Skip to content

Commit

Permalink
Merge pull request #22 from verkada/sidprak/support-assume-role
Browse files Browse the repository at this point in the history
Support assume role configuration for provider auth
  • Loading branch information
sidprak authored Apr 6, 2023
2 parents 8b1ad4c + 47e40f5 commit 30b3a4e
Show file tree
Hide file tree
Showing 4 changed files with 47 additions and 8 deletions.
9 changes: 8 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,14 @@
## 0.3.0 (Unreleased)
## 0.4.0 (April 6, 2023)

ENHANCEMENTS

* Support assume_role in provider configuration

## 0.3.0

ENHANCEMENTS:

* Support PAY_PER_REQUEST GSI

BUG FIXES:

Expand Down
2 changes: 1 addition & 1 deletion provider/global_secondary_index_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ func newTestClient() (*dynamodb.DynamoDB, error) {
}
endpoint := os.Getenv("AWS_DYNAMODB_ENDPOINT")

return newClient(region, accessKey, secretKey, token, profile, endpoint)
return newClient(region, accessKey, secretKey, token, profile, endpoint, "")
}

func statusDynamoDBTable(c *dynamodb.DynamoDB, tn string) resource.StateRefreshFunc {
Expand Down
42 changes: 37 additions & 5 deletions provider/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
"github.com/aws/aws-sdk-go/aws/endpoints"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/dynamodb"
Expand Down Expand Up @@ -70,6 +71,21 @@ func providerWithConfigure(cfgFn schema.ConfigureFunc) *schema.Provider {
DefaultFunc: schema.EnvDefaultFunc("AWS_DYNAMODB_ENDPOINT", nil),
Description: "AWS dynamodb endpoint",
},

"assume_role": &schema.Schema{
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"role_arn": {
Type: schema.TypeString,
Optional: true,
Description: "Amazon Resource Name (ARN) of an IAM Role to assume prior to making API calls.",
},
},
},
},
},
ResourcesMap: map[string]*schema.Resource{
"gsi_global_secondary_index": dynamoDBGSIResource(),
Expand All @@ -82,11 +98,9 @@ func Provider() *schema.Provider {
return providerWithConfigure(providerConfigure)
}

func newClient(region string, accessKey string, secretKey string, token string, profile string, endpoint string) (*dynamodb.DynamoDB, error) {
func newClient(region string, accessKey string, secretKey string, token string, profile string, endpoint string, role_arn string) (*dynamodb.DynamoDB, error) {
options := session.Options{}
options.Config = aws.Config{
Region: aws.String(region),
}
options.Config = *aws.NewConfig().WithRegion(region)
if accessKey != "" && secretKey != "" {
options.Config.Credentials = credentials.NewStaticCredentials(accessKey, secretKey, token)
} else if profile != "" {
Expand All @@ -113,6 +127,15 @@ func newClient(region string, accessKey string, secretKey string, token string,
return nil, err
}

if role_arn != "" {
// Assume the role and use the resulting credentials.
options.Config.Credentials = stscreds.NewCredentials(sess, role_arn)
sess, err = session.NewSessionWithOptions(options)
if err != nil {
return nil, err
}
}

return dynamodb.New(sess), nil
}

Expand All @@ -123,8 +146,17 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
profile := d.Get("profile").(string)
region := d.Get("region").(string)
endpoint := d.Get("dynamodb_endpoint").(string)
assume_role_config := d.Get("assume_role").([]interface{})

role_arn := ""
if len(assume_role_config) > 0 {
configmap := assume_role_config[0].(map[string]interface{})
if v, ok := configmap["role_arn"].(string); ok && v != "" {
role_arn = v
}
}

c, err := newClient(region, accessKey, secretKey, token, profile, endpoint)
c, err := newClient(region, accessKey, secretKey, token, profile, endpoint, role_arn)
if err != nil {
return nil, err
}
Expand Down
2 changes: 1 addition & 1 deletion provider/utils_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ func testProviderConfigure(autoImport bool) schema.ConfigureFunc {
region := d.Get("region").(string)
endpoint := d.Get("dynamodb_endpoint").(string)

c, err := newClient(region, accessKey, secretKey, token, profile, endpoint)
c, err := newClient(region, accessKey, secretKey, token, profile, endpoint, "")
if err != nil {
return nil, err
}
Expand Down

0 comments on commit 30b3a4e

Please sign in to comment.