[ch3990] | Piyush & Abhishek | Add support for service iam role in infra provisioner

bindata.go

@@ -1,5 +1,7 @@
 // Code generated by go-bindata. DO NOT EDIT.
 // sources:
+// templates/aws-roles-tf/deploy.sh
+// templates/aws-roles-tf/main.tf
 // templates/rds-tf/deploy.sh
 // templates/rds-tf/main.tf
 
@@ -79,6 +81,82 @@ func (fi bindataFileInfo) Sys() interface{} {
 	return nil
 }
 
+var _bindataTemplatesAwsrolestfDeploysh = []byte(
+	"\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x52\x56\xd4\x4f\xca\xcc\xd3\x2f\xce\xe0\x2a\x49\x2d\x2a\x4a\x4c\xcb\x2f" +
+	"\xca\x55\xc8\xcc\xcb\x2c\x41\xe2\x96\xe7\x17\x65\x17\x17\x24\x26\xa7\x2a\x14\xa7\xe6\xa4\x26\x97\x28\x54\x57\x2b" +
+	"\xe8\x85\xc3\x05\x6b\x6b\x15\x6a\x6a\x14\xb0\x29\xcf\x4b\x2d\xc7\x50\x8b\x64\x6e\x41\x4e\x62\x9e\x82\x6e\x62\x69" +
+	"\x49\xbe\x6e\x62\x41\x41\x51\x7e\x59\x2a\x20\x00\x00\xff\xff\x17\xc8\x73\x3b\x8d\x00\x00\x00")
+
+func bindataTemplatesAwsrolestfDeployshBytes() ([]byte, error) {
+	return bindataRead(
+		_bindataTemplatesAwsrolestfDeploysh,
+		"templates/aws-roles-tf/deploy.sh",
+	)
+}
+
+
+
+func bindataTemplatesAwsrolestfDeploysh() (*asset, error) {
+	bytes, err := bindataTemplatesAwsrolestfDeployshBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{
+		name: "templates/aws-roles-tf/deploy.sh",
+		size: 141,
+		md5checksum: "",
+		mode: os.FileMode(420),
+		modTime: time.Unix(1582638007, 0),
+	}
+
+	a := &asset{bytes: bytes, info: info}
+
+	return a, nil
+}
+
+var _bindataTemplatesAwsrolestfMaintf = []byte(
+	"\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x6c\x90\x31\x8f\xe3\x20\x10\x85\x7b\xff\x8a\x91\x7b\x6c\x9d\xae\x8b\x14" +
+	"\xe9\x9a\x6b\xae\xb8\x62\x77\xfb\x08\xe3\xb1\x8d\x0c\x8c\x17\x86\x64\xa3\x84\xff\xbe\x02\xb4\x51\x36\x59\x3a\x46" +
+	"\xef\xbd\x79\xf3\x31\x7a\x2f\x27\xf2\x16\x2e\x0d\xc0\x20\xd5\x8a\x6e\x84\x36\xfc\x6e\xcb\x00\x60\x88\x6a\x45\x86" +
+	"\xef\x6f\x0f\xad\x93\x47\x2d\x06\xe9\x56\x71\x8b\x10\x8a\xac\x95\x6e\x14\x81\x25\x63\x5b\xec\x1e\x67\x4d\xee\xd9" +
