Allow cloning a role with session duration (Netflix#9300)

* Allow cloning a role with session duration, and specifying default session duration

* Change default value

consoleme/lib/aws.py

@@ -941,6 +941,11 @@ async def create_iam_role(create_model: RoleCreationRequestModel, username):
         raise MissingConfigurationValue(
             "Missing Default Assume Role Policy Configuration"
         )
+
+    default_max_session_duration = config.get(
+        "user_role_creator.default_max_session_duration", 3600
+    )
+
     if create_model.description:
         description = create_model.description
     else:
@@ -962,6 +967,7 @@ async def create_iam_role(create_model: RoleCreationRequestModel, username):
             RoleName=create_model.role_name,
             AssumeRolePolicyDocument=json.dumps(default_trust_policy),
             Description=description,
+            MaxSessionDuration=default_max_session_duration,
             Tags=[],
         )
         results["action_results"].append(
@@ -1103,6 +1109,16 @@ async def clone_iam_role(clone_model: CloneRoleRequestModel, username):
             "Missing Default Assume Role Policy Configuration"
         )
 
+    default_max_session_duration = config.get(
+        "user_role_creator.default_max_session_duration", 3600
+    )
+
+    max_session_duration = (
+        role.max_session_duration
+        if clone_model.options.max_session_duration
+        else default_max_session_duration
+    )
+
     if (
         clone_model.options.copy_description
         and role.description is not None
@@ -1135,6 +1151,7 @@ async def clone_iam_role(clone_model: CloneRoleRequestModel, username):
             RoleName=clone_model.dest_role_name,
             AssumeRolePolicyDocument=json.dumps(trust_policy),
             Description=description,
+            MaxSessionDuration=max_session_duration,
             Tags=tags,
         )
         results["action_results"].append(

consoleme/models.py

@@ -1,6 +1,6 @@
 # generated by datamodel-codegen:
 #   filename:  swagger.yaml
-#   timestamp: 2021-09-09T03:43:06+00:00
+#   timestamp: 2022-03-09T13:30:52+00:00
 
 from __future__ import annotations
 
@@ -370,6 +370,7 @@ class Options(BaseModel):
     description: Optional[str] = None
     inline_policies: Optional[bool] = False
     managed_policies: Optional[bool] = False
+    max_session_duration: Optional[bool] = False
 
 
 class CloneRoleRequestModel(BaseModel):

swagger.yaml

@@ -1618,6 +1618,9 @@ components:
             managed_policies:
               type: boolean
               default: False
+            max_session_duration:
+              type: boolean
+              default: False
     CreateCloneRequestResponse:
       type: object
       properties:

ui/src/components/roles/CreateCloneFeature.js

@@ -21,6 +21,7 @@ const clone_options = [
   { text: "Inline policies", value: "inline_policies" },
   { text: "Managed Policies", value: "managed_policies" },
   { text: "Tags", value: "tags" },
+  { text: "Max Session Duration", value: "max_session_duration" },
 ];
 
 const clone_default_selected_options = clone_options.map(
@@ -187,6 +188,7 @@ class CreateCloneFeature extends Component {
       description: this.state.description,
       inline_policies: this.state.options.includes("inline_policies"),
       managed_policies: this.state.options.includes("managed_policies"),
+      max_session_duration: this.state.options.includes("max_session_duration"),
     };
 
     const payload = {