[ch3990] | Piyush & Abhishek | Add support for service iam role in infra provisioner
This commit is contained in:
piyush-sinha
92
bindata.go
92
bindata.go
@@ -1,5 +1,7 @@
|
||||
// Code generated by go-bindata. DO NOT EDIT.
|
||||
// sources:
|
||||
// templates/aws-roles-tf/deploy.sh
|
||||
// templates/aws-roles-tf/main.tf
|
||||
// templates/rds-tf/deploy.sh
|
||||
// templates/rds-tf/main.tf
|
||||
|
||||
@@ -79,6 +81,82 @@ func (fi bindataFileInfo) Sys() interface{} {
|
||||
return nil
|
||||
}
|
||||
|
||||
var _bindataTemplatesAwsrolestfDeploysh = []byte(
|
||||
"\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x52\x56\xd4\x4f\xca\xcc\xd3\x2f\xce\xe0\x2a\x49\x2d\x2a\x4a\x4c\xcb\x2f" +
|
||||
"\xca\x55\xc8\xcc\xcb\x2c\x41\xe2\x96\xe7\x17\x65\x17\x17\x24\x26\xa7\x2a\x14\xa7\xe6\xa4\x26\x97\x28\x54\x57\x2b" +
|
||||
"\xe8\x85\xc3\x05\x6b\x6b\x15\x6a\x6a\x14\xb0\x29\xcf\x4b\x2d\xc7\x50\x8b\x64\x6e\x41\x4e\x62\x9e\x82\x6e\x62\x69" +
|
||||
"\x49\xbe\x6e\x62\x41\x41\x51\x7e\x59\x2a\x20\x00\x00\xff\xff\x17\xc8\x73\x3b\x8d\x00\x00\x00")
|
||||
|
||||
func bindataTemplatesAwsrolestfDeployshBytes() ([]byte, error) {
|
||||
return bindataRead(
|
||||
_bindataTemplatesAwsrolestfDeploysh,
|
||||
"templates/aws-roles-tf/deploy.sh",
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
|
||||
func bindataTemplatesAwsrolestfDeploysh() (*asset, error) {
|
||||
bytes, err := bindataTemplatesAwsrolestfDeployshBytes()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
info := bindataFileInfo{
|
||||
name: "templates/aws-roles-tf/deploy.sh",
|
||||
size: 141,
|
||||
md5checksum: "",
|
||||
mode: os.FileMode(420),
|
||||
modTime: time.Unix(1582638007, 0),
|
||||
}
|
||||
|
||||
a := &asset{bytes: bytes, info: info}
|
||||
|
||||
return a, nil
|
||||
}
|
||||
|
||||
var _bindataTemplatesAwsrolestfMaintf = []byte(
|
||||
"\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x6c\x90\x31\x8f\xe3\x20\x10\x85\x7b\xff\x8a\x91\x7b\x6c\x9d\xae\x8b\x14" +
|
||||
"\xe9\x9a\x6b\xae\xb8\x62\x77\xfb\x08\xe3\xb1\x8d\x0c\x8c\x17\x86\x64\xa3\x84\xff\xbe\x02\xb4\x51\x36\x59\x3a\x46" +
|
||||
"\xef\xbd\x79\xf3\x31\x7a\x2f\x27\xf2\x16\x2e\x0d\xc0\x20\xd5\x8a\x6e\x84\x36\xfc\x6e\xcb\x00\x60\x88\x6a\x45\x86" +
|
||||
"\xef\x6f\x0f\xad\x93\x47\x2d\x06\xe9\x56\x71\x8b\x10\x8a\xac\x95\x6e\x14\x81\x25\x63\x5b\xec\x1e\x67\x4d\xee\xd9" +
|
||||
"\x2e\x37\x11\x28\xf2\x22\x7e\x55\xdd\x8a\x67\x78\x7a\x7b\x68\x03\xfa\xa3\x56\x28\xb4\xb4\xc2\x93\xc1\x50\xe5\x27" +
|
||||
