Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for AWS account onboarding without CloudFormation #128

Merged
merged 6 commits into from
Sep 20, 2023
Merged

Add support for AWS account onboarding without CloudFormation #128

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
69e4f2f
Add support for AWS account onboarding without CloudFormation
johan3141592 Aug 31, 2023
1e40fed
Fix static check warning
johan3141592 Sep 18, 2023
430789e
Add support for renaming AWS accounts
johan3141592 Sep 18, 2023
3f45125
Add AccountArtifacts function
johan3141592 Sep 19, 2023
d181fb4
Worked in code review findings
johan3141592 Sep 20, 2023
b7df059
Work in code review findings
johan3141592 Sep 20, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions cmd/testenv/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,7 @@ func clean(ctx context.Context, client *polaris.Client) error {

// TODO: we might need to iterate over awsAccount.Features to remove
// all of them in the future
return awsClient.RemoveAccount(ctx, aws.Profile(testAcc.Profile), core.FeatureCloudNativeProtection, false)
return awsClient.RemoveAccount(ctx, aws.Profile(testAcc.Profile), []core.Feature{core.FeatureCloudNativeProtection}, false)
})

// AWS with cross account role
Expand All @@ -177,7 +177,7 @@ func clean(ctx context.Context, client *polaris.Client) error {

// TODO: we might need to iterate over awsAccount.Features to remove
// all of them in the future
return awsClient.RemoveAccount(ctx, aws.DefaultWithRole(testAcc.CrossAccountRole), core.FeatureCloudNativeProtection, false)
return awsClient.RemoveAccount(ctx, aws.DefaultWithRole(testAcc.CrossAccountRole), []core.Feature{core.FeatureCloudNativeProtection}, false)
})

// Azure
Expand Down
4 changes: 2 additions & 2 deletions examples/aws_account/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ func main() {
// Add the AWS default account to Polaris. Usually resolved using the
// environment variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and
// AWS_DEFAULT_REGION.
id, err := awsClient.AddAccount(ctx, aws.Default(), core.FeatureCloudNativeProtection, aws.Regions("us-east-2"))
id, err := awsClient.AddAccount(ctx, aws.Default(), []core.Feature{core.FeatureCloudNativeProtection}, aws.Regions("us-east-2"))
if err != nil {
log.Fatal(err)
}
Expand All @@ -71,7 +71,7 @@ func main() {
}

// Remove the AWS account from Polaris.
err = awsClient.RemoveAccount(ctx, aws.Default(), core.FeatureCloudNativeProtection, false)
err = awsClient.RemoveAccount(ctx, aws.Default(), []core.Feature{core.FeatureCloudNativeProtection}, false)
if err != nil {
log.Fatal(err)
}
Expand Down
4 changes: 2 additions & 2 deletions examples/aws_cross_account_role/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ func main() {
// variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_REGION.
id, err := awsClient.AddAccount(ctx,
aws.DefaultWithRole("arn:aws:iam::123456789012:role/MyCrossAccountRole"),
core.FeatureCloudNativeProtection, aws.Regions("us-east-2"))
[]core.Feature{core.FeatureCloudNativeProtection}, aws.Regions("us-east-2"))
if err != nil {
log.Fatal(err)
}
Expand All @@ -76,7 +76,7 @@ func main() {
// Remove the AWS account from Polaris using a cross account role.
err = awsClient.RemoveAccount(ctx,
aws.DefaultWithRole("arn:aws:iam::123456789012:role/MyCrossAccountRole"),
core.FeatureCloudNativeProtection, false)
[]core.Feature{core.FeatureCloudNativeProtection}, false)
if err != nil {
log.Fatal(err)
}
Expand Down
8 changes: 4 additions & 4 deletions examples/aws_exocompute/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ func main() {
// Add the AWS default account to Polaris. Usually resolved using the
// environment variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and
// AWS_DEFAULT_REGION.
accountID, err := awsClient.AddAccount(ctx, aws.Default(), core.FeatureCloudNativeProtection, aws.Regions("us-east-2", "us-west-2"))
accountID, err := awsClient.AddAccount(ctx, aws.Default(), []core.Feature{core.FeatureCloudNativeProtection}, aws.Regions("us-east-2", "us-west-2"))
if err != nil {
log.Fatal(err)
}
Expand All @@ -59,7 +59,7 @@ func main() {
// Enable the exocompute feature for the account. Note that the
// cnpAccountID and exoAccountID should be the same, they refer to the same
// Polaris cloud account.
exoAccountID, err := awsClient.AddAccount(ctx, aws.Default(), core.FeatureExocompute, aws.Regions("us-east-2"))
exoAccountID, err := awsClient.AddAccount(ctx, aws.Default(), []core.Feature{core.FeatureExocompute}, aws.Regions("us-east-2"))
if err != nil {
log.Fatal(err)
}
Expand Down Expand Up @@ -100,13 +100,13 @@ func main() {
}

// Disable the exocompute feature for the account.
err = awsClient.RemoveAccount(ctx, aws.Default(), core.FeatureExocompute, false)
err = awsClient.RemoveAccount(ctx, aws.Default(), []core.Feature{core.FeatureExocompute}, false)
if err != nil {
log.Fatal(err)
}

// Remove the AWS account from Polaris.
err = awsClient.RemoveAccount(ctx, aws.Default(), core.FeatureCloudNativeProtection, false)
err = awsClient.RemoveAccount(ctx, aws.Default(), []core.Feature{core.FeatureCloudNativeProtection}, false)
if err != nil {
log.Fatal(err)
}
Expand Down
32 changes: 29 additions & 3 deletions pkg/polaris/aws/account.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@ import (
"errors"
"fmt"

graphqlaws "github.com/rubrikinc/rubrik-polaris-sdk-for-go/pkg/polaris/graphql/aws"

"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/credentials/stscreds"
Expand All @@ -33,9 +35,10 @@ import (
)

type account struct {
cloud graphqlaws.Cloud
id string
name string
config aws.Config
config *aws.Config
}

// AccountFunc returns an account initialized from the values passed to the
Expand All @@ -55,7 +58,7 @@ func Config(config aws.Config) AccountFunc {
name = id
}

return account{id: id, name: name, config: config}, nil
return account{id: id, name: name, config: &config}, nil
}
}

Expand Down Expand Up @@ -154,7 +157,7 @@ func ProfileWithRegionAndRole(profile, region, roleARN string) AccountFunc {
name = id + " : " + profile
}

return account{id: id, name: name, config: config}, nil
return account{cloud: graphqlaws.CloudStandard, id: id, name: name, config: &config}, nil
}
}

Expand All @@ -176,3 +179,26 @@ func awsAccountInfo(ctx context.Context, config aws.Config) (string, string, err

return *callerID.Account, *info.Account.Name, nil
}

// Account returns an AccountFunc that initializes the account with specified
// cloud type and AWS account id.
func Account(cloud, awsAccountID string) AccountFunc {
return AccountWithName(cloud, awsAccountID, awsAccountID)
}

// AccountWithName returns an AccountFunc that initializes the account with
// specified cloud type, AWS account id and account name.
func AccountWithName(cloud, awsAccountID, name string) AccountFunc {
return func(ctx context.Context) (account, error) {
c, err := graphqlaws.ParseCloud(cloud)
if err != nil {
return account{}, fmt.Errorf("failed to parse cloud: %s", err)
}

if !verifyAccountID(awsAccountID) {
return account{}, fmt.Errorf("invalid AWS account id")
}

return account{cloud: c, id: awsAccountID, name: name}, nil
}
}
Loading