1.2.0
Release Notes
BREAKING CHANGES
Explicit Deny Logic
Introduced an advanced control mechanism that enables explicit denial of self-approval and automatic approvals in various scenarios.
In the system, an explicit denial stipulated in any statement overrides any approvals. For instance, if one statement designates an individual as an approver for all accounts, but another statement specifies that the same individual is not allowed to self-approve or to bypass the approval process for a particular account and permission set (by setting allow_self_approval and approval_is_not_required to False), then that individual will not be able to approve requests for that specific account. This enforces stricter control.
Default Values
Updated the default values for the approval_is_not_required and allow_self_approval attributes to None. This change ensures that the previous default setting of False will not deny all self-approval and approval-not-required requests automatically.
Slack App Scope
In previous releases, it was not mentioned that the scope of the Slack app permissions needed to be updated to ensure the proper functioning of the new discard buttons feature. Please ensure that your scope includes all the necessary permissions:
commands: This permission adds shortcuts and/or slash commands that people can use.chat:write: This permission allows the app to post messages to Slack.users:readandusers:read.email: These permissions enable the app to find user email addresses, a necessary feature for creating AWS account assignments and including user mentions in requests.channels:history: This permission allows the app to find old messages, which facilitates handling "discard button" events.
Other Improvements:
Optional SNS DQL Email
Made the SNS DQL email optional for both lambdas, offering more flexibility in the configuration settings.
Test Case Adjustments
Corrected and implemented additional test cases to align with the newly implemented explicit deny logic.