"\xf2\x6b\xd8\xa4\xc2\xc3\x8a\xe7\xc3\xe6\x71\xd2\x1f\x59\xae\xa5\x2d\xaa\xfe\x72\x81\xee\xaf\x3b\x6a\x4f\xce\xa2" +
|
||||
"\x63\x48\xa9\x8c\x5e\x6b\xdc\x0b\x19\xec\xfe\x4b\x8b\x90\x52\x0d\xdc\x3c\x4d\xda\xe0\xd3\x7e\x65\xc7\x2a\x90\xca" +
|
||||
"\xfc\x58\xb0\xf2\x11\x74\x72\xe8\xc5\x14\x8d\x11\x8a\x1c\x7b\x32\xd9\x96\x9a\xd4\x34\x96\xc6\x68\xb0\x74\x2b\x27" +
|
||||
"\x54\xb2\x81\xa2\x57\x78\x17\x34\x6b\xde\xed\x42\x58\x76\x7d\x3f\x6b\xfe\x33\x6b\x5e\xe2\xd0\x29\x3b\x76\x05\x35" +
|
||||
"\xa3\x5a\x3a\xed\xfa\xf2\xd1\x6e\xf2\xb2\xbf\x31\xe9\x66\xcd\x79\x1d\xde\x1d\x9c\x33\x1f\x21\x5c\xe1\x3d\x12\xe7" +
|
||||
"\xa3\x73\x81\x8a\xe2\x90\x13\xbe\x4a\x3c\x20\x82\x2b\xd8\x18\xf8\x8d\xfe\x05\x72\xd9\x95\x9a\xcf\x00\x00\x00\xff" +
|
||||
"\xff\x48\x68\xe4\x76\x30\x02\x00\x00")
|
||||
|
||||
func bindataTemplatesAwsrolestfMaintfBytes() ([]byte, error) {
|
||||
return bindataRead(
|
||||
_bindataTemplatesAwsrolestfMaintf,
|
||||
"templates/aws-roles-tf/main.tf",
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
|
||||
func bindataTemplatesAwsrolestfMaintf() (*asset, error) {
|
||||
bytes, err := bindataTemplatesAwsrolestfMaintfBytes()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
info := bindataFileInfo{
|
||||
name: "templates/aws-roles-tf/main.tf",
|
||||
size: 560,
|
||||
md5checksum: "",
|
||||
mode: os.FileMode(420),
|
||||
modTime: time.Unix(1582638826, 0),
|
||||
}
|
||||
|
||||
a := &asset{bytes: bytes, info: info}
|
||||
|
||||
return a, nil
|
||||
}
|
||||
|
||||
var _bindataTemplatesRdstfDeploysh = []byte(
|
||||
"\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x9c\xcc\x4b\x8e\xc2\x30\x0c\x80\xe1\xfd\x9c\xc2\xa3\x59\x37\x3d\xc1\x9c" +
|
||||
"\x83\x65\xe4\x26\xa6\x44\x34\x89\x65\xbb\xad\x50\xdb\xbb\xb3\x41\x50\x01\x0b\xc4\xce\x8f\x5f\xdf\xdf\x6f\xdb\xa5" +
|
||||
@@ -108,7 +186,7 @@ func bindataTemplatesRdstfDeploysh() (*asset, error) {
|
||||
size: 343,
|
||||
md5checksum: "",
|
||||
mode: os.FileMode(420),
|
||||
modTime: time.Unix(1578927242, 0),
|
||||
modTime: time.Unix(1582527827, 0),
|
||||
}
|
||||
|
||||
a := &asset{bytes: bytes, info: info}
|
||||
@@ -154,7 +232,7 @@ func bindataTemplatesRdstfMaintf() (*asset, error) {
|
||||
size: 1056,
|
||||
md5checksum: "",
|
||||
mode: os.FileMode(420),
|
||||
modTime: time.Unix(1578995480, 0),
|
||||
modTime: time.Unix(1582527827, 0),
|
||||
}
|
||||
|
||||
a := &asset{bytes: bytes, info: info}
|
||||
@@ -226,8 +304,10 @@ func AssetNames() []string {
|
||||
// _bindata is a table, holding each asset generator, mapped to its name.
