Skip to content

Commit

Permalink
feat: Add aws_assume_role support for generic providers (#298)
Browse files Browse the repository at this point in the history
to allow aws associate provider to have same roleARN format
  • Loading branch information
zackhee997 authored May 20, 2024
1 parent b267c74 commit fc76924
Show file tree
Hide file tree
Showing 8 changed files with 97 additions and 4 deletions.
16 changes: 13 additions & 3 deletions config/v2/resolvers.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package v2

import (
"encoding/json"
"fmt"

"github.com/chanzuckerberg/fogg/util"
)
Expand Down Expand Up @@ -764,13 +765,13 @@ func ResolveRequiredProviders(commons ...Common) map[string]*GenericProvider {
config := make(map[string]any)

if prev != nil {
source, customProvider, version, enabled = resolveGenericProvider(prev, source, customProvider, version, enabled, config)
source, customProvider, version, enabled = resolveGenericProvider(prev, source, customProvider, version, enabled, config, commons...)
}
if curr == nil {
// excplicit set to nil
delete(requiredProviders, k)
} else {
source, customProvider, version, enabled = resolveGenericProvider(curr, source, customProvider, version, enabled, config)
source, customProvider, version, enabled = resolveGenericProvider(curr, source, customProvider, version, enabled, config, commons...)
requiredProviders[k] = &GenericProvider{
CommonProvider: CommonProvider{
CustomProvider: customProvider,
Expand All @@ -793,7 +794,10 @@ func resolveGenericProvider(
version string,
enabled bool,
config map[string]any,
commons ...Common,
) (string, *bool, string, bool) {
awsConfig := ResolveAWSProvider(commons...)

if len(p.Source) != 0 {
source = p.Source
}
Expand All @@ -810,7 +814,13 @@ func resolveGenericProvider(
if value == nil {
delete(config, key)
} else {
config[key] = value
// specially for AWS associate assume role
if key == "assume_role" {
tmp := fmt.Sprintf("arn:aws:iam::%s:role/%s", *awsConfig.AccountID, value)
config["assume_role"] = tmp
} else {
config[key] = value
}
}
}
return source, customProvider, version, enabled
Expand Down
7 changes: 7 additions & 0 deletions testdata/generic_providers_yaml/fogg.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,12 @@ defaults:
assert:
version: 0.0.1
sops: {}
aws:
# use shared-services account as default
account_id: "0000000000000000"
role: TerraformExecutionRole
region: ap-southeast-1
version: ~> 5.0
# ad-hoc required providers and optional config
required_providers:
foo:
Expand Down Expand Up @@ -42,6 +48,7 @@ envs:
custom_provider: false
config:
baz_token: prod_token_arn
aws_assume_role: "TerraformExecutionRole"
components:
network: {}
stg:
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

21 changes: 21 additions & 0 deletions testdata/generic_providers_yaml/terraform/envs/stg/network/fogg.tf

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions testdata/generic_providers_yaml/terraform/global/Makefile

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

21 changes: 21 additions & 0 deletions testdata/generic_providers_yaml/terraform/global/fogg.tf

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit fc76924

Please sign in to comment.