf30c
Added Guardrails for user id and few frontend linter fixes
TejasRGitHub Dec 12, 2023
09a9a06
Adding Policy for frontend deployment
TejasRGitHub Dec 12, 2023
74c2576
Synching Upstrem and resolving merge conflicts
TejasRGitHub Dec 26, 2023
5789d22
Merge branch 'main' of https://github.com/TejasRGitHub/aws-dataall
Jan 5, 2024
da2beb0
Fix for environments update with auto create pivot role - GH Issue -943
TejasRGitHub Jan 5, 2024
d87ce99
Minor Linting - GH Issue -943
TejasRGitHub Jan 5, 2024
dfb21f3
Displaced imported_dataset_resources after checking datasets - GH Iss…
TejasRGitHub Jan 8, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 12 additions & 9 deletions backend/dataall/modules/datasets/cdk/env_role_dataset_s3_policy.py
Original file line number Diff line number Diff line change
Expand Up @@ -70,18 +70,16 @@ def _generate_dataset_statements(datasets: List[Dataset]):

@staticmethod
def _set_allowed_kms_keys_statements(datasets):
allowed_buckets_kms_keys = []
imported_kms_alias = []
if datasets:
# Datasets belonging to a team and an environment are present in same region and aws account
imported_dataset_resources = [f"arn:aws:kms:{datasets[0].region}:{datasets[0].AwsAccountId}:key/*"]
dataset: Dataset
for dataset in datasets:
if dataset.imported and dataset.importedKmsKey:
key_id = KmsClient(account_id=dataset.AwsAccountId, region=dataset.region).get_key_id(
key_alias=f"alias/{dataset.KmsAlias}"
)
if key_id:
allowed_buckets_kms_keys.append(
f"arn:aws:kms:{dataset.region}:{dataset.AwsAccountId}:key/{key_id}")
if len(allowed_buckets_kms_keys):
imported_kms_alias.append(f'alias/{dataset.KmsAlias}')

if len(imported_kms_alias):
return iam.PolicyStatement(
sid="KMSImportedDatasetAccess",
actions=[
Expand All @@ -92,6 +90,11 @@ def _set_allowed_kms_keys_statements(datasets):
"kms:GenerateDataKey"
],
effect=iam.Effect.ALLOW,
resources=allowed_buckets_kms_keys
resources=imported_dataset_resources,
conditions={
'ForAnyValue:StringLike': {
'kms:ResourceAliases' : imported_kms_alias
}
}
)
return None
Loading