|
||||
//
|
||||
var _bindata = map[string]func() (*asset, error){
|
||||
"templates/rds-tf/deploy.sh": bindataTemplatesRdstfDeploysh,
|
||||
"templates/rds-tf/main.tf": bindataTemplatesRdstfMaintf,
|
||||
"templates/aws-roles-tf/deploy.sh": bindataTemplatesAwsrolestfDeploysh,
|
||||
"templates/aws-roles-tf/main.tf": bindataTemplatesAwsrolestfMaintf,
|
||||
"templates/rds-tf/deploy.sh": bindataTemplatesRdstfDeploysh,
|
||||
"templates/rds-tf/main.tf": bindataTemplatesRdstfMaintf,
|
||||
}
|
||||
|
||||
//
|
||||
@@ -283,6 +363,10 @@ type bintree struct {
|
||||
|
||||
var _bintree = &bintree{Func: nil, Children: map[string]*bintree{
|
||||
"templates": {Func: nil, Children: map[string]*bintree{
|
||||
"aws-roles-tf": {Func: nil, Children: map[string]*bintree{
|
||||
"deploy.sh": {Func: bindataTemplatesAwsrolestfDeploysh, Children: map[string]*bintree{}},
|
||||
"main.tf": {Func: bindataTemplatesAwsrolestfMaintf, Children: map[string]*bintree{}},
|
||||
}},
|
||||
"rds-tf": {Func: nil, Children: map[string]*bintree{
|
||||
"deploy.sh": {Func: bindataTemplatesRdstfDeploysh, Children: map[string]*bintree{}},
|
||||
"main.tf": {Func: bindataTemplatesRdstfMaintf, Children: map[string]*bintree{}},
|
||||
|
||||
1
go.mod
1
go.mod
@@ -7,6 +7,7 @@ require (
|
||||
github.com/a8m/envsubst v1.1.0
|
||||
github.com/huandu/xstrings v1.2.1 // indirect
|
||||
github.com/imdario/mergo v0.3.8 // indirect
|
||||
github.com/shuLhan/go-bindata v3.4.0+incompatible // indirect
|
||||
github.com/urfave/cli/v2 v2.1.1
|
||||
golang.org/x/crypto v0.0.0-20200109152110-61a87790db17 // indirect
|
||||
)
|
||||
|
||||
2
go.sum
2
go.sum
@@ -29,6 +29,8 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
|
||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||
github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
|
||||
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
|
||||
github.com/shuLhan/go-bindata v3.4.0+incompatible h1:xlNGW4LRRs+BPBpefnlrgSqb9x7vNF9YyzKeMuuqMpk=
|
||||
github.com/shuLhan/go-bindata v3.4.0+incompatible/go.mod h1:pkcPAATLBDD2+SpAPnX5vEM90F7fcwHCvvLCMXcmw3g=
|
||||
github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
|
||||
github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
|
||||
github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8=
|
||||
|
||||
17
main.go
17
main.go
@@ -75,6 +75,23 @@ func main() {
|
||||
return nil
|
||||
},
|
||||
},
|
||||
{
|
||||
Name: "iam-roles",
|
||||
Usage: "Provision iam service roles",
|
||||
Action: func(c *cli.Context) error {
|
||||
manifest, err := parseManifest(c.String("manifest"))
|
||||
if err != nil {
|
||||
log.Fatalf("\nErr: %v", err)
|
||||
return err
|
||||
}
|
||||
err = provisionResource("roles", "aws-roles-tf", manifest, c.Bool("template-only"))
|
||||
if err != nil {
|
||||
log.Fatalf("\nErr: %v", err)
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
@@ -1,12 +1,29 @@
|
||||
{
|
||||
"extraResources": {
|
||||
"environment": "prod",
|
||||
"environment": "nonprod",
|
||||
"database": {
|
||||
"instanceName": "auth-service",
|
||||
"user": "auth_service_user",
|
||||
"password": "auth_service_password",
|
||||
"sizeInGb": 7,
|
||||
"dbNames": ["auth_service"]
|
||||
},
|
||||
"service_role": {
|
||||
"name": "xyz",
|
||||
"policies": [
|
||||
{
|
||||
"actions": ["s3:GetObject","s3:PutObject"],
|
||||
"resource": "arn:aws:s3:::navi-e3e2a9bfd88566b05001b02a3f51d286/*"
|
||||
},
|
||||
{
|
||||
"actions": ["s3:GetObject","s3:PutObject"],
|
||||
"resource": "arn:aws:s3:::arn:aws:s3:::test-bucket-to-be-deleted/*"
|
||||
},
|
||||
{
|
||||
"resource": "*",
|
||||
"actions":["sns:Publish", "sns:SetSMSAttributes"]
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
11
types.go
11
types.go
@@ -15,6 +15,7 @@ type ExtraResources struct {
|
||||
Environment string `json:"environment"`
|
||||
Workspace string
|
||||
Database Database `json:"database"`
|
||||
ServiceRole ServiceRole `json:"service_role"`
|
||||
}
|
||||
|
||||
//We provide defaults in respective terraforms instead of here to keep all values at one place
|
||||
@@ -28,3 +29,13 @@ type Database struct {
|
||||
DbNames []string `json:"dbNames"`
|
||||
InstanceName string `json:"instanceName"`
|
||||
}
|
||||
|
||||
type ServiceRole struct {
|
||||
Name string `json:"name"`
|
||||
Policies []Policies `json:"policies"`
|
||||
}
|
||||
|
||||
type Policies struct {
|
||||
Actions []string `json:"actions"`
|
||||
Resource string `json:"resource"`
|
||||
}
|
||||
Reference in New Issue
Block a user