From 001f0802b7495c591e4894bdabdd2eb211aaab01 Mon Sep 17 00:00:00 2001 From: piyush-sinha Date: Wed, 26 Feb 2020 15:27:00 +0530 Subject: [PATCH] [ch3990] | Piyush & Abhishek | Add support for service iam role in infra provisioner --- bindata.go | 92 ++++++++++++++++++++++++++++++++++++-- go.mod | 1 + go.sum | 2 + main.go | 17 +++++++ sample_infra_manifest.json | 19 +++++++- types.go | 11 +++++ 6 files changed, 137 insertions(+), 5 deletions(-) diff --git a/bindata.go b/bindata.go index d477108..733980f 100644 --- a/bindata.go +++ b/bindata.go @@ -1,5 +1,7 @@ // Code generated by go-bindata. DO NOT EDIT. // sources: +// templates/aws-roles-tf/deploy.sh +// templates/aws-roles-tf/main.tf // templates/rds-tf/deploy.sh // templates/rds-tf/main.tf @@ -79,6 +81,82 @@ func (fi bindataFileInfo) Sys() interface{} { return nil } +var _bindataTemplatesAwsrolestfDeploysh = []byte( + "\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x52\x56\xd4\x4f\xca\xcc\xd3\x2f\xce\xe0\x2a\x49\x2d\x2a\x4a\x4c\xcb\x2f" + + "\xca\x55\xc8\xcc\xcb\x2c\x41\xe2\x96\xe7\x17\x65\x17\x17\x24\x26\xa7\x2a\x14\xa7\xe6\xa4\x26\x97\x28\x54\x57\x2b" + + "\xe8\x85\xc3\x05\x6b\x6b\x15\x6a\x6a\x14\xb0\x29\xcf\x4b\x2d\xc7\x50\x8b\x64\x6e\x41\x4e\x62\x9e\x82\x6e\x62\x69" + + "\x49\xbe\x6e\x62\x41\x41\x51\x7e\x59\x2a\x20\x00\x00\xff\xff\x17\xc8\x73\x3b\x8d\x00\x00\x00") + +func bindataTemplatesAwsrolestfDeployshBytes() ([]byte, error) { + return bindataRead( + _bindataTemplatesAwsrolestfDeploysh, + "templates/aws-roles-tf/deploy.sh", + ) +} + + + +func bindataTemplatesAwsrolestfDeploysh() (*asset, error) { + bytes, err := bindataTemplatesAwsrolestfDeployshBytes() + if err != nil { + return nil, err + } + + info := bindataFileInfo{ + name: "templates/aws-roles-tf/deploy.sh", + size: 141, + md5checksum: "", + mode: os.FileMode(420), + modTime: time.Unix(1582638007, 0), + } + + a := &asset{bytes: bytes, info: info} + + return a, nil +} + +var _bindataTemplatesAwsrolestfMaintf = []byte( + "\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x6c\x90\x31\x8f\xe3\x20\x10\x85\x7b\xff\x8a\x91\x7b\x6c\x9d\xae\x8b\x14" + + "\xe9\x9a\x6b\xae\xb8\x62\x77\xfb\x08\xe3\xb1\x8d\x0c\x8c\x17\x86\x64\xa3\x84\xff\xbe\x02\xb4\x51\x36\x59\x3a\x46" + + "\xef\xbd\x79\xf3\x31\x7a\x2f\x27\xf2\x16\x2e\x0d\xc0\x20\xd5\x8a\x6e\x84\x36\xfc\x6e\xcb\x00\x60\x88\x6a\x45\x86" + + "\xef\x6f\x0f\xad\x93\x47\x2d\x06\xe9\x56\x71\x8b\x10\x8a\xac\x95\x6e\x14\x81\x25\x63\x5b\xec\x1e\x67\x4d\xee\xd9" + + "\x2e\x37\x11\x28\xf2\x22\x7e\x55\xdd\x8a\x67\x78\x7a\x7b\x68\x03\xfa\xa3\x56\x28\xb4\xb4\xc2\x93\xc1\x50\xe5\x27" + + "\xf2\x6b\xd8\xa4\xc2\xc3\x8a\xe7\xc3\xe6\x71\xd2\x1f\x59\xae\xa5\x2d\xaa\xfe\x72\x81\xee\xaf\x3b\x6a\x4f\xce\xa2" + + "\x63\x48\xa9\x8c\x5e\x6b\xdc\x0b\x19\xec\xfe\x4b\x8b\x90\x52\x0d\xdc\x3c\x4d\xda\xe0\xd3\x7e\x65\xc7\x2a\x90\xca" + + "\xfc\x58\xb0\xf2\x11\x74\x72\xe8\xc5\x14\x8d\x11\x8a\x1c\x7b\x32\xd9\x96\x9a\xd4\x34\x96\xc6\x68\xb0\x74\x2b\x27" + + "\x54\xb2\x81\xa2\x57\x78\x17\x34\x6b\xde\xed\x42\x58\x76\x7d\x3f\x6b\xfe\x33\x6b\x5e\xe2\xd0\x29\x3b\x76\x05\x35" + + "\xa3\x5a\x3a\xed\xfa\xf2\xd1\x6e\xf2\xb2\xbf\x31\xe9\x66\xcd\x79\x1d\xde\x1d\x9c\x33\x1f\x21\x5c\xe1\x3d\x12\xe7" + + "\xa3\x73\x81\x8a\xe2\x90\x13\xbe\x4a\x3c\x20\x82\x2b\xd8\x18\xf8\x8d\xfe\x05\x72\xd9\x95\x9a\xcf\x00\x00\x00\xff" + + "\xff\x48\x68\xe4\x76\x30\x02\x00\x00") + +func