iam_user password management support #822
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
markuman
reviewed
Dec 3, 2021
|
@marknet15 I think we should also support the method |
tremble
requested changes
Dec 5, 2021
|
Fresh integrations tests run following PR feedback changes: |
markuman
approved these changes
Dec 10, 2021
tremble
requested changes
Dec 13, 2021
Co-authored-by: Mark Chappell <mchappel@redhat.com>
tremble
approved these changes
Dec 13, 2021
![ansible-zuul[bot]](https://avatars.githubusercontent.com/in/27800?s=60&v=4){kind=small}
Backport to stable-2: 💚 backport PR created✅ Backport PR branch: Backported as #833 🤖 @patchback |
patchback bot
pushed a commit
that referenced
this pull request
Dec 13, 2021
iam_user password management support SUMMARY The iam module currently supports password management for IAM users, but the newer iam_user module does not currently. This PR adds the password management functionality to bring parity with the old module. To ensure the IAM user is properly created before adding a login profile, the waiter for the IAM creation has also been added. ISSUE TYPE Feature Pull Request COMPONENT NAME iam_user ADDITIONAL INFORMATION The added functionality uses the create_login_profile and update_login_profile methods: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/iam.html#IAM.Client.create_login_profile https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/iam.html#IAM.Client.update_login_profile Local integration tests run: ansible-test integration --docker centos8 -vv iam_user --allow-unsupported ... PLAY RECAP ********************************************************************* testhost : ok=92 changed=24 unreachable=0 failed=0 skipped=0 rescued=0 ignored=2 AWS ACTIONS: ['iam:AddUserToGroup', 'iam:AttachUserPolicy', 'iam:CreateGroup', 'iam:CreateLoginProfile', 'iam:CreateUser', 'iam:DeleteGroup', 'iam:DeleteLoginProfile', 'iam:DeleteUser', 'iam:DetachUserPolicy', 'iam:GetGroup', 'iam:GetUser', 'iam:ListAccessKeys', 'iam:ListAttachedGroupPolicies', 'iam:ListAttachedUserPolicies', 'iam:ListGroupsForUser', 'iam:ListMFADevices', 'iam:ListPolicies', 'iam:ListSSHPublicKeys', 'iam:ListServiceSpecificCredentials', 'iam:ListSigningCertificates', 'iam:ListUserPolicies', 'iam:ListUsers', 'iam:RemoveUserFromGroup', 'iam:TagUser', 'iam:UntagUser', 'iam:UpdateLoginProfile'] Reviewed-by: Markus Bergholz <git@osuv.de> Reviewed-by: Mark Chappell <None> Reviewed-by: None <None> (cherry picked from commit a3d940a)
ansible-zuul bot
pushed a commit
that referenced
this pull request
Dec 17, 2021
[PR #822/a3d940af backport][stable-2] iam_user password management support This is a backport of PR #822 as merged into main (a3d940a). SUMMARY The iam module currently supports password management for IAM users, but the newer iam_user module does not currently. This PR adds the password management functionality to bring parity with the old module. To ensure the IAM user is properly created before adding a login profile, the waiter for the IAM creation has also been added. ISSUE TYPE Feature Pull Request COMPONENT NAME iam_user ADDITIONAL INFORMATION The added functionality uses the create_login_profile and update_login_profile methods: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/iam.html#IAM.Client.create_login_profile https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/iam.html#IAM.Client.update_login_profile Local integration tests run: ansible-test integration --docker centos8 -vv iam_user --allow-unsupported ... PLAY RECAP ********************************************************************* testhost : ok=92 changed=24 unreachable=0 failed=0 skipped=0 rescued=0 ignored=2 AWS ACTIONS: ['iam:AddUserToGroup', 'iam:AttachUserPolicy', 'iam:CreateGroup', 'iam:CreateLoginProfile', 'iam:CreateUser', 'iam:DeleteGroup', 'iam:DeleteLoginProfile', 'iam:DeleteUser', 'iam:DetachUserPolicy', 'iam:GetGroup', 'iam:GetUser', 'iam:ListAccessKeys', 'iam:ListAttachedGroupPolicies', 'iam:ListAttachedUserPolicies', 'iam:ListGroupsForUser', 'iam:ListMFADevices', 'iam:ListPolicies', 'iam:ListSSHPublicKeys', 'iam:ListServiceSpecificCredentials', 'iam:ListSigningCertificates', 'iam:ListUserPolicies', 'iam:ListUsers', 'iam:RemoveUserFromGroup', 'iam:TagUser', 'iam:UntagUser', 'iam:UpdateLoginProfile'] Reviewed-by: Markus Bergholz <git@osuv.de> Reviewed-by: None <None>
abikouo
pushed a commit
to abikouo/community.aws
that referenced
this pull request
Oct 24, 2023
iam_user password management support SUMMARY The iam module currently supports password management for IAM users, but the newer iam_user module does not currently. This PR adds the password management functionality to bring parity with the old module. To ensure the IAM user is properly created before adding a login profile, the waiter for the IAM creation has also been added. ISSUE TYPE Feature Pull Request COMPONENT NAME iam_user ADDITIONAL INFORMATION The added functionality uses the create_login_profile and update_login_profile methods: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/iam.html#IAM.Client.create_login_profile https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/iam.html#IAM.Client.update_login_profile Local integration tests run: ansible-test integration --docker centos8 -vv iam_user --allow-unsupported ... PLAY RECAP ********************************************************************* testhost : ok=92 changed=24 unreachable=0 failed=0 skipped=0 rescued=0 ignored=2 AWS ACTIONS: ['iam:AddUserToGroup', 'iam:AttachUserPolicy', 'iam:CreateGroup', 'iam:CreateLoginProfile', 'iam:CreateUser', 'iam:DeleteGroup', 'iam:DeleteLoginProfile', 'iam:DeleteUser', 'iam:DetachUserPolicy', 'iam:GetGroup', 'iam:GetUser', 'iam:ListAccessKeys', 'iam:ListAttachedGroupPolicies', 'iam:ListAttachedUserPolicies', 'iam:ListGroupsForUser', 'iam:ListMFADevices', 'iam:ListPolicies', 'iam:ListSSHPublicKeys', 'iam:ListServiceSpecificCredentials', 'iam:ListSigningCertificates', 'iam:ListUserPolicies', 'iam:ListUsers', 'iam:RemoveUserFromGroup', 'iam:TagUser', 'iam:UntagUser', 'iam:UpdateLoginProfile'] Reviewed-by: Markus Bergholz <git@osuv.de> Reviewed-by: Mark Chappell <None> Reviewed-by: None <None> This commit was initially merged in https://github.com/ansible-collections/community.aws See: ansible-collections@a3d940a
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
SUMMARY
The
iammodule currently supports password management for IAM users, but the neweriam_usermodule does not currently. This PR adds the password management functionality to bring parity with the old module.To ensure the IAM user is properly created before adding a login profile, the waiter for the IAM creation has also been added.
ISSUE TYPE
COMPONENT NAME
iam_user
ADDITIONAL INFORMATION
The added functionality uses the
create_login_profileandupdate_login_profilemethods:https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/iam.html#IAM.Client.create_login_profile
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/iam.html#IAM.Client.update_login_profile
Local integration tests run: