Skip to content

Commit

Permalink
Merge pull request #78 from hashicorp/v2-better-assume-role
Browse files Browse the repository at this point in the history 
V2: Make Assume Role config a separate struct
  • Loading branch information
@gdavison
gdavison authored Sep 23, 2021
2 parents c7ae5a0 + 4b642f2 commit 4f7ba81
Show file tree
Hide file tree
Showing 7 changed files with 228 additions and 168 deletions.
5 changes: 4 additions & 1 deletion .github/workflows/pull_request.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,9 @@ jobs:

- run: cd tools && go install github.com/golangci/golangci-lint/cmd/golangci-lint

- run: golangci-lint run ./...
- run: |
golangci-lint run ./...
cd v2/awsv1shim && golangci-lint run ./...
import-lint:
runs-on: ubuntu-latest
Expand All @@ -84,6 +86,7 @@ jobs:

- run: cd tools && go install github.com/pavius/impi/cmd/impi

# impi runs against the whole directory tree, ignoring modules
- run: impi --local . --scheme stdThirdPartyLocal ./...

semgrep:
Expand Down
1 change: 1 addition & 0 deletions GNUmakefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ lint: golangci-lint importlint

golangci-lint:
@golangci-lint run ./...
@cd v2/awsv1shim && golangci-lint run ./...

importlint:
@impi --local . --scheme stdThirdPartyLocal ./...
Expand Down
157 changes: 92 additions & 65 deletions aws_config_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,11 +69,13 @@ func TestGetAwsConfig(t *testing.T) {
},
{
Config: &Config{
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName,
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
SessionName: servicemocks.MockStsAssumeRoleSessionName,
},
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
},
Description: "config AccessKey config AssumeRoleARN access key",
ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials,
Expand All @@ -85,12 +87,14 @@ func TestGetAwsConfig(t *testing.T) {
},
{
Config: &Config{
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRoleDurationSeconds: 3600,
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName,
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
DurationSeconds: 3600,
SessionName: servicemocks.MockStsAssumeRoleSessionName,
},
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
},
Description: "config AssumeRoleDurationSeconds",
ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials,
Expand All @@ -102,12 +106,14 @@ func TestGetAwsConfig(t *testing.T) {
},
{
Config: &Config{
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRoleExternalID: servicemocks.MockStsAssumeRoleExternalId,
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName,
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
ExternalID: servicemocks.MockStsAssumeRoleExternalId,
SessionName: servicemocks.MockStsAssumeRoleSessionName,
},
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
},
Description: "config AssumeRoleExternalID",
ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials,
Expand All @@ -119,12 +125,14 @@ func TestGetAwsConfig(t *testing.T) {
},
{
Config: &Config{
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRolePolicy: servicemocks.MockStsAssumeRolePolicy,
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName,
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
Policy: servicemocks.MockStsAssumeRolePolicy,
SessionName: servicemocks.MockStsAssumeRoleSessionName,
},
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
},
Description: "config AssumeRolePolicy",
ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials,
Expand All @@ -136,12 +144,14 @@ func TestGetAwsConfig(t *testing.T) {
},
{
Config: &Config{
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRolePolicyARNs: []string{servicemocks.MockStsAssumeRolePolicyArn},
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName,
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
PolicyARNs: []string{servicemocks.MockStsAssumeRolePolicyArn},
SessionName: servicemocks.MockStsAssumeRoleSessionName,
},
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
},
Description: "config AssumeRolePolicyARNs",
ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials,
Expand All @@ -153,11 +163,13 @@ func TestGetAwsConfig(t *testing.T) {
},
{
Config: &Config{
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName,
AssumeRoleTags: map[string]string{
servicemocks.MockStsAssumeRoleTagKey: servicemocks.MockStsAssumeRoleTagValue,
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
SessionName: servicemocks.MockStsAssumeRoleSessionName,
Tags: map[string]string{
servicemocks.MockStsAssumeRoleTagKey: servicemocks.MockStsAssumeRoleTagValue,
},
},
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
Expand All @@ -172,15 +184,17 @@ func TestGetAwsConfig(t *testing.T) {
},
{
Config: &Config{
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName,
AssumeRoleTags: map[string]string{
servicemocks.MockStsAssumeRoleTagKey: servicemocks.MockStsAssumeRoleTagValue,
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
SessionName: servicemocks.MockStsAssumeRoleSessionName,
Tags: map[string]string{
servicemocks.MockStsAssumeRoleTagKey: servicemocks.MockStsAssumeRoleTagValue,
},
TransitiveTagKeys: []string{servicemocks.MockStsAssumeRoleTagKey},
},
AssumeRoleTransitiveTagKeys: []string{servicemocks.MockStsAssumeRoleTagKey},
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
},
Description: "config AssumeRoleTransitiveTagKeys",
ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials,
Expand Down Expand Up @@ -299,9 +313,11 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey
},
{
Config: &Config{
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName,
Region: "us-east-1",
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
SessionName: servicemocks.MockStsAssumeRoleSessionName,
},
Region: "us-east-1",
},
Description: "environment AWS_ACCESS_KEY_ID config AssumeRoleARN access key",
EnvironmentVariables: map[string]string{
Expand Down Expand Up @@ -451,9 +467,11 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey
},
{
Config: &Config{
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName,
Region: "us-east-1",
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
SessionName: servicemocks.MockStsAssumeRoleSessionName,
},
Region: "us-east-1",
},
Description: "shared credentials default aws_access_key_id config AssumeRoleARN access key",
ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials,
Expand Down Expand Up @@ -496,9 +514,11 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey
},
{
Config: &Config{
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName,
Region: "us-east-1",
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
SessionName: servicemocks.MockStsAssumeRoleSessionName,
},
Region: "us-east-1",
},
Description: "EC2 metadata access key config AssumeRoleARN access key",
EnableEc2MetadataServer: true,
Expand All @@ -524,9 +544,11 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey
},
{
Config: &Config{
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName,
Region: "us-east-1",
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
SessionName: servicemocks.MockStsAssumeRoleSessionName,
},
Region: "us-east-1",
},
Description: "ECS credentials access key config AssumeRoleARN access key",
EnableEc2MetadataServer: true,
Expand Down Expand Up @@ -729,12 +751,14 @@ region = us-east-1
},
{
Config: &Config{
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName,
DebugLogging: true,
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
SessionName: servicemocks.MockStsAssumeRoleSessionName,
},
DebugLogging: true,
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
},
Description: "assume role error",
ExpectedError: func(err error) bool {
Expand Down Expand Up @@ -1172,11 +1196,14 @@ func TestGetAwsConfigWithAccountIDAndPartition(t *testing.T) {
{
"WithAssumeRole",
&Config{
AccessKey: "MockAccessKey",
SecretKey: "MockSecretKey",
Region: "us-west-2",
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName},
AccessKey: "MockAccessKey",
SecretKey: "MockSecretKey",
Region: "us-west-2",
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
SessionName: servicemocks.MockStsAssumeRoleSessionName,
},
},
false,
"555555555555", "aws", false, []*servicemocks.MockEndpoint{
servicemocks.MockStsAssumeRoleValidEndpoint,
Expand Down
54 changes: 29 additions & 25 deletions config.go
View file
Original file line number Diff line number Diff line change
@@ -1,31 +1,35 @@
package awsbase

