You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The code below was originally part of the #55 pull request, but was removed as it wasn't completely working and deemed not important enough to spend more time on now to make it work.
check_simulated_user was called as the last stop before finishing in six_admin_setup
#' Check if a user has access to an AWS service#' @export#' @param fun (funcction) a function. required#' @param ... additional named args passed to `fun`#' @return single boolean. checks [rlang::is_null()] against `$error` result of#' call to [purrr::safely()]#' @details really just a generic check that any function can run with#' its inputs; not specific to AWS or any particular functionhas_access<-function(fun, ...) {
rlang::is_null(purrr::safely(fun, FALSE)(...)$error)
}
#' @importFrom dplyr any_ofcheck_simulated_user<-function(group) {
rlang::check_installed("callr")
cli_info("Checking that a simulated user can access {.strong {group}} group")
randuser<- random_user()
creds<- suppm(six_user_create(randuser))
aws_user_add_to_group(randuser, group)
creds_mapper<- c(
"AWS_ACCESS_KEY_ID"="AccessKeyId",
"AWS_SECRET_ACCESS_KEY"="SecretAccessKey",
"AWS_REGION"="AwsRegion"
)
creds_lst<- as_tibble(creds) %>%
rename(any_of(creds_mapper)) %>%
select(starts_with("AWS")) %>%
as.list()
all_checks<-callr::r(function(creds) {
withr::with_envvar(
creds,
{
check_iam<-sixtyfour::has_access(sixtyfour::aws_user)
check_rds<-sixtyfour::has_access(sixtyfour::aws_db_instance_details)
check_rs<-sixtyfour::has_access(sixtyfour::aws_db_cluster_details)
check_s3<-sixtyfour::has_access(sixtyfour::aws_buckets)
check_bil<-sixtyfour::has_access(sixtyfour::aws_billing_raw,
date_start= Sys.Date() -1,
metrics="BlendedCost"
)
list(
IAM=check_iam,
RDS=check_rds,
Redshift=check_rs,
S3=check_s3,
Billing=check_bil
)
}
)
}, args=list(creds_lst))
if (all(unlist(all_checks))) {
cli_success(" All checks passed!")
} else {
cli_warning(c(
" At least one check didn't pass ",
"({names(keep(all_checks, isFALSE))}) ",
"try again or open an issue"
))
}
cli_info(" Cleaning up simulated user")
aws_user_remove_from_group(randuser, group)
suppm(six_user_delete(randuser))
cli_alert_info("") # nolint
}
Notes
aws_db_instance_details is the same instance_details in the current version of the pkg
aws_db_cluster_details is the same cluster_details in the current version of the pkg
The parts that were not working:
Running callr::r WAS working interactively after loading all the code in the package, but WAS NOT working if I load sixytour then call the six_admin_setup function - i'm not sure exactly why, but I think it has to do with the complex-ish nature of how paws loads credentials. I think I needed to make sure the R session that callr::r was running was not loading any of the credentials I have saved, and only the creds passed into the function, but that was not happening successfully (I kept getting a 403 error) like:
six_admin_setup("uzers", "zadmin")
#> ℹ whoami: scott (account: 744061095407)#> ℹ#> ! uzers group NOT created - a uzers group already exists in your account#> ℹ Not adding policies to the uzers group#> ℹ#> ! zadmin group NOT created - an zadmin group already exists in your account#> ℹ Not adding policies to the zadmin group#> ℹ#> ℹ Checking that a simulated user can access uzers group#> Error:#> ! in callr subprocess.#> Caused by error:#> ! InvalidClientTokenId (HTTP 403). The security token included in the request is invalid.#> Type .Last.error to see the more details.#> #> :p .Last.error#> <callr_error/rlib_error_3_0/rlib_error/error>#> Error:#> ! in callr subprocess.#> Caused by error:#> ! InvalidClientTokenId (HTTP 403). The security token included in the request is invalid.#> ---#> Backtrace:#> 1. sixtyfour::six_admin_setup("uzers", "zadmin")#> 2. sixtyfour:::check_simulated_user(users_group) at admin.R:113:3#> 3. callr::r(function(creds) { … at admin.R:155:3#> 4. callr:::get_result(output = out, options)#> 5. callr:::throw(callr_remote_error(remerr, output), parent = fix_msg(remerr[[3]]))#> ---#> Subprocess backtrace:#> 1. sixtyfour::aws_user()#> 2. env64$iam$get_user(username)$User %>% list(.) %>% user_list_tidy()#> 3. sixtyfour:::user_list_tidy(.)#> 4. rlang::is_empty(x)#> 5. env64$iam$get_user(username)#> 6. paws.common::send_request(request)#> 7. paws.common:::retry(request)#> 8. paws.common:::run(request, retry)#> 9. handler$fn(request)#> 10. base::stop(error)#> 11. global (function (e) …
The text was updated successfully, but these errors were encountered:
The code below was originally part of the #55 pull request, but was removed as it wasn't completely working and deemed not important enough to spend more time on now to make it work.
check_simulated_userwas called as the last stop before finishing insix_admin_setupNotes
aws_db_instance_detailsis the sameinstance_detailsin the current version of the pkgaws_db_cluster_detailsis the samecluster_detailsin the current version of the pkgThe parts that were not working:
callr::rWAS working interactively after loading all the code in the package, but WAS NOT working if I loadsixytourthen call thesix_admin_setupfunction - i'm not sure exactly why, but I think it has to do with the complex-ish nature of howpawsloads credentials. I think I needed to make sure the R session thatcallr::rwas running was not loading any of the credentials I have saved, and only the creds passed into the function, but that was not happening successfully (I kept getting a 403 error) like:The text was updated successfully, but these errors were encountered: