feat(plugins,domain): Implement Alicloud IAM plugin to dummy branch #187
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bearaujus
changed the title
bearaujus
changed the title
bearaujus
added a commit
to goto/proton
that referenced
this pull request
Nov 14, 2024
This field purposed due to AliCloudIAM plugin requirement. MVP for the plugin PR: goto/guardian#187 After some research we need to add type to role message. First you can read this docs: https://www.alibabacloud.com/help/en/ram/developer-reference/api-ram-2015-05-01-getpolicy. On that docs there was field "PolicyType". Policy type has two constant which is: - System - Custom
anjali9791
pushed a commit
to goto/proton
that referenced
this pull request
Nov 15, 2024
This field purposed due to AliCloudIAM plugin requirement. MVP for the plugin PR: goto/guardian#187 After some research we need to add type to role message. First you can read this docs: https://www.alibabacloud.com/help/en/ram/developer-reference/api-ram-2015-05-01-getpolicy. On that docs there was field "PolicyType". Policy type has two constant which is: - System - Custom
anjali9791
reviewed
Nov 16, 2024
anjali9791
reviewed
Nov 16, 2024
anjali9791
reviewed
Nov 16, 2024
| return c.EncryptCredentials() | ||
| } | ||
|
|
||
| func (p *Provider) GetResources(_ context.Context, pc *domain.ProviderConfig) ([]*domain.Resource, error) { |
There was a problem hiding this comment.
We can remove context as the param since it is not used.
There was a problem hiding this comment.
We cannot remove it. It required to implement this interface:
https://github.com/goto/guardian/blob/main/plugins/providers/client.go
And that interface will be used on initializing new providers at:
https://github.com/goto/guardian/blob/main/internal/server/services.go#L114
There was a problem hiding this comment.
This was likely added to encourage implementing requests with a context. By doing so, if a request is sent to a provider, it won’t block indefinitely and will automatically cancel all ongoing processes when the parent context expires or is canceled.
There was a problem hiding this comment.
But since Ali SDK has no support for it, I already raised the question here:
aliyun/darabonba-openapi#171
|
I’ve already raised a question about the parent context TODO here: If the SDK doesn’t support it yet, I’ll leave it as-is for now. |
anjali9791
merged commit 7480d87
into
goto:bearaujus/implement-alicloudiam-plugin
3 checks passed
|
Parent PR: |
rahmatrhd
added a commit
that referenced
this pull request
Dec 26, 2024
* feat(plugins,domain): Implement Alicloud IAM plugin to dummy branch (#187) * feat(plugins,domain): Implement MVP for Alicloud IAM plugin * feat(plugins,domain): Implement MVP for Alicloud IAM plugin patch * feat(plugins,domain): Implement Alicloud IAM plugin to dummy branch patch 2 * feat(plugins,domain): Implement Alicloud IAM plugin to dummy branch patch 3 * feat(plugins,domain): Implement Alicloud IAM plugin to dummy branch patch 4 * feat(plugins,domain): Implement Alicloud IAM plugin to dummy branch patch 5 * feat(plugins,domain): Implement Alicloud IAM plugin to dummy branch patch 6 * feat(plugins,domain): Implement Alicloud IAM plugin to dummy branch patch 7 * feat: add support for cross account access management * feat(plugins): refactor create iam client & fix unittests for alicloud_iam plugin * fix(plugins): remove async process and un-implement list access * feat(plugins): change permissions type & improve validation * feat(plugins): fix alicloud sdk client race condition This occur because AliCloud SDK is using builder pattern when receiving and sending request to their own API. Because of this, we need to create a new client each time we invoking a request. * feat(plugins): cleanup go sum * feat(plugins): simplify expression & fix error check * feat(plugins): add more test cases * feat(plugins): update alicloudiam plugin docs * fix: resolve comments * fix: resolve remaining conflict * feat: adjust logic, unittests & add readme * feat: fix readme * feat: add more documentation and role validation * feat: add support for region on client creation * fix: add struct tag for region id * Update ali-role-arn-structure.png * fix: fix account types * fix: client caching not updated --------- Co-authored-by: anjali.agarwal <anjali.aggarwal@gojek.com> Co-authored-by: Rahmat Hidayat <rahmat.hd@gojek.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Steps for Alicloud IAM Plugin Implementation:
bearaujus/implement-alicloudiam-pluginbearaujus/implement-alicloudiam-pluginintomainbranch (Will also request @rahmatrhd for this. For developing on branchbearaujus/implement-alicloudiam-pluginwe just need internal review)*PS: For this PR please review the main flow only and ignore another typos, todos.
That all will be fixed and tidy up on the next PR included with the onboarding of new proto variable for role type, unitests & all things related to implementation completion! :)
Thank you 🙏