+	"\x2e\x37\x11\x28\xf2\x22\x7e\x55\xdd\x8a\x67\x78\x7a\x7b\x68\x03\xfa\xa3\x56\x28\xb4\xb4\xc2\x93\xc1\x50\xe5\x27" +
+	"\xf2\x6b\xd8\xa4\xc2\xc3\x8a\xe7\xc3\xe6\x71\xd2\x1f\x59\xae\xa5\x2d\xaa\xfe\x72\x81\xee\xaf\x3b\x6a\x4f\xce\xa2" +
+	"\x63\x48\xa9\x8c\x5e\x6b\xdc\x0b\x19\xec\xfe\x4b\x8b\x90\x52\x0d\xdc\x3c\x4d\xda\xe0\xd3\x7e\x65\xc7\x2a\x90\xca" +
+	"\xfc\x58\xb0\xf2\x11\x74\x72\xe8\xc5\x14\x8d\x11\x8a\x1c\x7b\x32\xd9\x96\x9a\xd4\x34\x96\xc6\x68\xb0\x74\x2b\x27" +
+	"\x54\xb2\x81\xa2\x57\x78\x17\x34\x6b\xde\xed\x42\x58\x76\x7d\x3f\x6b\xfe\x33\x6b\x5e\xe2\xd0\x29\x3b\x76\x05\x35" +
+	"\xa3\x5a\x3a\xed\xfa\xf2\xd1\x6e\xf2\xb2\xbf\x31\xe9\x66\xcd\x79\x1d\xde\x1d\x9c\x33\x1f\x21\x5c\xe1\x3d\x12\xe7" +
+	"\xa3\x73\x81\x8a\xe2\x90\x13\xbe\x4a\x3c\x20\x82\x2b\xd8\x18\xf8\x8d\xfe\x05\x72\xd9\x95\x9a\xcf\x00\x00\x00\xff" +
+	"\xff\x48\x68\xe4\x76\x30\x02\x00\x00")
+
+func bindataTemplatesAwsrolestfMaintfBytes() ([]byte, error) {
+	return bindataRead(
+		_bindataTemplatesAwsrolestfMaintf,
+		"templates/aws-roles-tf/main.tf",
+	)
+}
+
+
+
+func bindataTemplatesAwsrolestfMaintf() (*asset, error) {
+	bytes, err := bindataTemplatesAwsrolestfMaintfBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{
+		name: "templates/aws-roles-tf/main.tf",
+		size: 560,
+		md5checksum: "",
+		mode: os.FileMode(420),
+		modTime: time.Unix(1582638826, 0),
+	}
+
+	a := &asset{bytes: bytes, info: info}
+
+	return a, nil
+}
+
 var _bindataTemplatesRdstfDeploysh = []byte(
 	"\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x9c\xcc\x4b\x8e\xc2\x30\x0c\x80\xe1\xfd\x9c\xc2\xa3\x59\x37\x3d\xc1\x9c" +
 	"\x83\x65\xe4\x26\xa6\x44\x34\x89\x65\xbb\xad\x50\xdb\xbb\xb3\x41\x50\x01\x0b\xc4\xce\x8f\x5f\xdf\xdf\x6f\xdb\xa5" +
@@ -108,7 +186,7 @@ func bindataTemplatesRdstfDeploysh() (*asset, error) {
 		size: 343,
 		md5checksum: "",
 		mode: os.FileMode(420),
-		modTime: time.Unix(1578927242, 0),
+		modTime: time.Unix(1582527827, 0),
 	}
 