bindataTemplatesAwsrolestfMaintfBytes() ([]byte, error) { + return bindataRead( + _bindataTemplatesAwsrolestfMaintf, + "templates/aws-roles-tf/main.tf", + ) +} + + + +func bindataTemplatesAwsrolestfMaintf() (*asset, error) { + bytes, err := bindataTemplatesAwsrolestfMaintfBytes() + if err != nil { + return nil, err + } + + info := bindataFileInfo{ + name: "templates/aws-roles-tf/main.tf", + size: 560, + md5checksum: "", + mode: os.FileMode(420), + modTime: time.Unix(1582638826, 0), + } + + a := &asset{bytes: bytes, info: info} + + return a, nil +} + var _bindataTemplatesRdstfDeploysh = []byte( "\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x9c\xcc\x4b\x8e\xc2\x30\x0c\x80\xe1\xfd\x9c\xc2\xa3\x59\x37\x3d\xc1\x9c" + "\x83\x65\xe4\x26\xa6\x44\x34\x89\x65\xbb\xad\x50\xdb\xbb\xb3\x41\x50\x01\x0b\xc4\xce\x8f\x5f\xdf\xdf\x6f\xdb\xa5" + @@ -108,7 +186,7 @@ func bindataTemplatesRdstfDeploysh() (*asset, error) { size: 343, md5checksum: "", mode: os.FileMode(420), - modTime: time.Unix(1578927242, 0), + modTime: time.Unix(1582527827, 0), } a := &asset{bytes: bytes, info: info} @@ -154,7 +232,7 @@ func bindataTemplatesRdstfMaintf() (*asset, error) { size: 1056, md5checksum: "", mode: os.FileMode(420), - modTime: time.Unix(1578995480, 0), + modTime: time.Unix(1582527827, 0), } a := &asset{bytes: bytes, info: info} @@ -226,8 +304,10 @@ func AssetNames() []string { // _bindata is a table, holding each asset generator, mapped to its name. // var _bindata = map[string]func() (*asset, error){ - "templates/rds-tf/deploy.sh": bindataTemplatesRdstfDeploysh, - "templates/rds-tf/main.tf": bindataTemplatesRdstfMaintf, + "templates/aws-roles-tf/deploy.sh": bindataTemplatesAwsrolestfDeploysh, + "templates/aws-roles-tf/main.tf": bindataTemplatesAwsrolestfMaintf, + "templates/rds-tf/deploy.sh": bindataTemplatesRdstfDeploysh, + "templates/rds-tf/main.tf": bindataTemplatesRdstfMaintf, } // @@ -283,6 +363,10 @@ type bintree struct { var _bintree = &bintree{Func: nil, Children: map[string]*bintree{ "templates": {Func: nil, Children: map[string]*bintree{ + "aws-roles-tf": {Func: nil, Children: map[string]*bintree{ + "deploy.sh": {Func: bindataTemplatesAwsrolestfDeploysh, Children: map[string]*bintree{}}, + "main.tf": {Func: bindataTemplatesAwsrolestfMaintf, Children: map[string]*bintree{}}, + }}, "rds-tf": {Func: nil, Children: map[string]*bintree{ "deploy.sh": {Func: bindataTemplatesRdstfDeploysh, Children: map[string]*bintree{}}, "main.tf": {Func: bindataTemplatesRdstfMaintf, Children: