Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

V2: Make Assume Role config a separate struct #78

Merged
merged 3 commits into from
Sep 23, 2021
Merged

V2: Make Assume Role config a separate struct #78

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
afbf357
Separates AssumeRole config struct
gdavison Sep 21, 2021
bf69335
Runs `golangci-lint` against `awsv1shim` module
gdavison Sep 21, 2021
4b642f2
Prevents echo of `awsv1shim` linting command
gdavison Sep 23, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion .github/workflows/pull_request.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,9 @@ jobs:

- run: cd tools && go install github.com/golangci/golangci-lint/cmd/golangci-lint

- run: golangci-lint run ./...
- run: |
golangci-lint run ./...
cd v2/awsv1shim && golangci-lint run ./...

import-lint:
runs-on: ubuntu-latest
Expand All @@ -84,6 +86,7 @@ jobs:

- run: cd tools && go install github.com/pavius/impi/cmd/impi

# impi runs against the whole directory tree, ignoring modules
- run: impi --local . --scheme stdThirdPartyLocal ./...

semgrep:
Expand Down
1 change: 1 addition & 0 deletions GNUmakefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ lint: golangci-lint importlint

golangci-lint:
@golangci-lint run ./...
@cd v2/awsv1shim && golangci-lint run ./...

importlint:
@impi --local . --scheme stdThirdPartyLocal ./...
Expand Down
157 changes: 92 additions & 65 deletions aws_config_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,11 +69,13 @@ func TestGetAwsConfig(t *testing.T) {
},
{
Config: &Config{
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName,
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
SessionName: servicemocks.MockStsAssumeRoleSessionName,
},
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
},
Description: "config AccessKey config AssumeRoleARN access key",
ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials,
Expand All @@ -85,12 +87,14 @@ func TestGetAwsConfig(t *testing.T) {
},
{
Config: &Config{
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRoleDurationSeconds: 3600,
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName,
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
DurationSeconds: 3600,
SessionName: servicemocks.MockStsAssumeRoleSessionName,
},
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
},
Description: "config AssumeRoleDurationSeconds",
ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials,
Expand All @@ -102,12 +106,14 @@ func TestGetAwsConfig(t *testing.T) {
},
{
Config: &Config{
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRoleExternalID: servicemocks.MockStsAssumeRoleExternalId,
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName,
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
ExternalID: servicemocks.MockStsAssumeRoleExternalId,
SessionName: servicemocks.MockStsAssumeRoleSessionName,
},
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
},
Description: "config AssumeRoleExternalID",
ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials,
Expand All @@ -119,12 +125,14 @@ func TestGetAwsConfig(t *testing.T) {
},
{
Config: &Config{
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRolePolicy: servicemocks.MockStsAssumeRolePolicy,
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName,
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
Policy: servicemocks.MockStsAssumeRolePolicy,
SessionName: servicemocks.MockStsAssumeRoleSessionName,
},
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
},
Description: "config AssumeRolePolicy",
ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials,
Expand All @@ -136,12 +144,14 @@ func TestGetAwsConfig(t *testing.T) {
},
{
Config: &Config{
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRolePolicyARNs: []string{servicemocks.MockStsAssumeRolePolicyArn},
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName,
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
PolicyARNs: []string{servicemocks.MockStsAssumeRolePolicyArn},
SessionName: servicemocks.MockStsAssumeRoleSessionName,
},
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
},
Description: "config AssumeRolePolicyARNs",
ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials,
Expand All @@ -153,11 +163,13 @@ func TestGetAwsConfig(t *testing.T) {
},
{
Config: &Config{
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName,
AssumeRoleTags: map[string]string{
servicemocks.MockStsAssumeRoleTagKey: servicemocks.MockStsAssumeRoleTagValue,
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
SessionName: servicemocks.MockStsAssumeRoleSessionName,
Tags: map[string]string{
servicemocks.MockStsAssumeRoleTagKey: servicemocks.MockStsAssumeRoleTagValue,
},
},
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
Expand All @@ -172,15 +184,17 @@ func TestGetAwsConfig(t *testing.T) {
},
{
Config: &Config{
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName,
AssumeRoleTags: map[string]string{
servicemocks.MockStsAssumeRoleTagKey: servicemocks.MockStsAssumeRoleTagValue,
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
SessionName: servicemocks.MockStsAssumeRoleSessionName,
Tags: map[string]string{
servicemocks.MockStsAssumeRoleTagKey: servicemocks.MockStsAssumeRoleTagValue,
},
TransitiveTagKeys: []string{servicemocks.MockStsAssumeRoleTagKey},
},
AssumeRoleTransitiveTagKeys: []string{servicemocks.MockStsAssumeRoleTagKey},
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
},
Description: "config AssumeRoleTransitiveTagKeys",
ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials,
Expand Down Expand Up @@ -299,9 +313,11 @@ aws_secret_access_key = SharedConfigurationSourceSecretKey
},
{
Config: &Config{
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName,
Region: "us-east-1",
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
SessionName: servicemocks.MockStsAssumeRoleSessionName,
},
Region: "us-east-1",
},
Description: "environment AWS_ACCESS_KEY_ID config AssumeRoleARN access key",
EnvironmentVariables: map[string]string{
Expand Down Expand Up @@ -451,9 +467,11 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey
},
{
Config: &Config{
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName,
Region: "us-east-1",
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
SessionName: servicemocks.MockStsAssumeRoleSessionName,
},
Region: "us-east-1",
},
Description: "shared credentials default aws_access_key_id config AssumeRoleARN access key",
ExpectedCredentialsValue: mockdata.MockStsAssumeRoleCredentials,
Expand Down Expand Up @@ -496,9 +514,11 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey
},
{
Config: &Config{
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName,
Region: "us-east-1",
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
SessionName: servicemocks.MockStsAssumeRoleSessionName,
},
Region: "us-east-1",
},
Description: "EC2 metadata access key config AssumeRoleARN access key",
EnableEc2MetadataServer: true,
Expand All @@ -524,9 +544,11 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey
},
{
Config: &Config{
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName,
Region: "us-east-1",
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
SessionName: servicemocks.MockStsAssumeRoleSessionName,
},
Region: "us-east-1",
},
Description: "ECS credentials access key config AssumeRoleARN access key",
EnableEc2MetadataServer: true,
Expand Down Expand Up @@ -729,12 +751,14 @@ region = us-east-1
},
{
Config: &Config{
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName,
DebugLogging: true,
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
AccessKey: servicemocks.MockStaticAccessKey,
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
SessionName: servicemocks.MockStsAssumeRoleSessionName,
},
DebugLogging: true,
Region: "us-east-1",
SecretKey: servicemocks.MockStaticSecretKey,
},
Description: "assume role error",
ExpectedError: func(err error) bool {
Expand Down Expand Up @@ -1172,11 +1196,14 @@ func TestGetAwsConfigWithAccountIDAndPartition(t *testing.T) {
{
"WithAssumeRole",
&Config{
AccessKey: "MockAccessKey",
SecretKey: "MockSecretKey",
Region: "us-west-2",
AssumeRoleARN: servicemocks.MockStsAssumeRoleArn,
AssumeRoleSessionName: servicemocks.MockStsAssumeRoleSessionName},
AccessKey: "MockAccessKey",
SecretKey: "MockSecretKey",
Region: "us-west-2",
AssumeRole: &AssumeRole{
RoleARN: servicemocks.MockStsAssumeRoleArn,
SessionName: servicemocks.MockStsAssumeRoleSessionName,
},
},
false,
"555555555555", "aws", false, []*servicemocks.MockEndpoint{
servicemocks.MockStsAssumeRoleValidEndpoint,
Expand Down
54 changes: 29 additions & 25 deletions config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,31 +1,35 @@
package awsbase