type Config struct {
AccessKey string
AssumeRoleARN string
AssumeRoleDurationSeconds int
AssumeRoleExternalID string
AssumeRolePolicy string
AssumeRolePolicyARNs []string
AssumeRoleSessionName string
AssumeRoleTags map[string]string
AssumeRoleTransitiveTagKeys []string
CallerDocumentationURL string
CallerName string
DebugLogging bool
IamEndpoint string
Insecure bool
MaxRetries int
Profile string
Region string
SecretKey string
SharedCredentialsFiles []string
SharedConfigFiles []string
SkipCredsValidation bool
SkipMetadataApiCheck bool
StsEndpoint string
Token string
UserAgentProducts []*UserAgentProduct
AccessKey string
AssumeRole *AssumeRole
CallerDocumentationURL string
CallerName string
DebugLogging bool
IamEndpoint string
Insecure bool
MaxRetries int
Profile string
Region string
SecretKey string
SharedCredentialsFiles []string
SharedConfigFiles []string
SkipCredsValidation bool
SkipMetadataApiCheck bool
StsEndpoint string
Token string
UserAgentProducts []*UserAgentProduct
}

type AssumeRole struct {
RoleARN string
DurationSeconds int
ExternalID string
Policy string
PolicyARNs []string
SessionName string
Tags map[string]string
TransitiveTagKeys []string
}

type UserAgentProduct struct {
Expand Down
Loading

0 comments on commit 4f7ba81

Please sign in to comment.