Merge pull request #51 from frauniki/supports-assume-role

Supports assume role
FeLvi-zzz · Jan 26, 2024 · 60e3ce8 · 60e3ce8
2 parents 520cce8 + ff53570
commit 60e3ce8
Show file tree

Hide file tree

Showing 6 changed files with 31 additions and 10 deletions.
diff --git a/.github/workflows/image-builder.yml b/.github/workflows/image-builder.yml
@@ -17,7 +17,7 @@ jobs:
     strategy:
       matrix:
         arrays:
-          - image: ghcr.io/FeLvi-zzz/tentez
+          - image: ghcr.io/${{ github.repository_owner }}/${{ github.repository }}
             context: .
             dockerfile: Dockerfile
             push: "true"

diff --git a/README.md b/README.md
@@ -3,6 +3,7 @@
 Tentez helps you switching traffic.
 
 ## Installation
+
 If you don't want to build from source go grab a [binary release](https://github.com/FeLvi-zzz/tentez/releases).
 
 or use `go install`
@@ -12,6 +13,7 @@ $ go install github.com/FeLvi-zzz/tentez/cmd/tentez@latest
 ```
 
 ## Usage
+
 ```console
 # show plan
 $ tentez -f ./examples/example.yaml plan
@@ -177,10 +179,11 @@ $ tentez generate-config tfplanjson -f ./tfplan.json -o tentez.yaml
 ```
 
 For instance, you can generate a config from the below terraform diff.
+
 ```diff
  resource "aws_lb_listener" "example" {
    ...
- 
+
    default_action {
      type             = "forward"
 -    target_group_arn = aws_lb_target_group.old.arn
@@ -196,14 +199,23 @@ $ tentez generate-config resource-tag -f examples/tentez.ResourceTag.v1beta1.yam
 
 Refer examples/tentez.ResourceTag.v1beta1.yaml.
 
-# available resources
+### Assume other IAM Role
+
+```console
+# set `AWS_ASSUME_ROLE_ARN` environment variable
+$ AWS_ASSUME_ROLE_ARN=[IAM_ROLE_ARN] tentez -f ./examples/example.yaml get
+```
+
+## Available resources
+
 - AWS
   - Listener
     - forward target group. for default LB listener rule.
   - Listener Rule
     - forward target group. for except default LB listner rule.
 
 ## Why is named "Tentez"?
+
 A `tentetsuki` is `railroad switch` in Japanese. It is a mechanical device used to guide trains from one track to another. This tool switches traffic, like a "tentetsuki".
 
 "Tentez" pronounces "ten-tets".
diff --git a/awsTargetGroup.go → aws_target_group.go b/awsTargetGroup.go → aws_target_group.go
diff --git a/config.go b/config.go
@@ -2,13 +2,20 @@ package tentez
 
 import (
 	"context"
+	"os"
 	"time"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/aws/retry"
 	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/credentials/stscreds"
 	elbv2 "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2"
 	rgt "github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi"
+	"github.com/aws/aws-sdk-go-v2/service/sts"
+)
+
+const (
+	awsAssumeRoleARNEnvKey = "AWS_ASSUME_ROLE_ARN"
 )
 
 type elbv2Client interface {
@@ -45,6 +52,13 @@ func NewConfig(ctx context.Context) (Config, error) {
 		return Config{}, err
 	}
 
+	assumeRoleARN := os.Getenv(awsAssumeRoleARNEnvKey)
+	if assumeRoleARN != "" {
+		stsSvc := sts.NewFromConfig(cfg)
+		creds := stscreds.NewAssumeRoleProvider(stsSvc, assumeRoleARN)
+		cfg.Credentials = aws.NewCredentialsCache(creds)
+	}
+
 	elbv2svc := elbv2.NewFromConfig(cfg)
 	rgtsvc := rgt.NewFromConfig(cfg)
 

diff --git a/go.mod b/go.mod
@@ -7,14 +7,15 @@ toolchain go1.21.5
 require (
 	github.com/aws/aws-sdk-go-v2 v1.24.1
 	github.com/aws/aws-sdk-go-v2/config v1.26.3
+	github.com/aws/aws-sdk-go-v2/credentials v1.16.14
 	github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.26.7
 	github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.19.7
+	github.com/aws/aws-sdk-go-v2/service/sts v1.26.7
 	github.com/spf13/cobra v1.8.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
-	github.com/aws/aws-sdk-go-v2/credentials v1.16.14 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect
@@ -23,7 +24,6 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.18.6 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect
 	github.com/aws/smithy-go v1.19.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect

diff --git a/go.sum b/go.sum
@@ -28,14 +28,11 @@ github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 h1:NzO4Vrau795RkUdSHKEwiR01FaGz
 github.com/aws/aws-sdk-go-v2/service/sts v1.26.7/go.mod h1:6h2YuIoxaMSCFf5fi1EgZAwdfkGMgDY+DVfa61uLe4U=
 github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM=
 github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
-github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc=
-github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
@@ -45,8 +42,6 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfC
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA=
-github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY=
 github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
 github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=