type Config struct {
AccessKey string
AssumeRoleARN string
AssumeRoleDurationSeconds int
AssumeRoleExternalID string
AssumeRolePolicy string
AssumeRolePolicyARNs []string
AssumeRoleSessionName string
AssumeRoleTags map[string]string
AssumeRoleTransitiveTagKeys []string
CallerDocumentationURL string
CallerName string
DebugLogging bool
IamEndpoint string
Insecure bool
MaxRetries int
Profile string
Region string
SecretKey string
SharedCredentialsFiles []string
SharedConfigFiles []string
SkipCredsValidation bool
SkipMetadataApiCheck bool
StsEndpoint string
Token string
UserAgentProducts []*UserAgentProduct
AccessKey string
AssumeRole *AssumeRole
CallerDocumentationURL string
CallerName string
DebugLogging bool
IamEndpoint string
Insecure bool
MaxRetries int
Profile string
Region string
SecretKey string
SharedCredentialsFiles []string
SharedConfigFiles []string
SkipCredsValidation bool
SkipMetadataApiCheck bool
StsEndpoint string
Token string
UserAgentProducts []*UserAgentProduct
}

type AssumeRole struct {
RoleARN string
DurationSeconds int
ExternalID string
Policy string
PolicyARNs []string
SessionName string
Tags map[string]string
TransitiveTagKeys []string
}

type UserAgentProduct struct {
Expand Down
Loading