 	a := &asset{bytes: bytes, info: info}
@@ -154,7 +232,7 @@ func bindataTemplatesRdstfMaintf() (*asset, error) {
 		size: 1056,
 		md5checksum: "",
 		mode: os.FileMode(420),
-		modTime: time.Unix(1578995480, 0),
+		modTime: time.Unix(1582527827, 0),
 	}
 
 	a := &asset{bytes: bytes, info: info}
@@ -226,8 +304,10 @@ func AssetNames() []string {
 // _bindata is a table, holding each asset generator, mapped to its name.
 //
 var _bindata = map[string]func() (*asset, error){
-	"templates/rds-tf/deploy.sh": bindataTemplatesRdstfDeploysh,
+	"templates/aws-roles-tf/deploy.sh": bindataTemplatesAwsrolestfDeploysh,
-	"templates/rds-tf/main.tf":   bindataTemplatesRdstfMaintf,
+	"templates/aws-roles-tf/main.tf":   bindataTemplatesAwsrolestfMaintf,
+	"templates/rds-tf/deploy.sh":       bindataTemplatesRdstfDeploysh,
+	"templates/rds-tf/main.tf":         bindataTemplatesRdstfMaintf,
 }
 
 //
@@ -283,6 +363,10 @@ type bintree struct {
 
 var _bintree = &bintree{Func: nil, Children: map[string]*bintree{
 	"templates": {Func: nil, Children: map[string]*bintree{
+		"aws-roles-tf": {Func: nil, Children: map[string]*bintree{
+			"deploy.sh": {Func: bindataTemplatesAwsrolestfDeploysh, Children: map[string]*bintree{}},
+			"main.tf": {Func: bindataTemplatesAwsrolestfMaintf, Children: map[string]*bintree{}},
+		}},
 		"rds-tf": {Func: nil, Children: map[string]*bintree{
 			"deploy.sh": {Func: bindataTemplatesRdstfDeploysh, Children: map[string]*bintree{}},
 			"main.tf": {Func: bindataTemplatesRdstfMaintf, Children: map[string]*bintree{}},

go.mod

@@ -7,6 +7,7 @@ require (
 	github.com/a8m/envsubst v1.1.0
 	github.com/huandu/xstrings v1.2.1 // indirect
 	github.com/imdario/mergo v0.3.8 // indirect
+	github.com/shuLhan/go-bindata v3.4.0+incompatible // indirect
 	github.com/urfave/cli/v2 v2.1.1
 	golang.org/x/crypto v0.0.0-20200109152110-61a87790db17 // indirect
 )

go.sum

@@ -29,6 +29,8 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/shuLhan/go-bindata v3.4.0+incompatible h1:xlNGW4LRRs+BPBpefnlrgSqb9x7vNF9YyzKeMuuqMpk=
+github.com/shuLhan/go-bindata v3.4.0+incompatible/go.mod h1:pkcPAATLBDD2+SpAPnX5vEM90F7fcwHCvvLCMXcmw3g=
 github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8=

main.go

@@ -75,6 +75,23 @@ func main() {
 					return nil
 				},
 			},
+			{
+            				Name: "iam-roles",
+            				Usage: "Provision iam service roles",
+            				Action: func(c *cli.Context) error {
+            					manifest, err := parseManifest(c.String("manifest"))
+            					if err != nil {
+            						log.Fatalf("\nErr: %v", err)
+            						return err
+            					}
+            					err = provisionResource("roles", "aws-roles-tf", manifest, c.Bool("template-only"))
+            					if err != nil {
+            						log.Fatalf("\nErr: %v", err)
+            						return err
+            					}
+            					return nil
+            				},
+            			},
 		},
 	}
 

sample_infra_manifest.json

@@ -1,12 +1,29 @@
 {
 	"extraResources": {
-		"environment": "prod",
+		"environment": "nonprod",
 		"database": {
 			"instanceName": "auth-service",
 			"user": "auth_service_user",
 			"password": "auth_service_password",
 			"sizeInGb": 7,
 			"dbNames": ["auth_service"]
+		},
+		"service_role": {
+			"name": "xyz",
+			"policies": [
+				{
+					"actions": ["s3:GetObject","s3:PutObject"],
+					"resource": "arn:aws:s3:::navi-e3e2a9bfd88566b05001b02a3f51d286/*"
+				},
+				{
+					"actions": ["s3:GetObject","s3:PutObject"],
+					"resource": "arn:aws:s3:::arn:aws:s3:::test-bucket-to-be-deleted/*"
+				},
+				{
+					"resource": "*",
+					"actions":["sns:Publish", "sns:SetSMSAttributes"]
+				}
+			]
 		}
 	}
 }

types.go

@@ -15,6 +15,7 @@ type ExtraResources struct {
 	Environment string `json:"environment"`
 	Workspace string
 	Database Database `json:"database"`
+	ServiceRole ServiceRole `json:"service_role"`
 }
 
 //We provide defaults in respective terraforms instead of here to keep all values at one place
@@ -28,3 +29,13 @@ type Database struct {
 	DbNames []string `json:"dbNames"`
 	InstanceName string `json:"instanceName"`
 }
+
+type ServiceRole struct {
+    Name string `json:"name"`
+	Policies []Policies `json:"policies"`
+}
+
+type Policies struct {
+    Actions []string `json:"actions"`
+    Resource string `json:"resource"`
+}