map[string]*bintree{}}, diff --git a/go.mod b/go.mod index 007420f..f47b78d 100644 --- a/go.mod +++ b/go.mod @@ -7,6 +7,7 @@ require ( github.com/a8m/envsubst v1.1.0 github.com/huandu/xstrings v1.2.1 // indirect github.com/imdario/mergo v0.3.8 // indirect + github.com/shuLhan/go-bindata v3.4.0+incompatible // indirect github.com/urfave/cli/v2 v2.1.1 golang.org/x/crypto v0.0.0-20200109152110-61a87790db17 // indirect ) diff --git a/go.sum b/go.sum index cac60c3..5c20b87 100644 --- a/go.sum +++ b/go.sum @@ -29,6 +29,8 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/shuLhan/go-bindata v3.4.0+incompatible h1:xlNGW4LRRs+BPBpefnlrgSqb9x7vNF9YyzKeMuuqMpk= +github.com/shuLhan/go-bindata v3.4.0+incompatible/go.mod h1:pkcPAATLBDD2+SpAPnX5vEM90F7fcwHCvvLCMXcmw3g= github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8= diff --git a/main.go b/main.go index 8940c14..ab37a06 100644 --- a/main.go +++ b/main.go @@ -75,6 +75,23 @@ func main() { return nil }, }, + { + Name: "iam-roles", + Usage: "Provision iam service roles", + Action: func(c *cli.Context) error { + manifest, err := parseManifest(c.String("manifest")) + if err != nil { + log.Fatalf("\nErr: %v", err) + return err + } + err = provisionResource("roles", "aws-roles-tf", manifest, c.Bool("template-only")) + if err != nil { + log.Fatalf("\nErr: %v", err) + return err + } + return nil + }, + }, }, } diff --git a/sample_infra_manifest.json b/sample_infra_manifest.json index 271bccd..e47a4de 100644 --- a/sample_infra_manifest.json +++ b/sample_infra_manifest.json @@ -1,12 +1,29 @@ { "extraResources": { - "environment": "prod", + "environment": "nonprod", "database": { "instanceName": "auth-service", "user": "auth_service_user", "password": "auth_service_password", "sizeInGb": 7, "dbNames": ["auth_service"] + }, + "service_role": { + "name": "xyz", + "policies": [ + { + "actions": ["s3:GetObject","s3:PutObject"], + "resource": "arn:aws:s3:::navi-e3e2a9bfd88566b05001b02a3f51d286/*" + }, + { + "actions": ["s3:GetObject","s3:PutObject"], + "resource": "arn:aws:s3:::arn:aws:s3:::test-bucket-to-be-deleted/*" + }, + { + "resource": "*", + "actions":["sns:Publish", "sns:SetSMSAttributes"] + } + ] } } } diff --git a/types.go b/types.go index 030a0b1..ff03f23 100644 --- a/types.go +++ b/types.go @@ -15,6 +15,7 @@ type ExtraResources struct { Environment string `json:"environment"` Workspace string Database Database `json:"database"` + ServiceRole ServiceRole `json:"service_role"` } //We provide defaults in respective terraforms instead of here to keep all values at one place @@ -28,3 +29,13 @@ type Database struct { DbNames []string `json:"dbNames"` InstanceName string `json:"instanceName"` } + +type ServiceRole struct { + Name string `json:"name"` + Policies []Policies `json:"policies"` +} + +type Policies struct { + Actions []string `json:"actions"` + Resource string `json:"resource"` +} \ No newline at end of file