Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[#254] Prevent creating the login credential for IAM bot account #266

Merged
merged 1 commit into from
Dec 1, 2023
Merged

[#254] Prevent creating the login credential for IAM bot account #266

merged 1 commit into from
Dec 1, 2023

Conversation

Nihisil
Copy link
Contributor

@Nihisil Nihisil commented Dec 1, 2023

What happened 👀

List of implemented improvements:

  • Disable console login for service account (has_login = false). It is unnecessary for service account to have console login and exposes more risk. Credentials that will be used by service account can be generated through admin account.
  • Rename bot to infra-service-account, since this name is more accurate describe why we need this account
  • Set depends_on attribute to group_membership. Without depends_on there was an error when we tried to add new user, it said that user wasn't created yet.
  • Refactor group_membership to be set through forloop, to make it easier change attributes (otherwise we had to set same depends_on for all three memberships).

Proof Of Work 📹

TF plan can be run and applied without any errors:

image

@Nihisil Nihisil added the type : feature New feature or request label Dec 1, 2023
@Nihisil Nihisil added this to the 2.3.0 milestone Dec 1, 2023
@Nihisil Nihisil self-assigned this Dec 1, 2023
longnd
longnd approved these changes Dec 1, 2023
View reviewed changes
Copy link
Contributor

@longnd longnd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the fixes 🤩

hoangmirs
hoangmirs approved these changes Dec 1, 2023
View reviewed changes
Copy link
Collaborator

@hoangmirs hoangmirs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉

@hoangmirs hoangmirs merged commit a3c3ac6 into develop Dec 1, 2023
3 checks passed
@hoangmirs hoangmirs deleted the feature/gh-254-remove-login-credentials-from-bot-account branch December 1, 2023 07:32
@hoangmirs hoangmirs mentioned this pull request Dec 5, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hoangmirs hoangmirs hoangmirs approved these changes

@longnd longnd longnd approved these changes

@andyduong1920 andyduong1920 Awaiting requested review from andyduong1920 andyduong1920 is a code owner

@bterone bterone Awaiting requested review from bterone bterone is a code owner

@byhbt byhbt Awaiting requested review from byhbt byhbt is a code owner

@malparty malparty Awaiting requested review from malparty malparty is a code owner

@nvminhtue nvminhtue Awaiting requested review from nvminhtue nvminhtue is a code owner

@liamstevens111 liamstevens111 Awaiting requested review from liamstevens111 liamstevens111 is a code owner

Assignees

@Nihisil Nihisil

Labels
type : feature New feature or request
Projects
None yet
Milestone
2.3.0
Development

Successfully merging this pull request may close these issues.

Prevent creating the login credential for IAM bot account
3 participants
@Nihisil @longnd @hoangmirs