Página Principal Explorar Ajuda
Iniciar Sessão
akillibulut
/
porter
mirror de https://github.com/porter-dev/porter
2
0
Fork 0
Ficheiros Problemas 0 Wiki
Ver Fonte

add support for assume role arn

Alexander Belanger há 3 anos atrás
pai
c43c377575
commit
2fb0db59e7
8 ficheiros alterados com 30 adições e 2 exclusões
Visão Dividida Mostrar Estatísticas Diff
  1. 1 0
      api/server/handlers/project_integration/create_aws.go
  2. 1 0
      api/types/project_integration.go
  3. 14 0
      dashboard/src/main/home/infrastructure/components/credentials/AWSCredentialForm.tsx
  4. 1 0
      dashboard/src/shared/api.tsx
  5. 2 0
      ee/api/server/handlers/credentials/get_credentials.go
  6. 6 2
      internal/models/integrations/aws.go
  7. 3 0
      internal/repository/credentials/credentials.go
  8. 2 0
      provisioner/server/handlers/credentials/get_credentials_ee.go

+ 1 - 0
api/server/handlers/project_integration/create_aws.go
Ver Ficheiro 

@@ -57,6 +57,7 @@ func CreateAWSIntegration(request *types.CreateAWSRequest, projectID, userID uin
 
 		UserID:             userID,
 
 		ProjectID:          projectID,
 
 		AWSRegion:          request.AWSRegion,
 
+		AWSAssumeRoleArn:   request.AWSAssumeRoleArn,
 
 		AWSClusterID:       []byte(request.AWSClusterID),
 
 		AWSAccessKeyID:     []byte(request.AWSAccessKeyID),
 
 		AWSSecretAccessKey: []byte(request.AWSSecretAccessKey),

+ 1 - 0
api/types/project_integration.go
Ver Ficheiro 

@@ -80,6 +80,7 @@ type CreateAWSRequest struct {
 
 	AWSClusterID       string `json:"aws_cluster_id"`
 
 	AWSAccessKeyID     string `json:"aws_access_key_id"`
 
 	AWSSecretAccessKey string `json:"aws_secret_access_key"`
 
+	AWSAssumeRoleArn   string `json:"aws_assume_role_arn"`
 
 }
 
 
 type CreateAWSResponse struct {

+ 14 - 0
dashboard/src/main/home/infrastructure/components/credentials/AWSCredentialForm.tsx
Ver Ficheiro 

@@ -45,6 +45,7 @@ const AWSCredentialForm: React.FunctionComponent<Props> = ({
 
   const { currentProject, setCurrentError } = useContext(Context);
 
   const [accessId, setAccessId] = useState("");
 
   const [secretKey, setSecretKey] = useState("");
 
+  const [assumeRoleArn, setAssumeRoleArn] = useState("");
 
   const [buttonStatus, setButtonStatus] = useState("");
 
   const [awsRegion, setAWSRegion] = useState("us-east-1");
 
   const [isLoading, setIsLoading] = useState(false);
 
@@ -60,6 +61,7 @@ const AWSCredentialForm: React.FunctionComponent<Props> = ({
 
           aws_region: awsRegion,
 
           aws_access_key_id: accessId,
 
           aws_secret_access_key: secretKey,
 
+          aws_assume_role_arn: assumeRoleArn,
 
         },
 
         {
 
           id: currentProject.id,
 
@@ -124,6 +126,17 @@ const AWSCredentialForm: React.FunctionComponent<Props> = ({
 
         }}
 
         label="📍 AWS Region"
 
       />
 
+      <InputRow
 
+        type="text"
 
+        value={assumeRoleArn}
 
+        setValue={(x: string) => {
 
+          setAssumeRoleArn(x);
 
+        }}
 
+        label="👤 (Optional) AWS Assume Role ARN"
 
+        placeholder="ex: arn:aws:iam::01234567890:role/my_assumed_role"
 
+        width="100%"
 
+        isRequired={false}
 
+      />
 
       <Flex>
 
         <SaveButton
 
           text="Continue"
 
@@ -145,6 +158,7 @@ const Flex = styled.div`
 
   display: flex;
 
   color: #ffffff;
 
   align-items: center;
 
+  margin-top: 30px;
 
   > i {
 
     color: #aaaabb;
 
     font-size: 20px;

+ 1 - 0
dashboard/src/shared/api.tsx
Ver Ficheiro 

@@ -76,6 +76,7 @@ const createAWSIntegration = baseApi<
 
     aws_cluster_id?: string;
 
     aws_access_key_id: string;
 
     aws_secret_access_key: string;
 
+    aws_assume_role_arn?: string;
 
   },
 
   { id: number }
 
 >("POST", (pathParams) => {

+ 2 - 0
ee/api/server/handlers/credentials/get_credentials.go
Ver Ficheiro 

@@ -1,3 +1,4 @@
 
+//go:build ee
 
 // +build ee
 
 
 package credentials
 
@@ -120,6 +121,7 @@ func (c *CredentialsGetHandler) ServeHTTP(w http.ResponseWriter, r *http.Request
 
 			AWSClusterID:       awsInt.AWSClusterID,
 
 			AWSSecretAccessKey: awsInt.AWSSecretAccessKey,
 
 			AWSSessionToken:    awsInt.AWSSessionToken,
 
+			AWSAssumeRoleArn:   []byte(awsInt.AWSAssumeRoleArn),
 
 		}
 
 	}

+ 6 - 2
internal/models/integrations/aws.go
Ver Ficheiro 

@@ -29,6 +29,9 @@ type AWSIntegration struct {
 
 	// The optional AWS region (required by some session configurations)
 
 	AWSRegion string `json:"aws_region"`
 
 
+	// The assumed role ARN to use for sessions
 
+	AWSAssumeRoleArn string
 
+
 
 	// ------------------------------------------------------------------
 
 	// All fields encrypted before storage.
 
 	// ------------------------------------------------------------------
 
@@ -141,8 +144,9 @@ func (a *AWSIntegration) GetBearerToken(
 
 	}
 
 
 	tok, err := generator.GetWithOptions(&token.GetTokenOptions{
 
-		Session:   sess,
 
-		ClusterID: validClusterId,
 
+		AssumeRoleARN: a.AWSAssumeRoleArn,
 
+		Session:       sess,
 
+		ClusterID:     validClusterId,
 
 	})
 
 
 	if err != nil {

+ 3 - 0
internal/repository/credentials/credentials.go
Ver Ficheiro 

@@ -37,6 +37,9 @@ type AWSCredential struct {
 
 
 	// An optional region associated with this AWS credential
 
 	AWSRegion []byte `json:"aws_region"`
 
+
 
+	// An optional assume role ARN
 
+	AWSAssumeRoleArn []byte `json:"aws_assume_role_arn"`
 
 }
 
 
 type AzureCredential struct {

+ 2 - 0
provisioner/server/handlers/credentials/get_credentials_ee.go
Ver Ficheiro 

@@ -1,3 +1,4 @@
 
+//go:build ee
 
 // +build ee
 
 
 package credentials
 
@@ -99,6 +100,7 @@ func (c *CredentialsGetHandler) ServeHTTP(w http.ResponseWriter, r *http.Request
 
 			AWSSecretAccessKey: awsInt.AWSSecretAccessKey,
 
 			AWSSessionToken:    awsInt.AWSSessionToken,
 
 			AWSRegion:          []byte(awsInt.AWSRegion),
 
+			AWSAssumeRoleArn:   []byte(awsInt.AWSAssumeRoleArn),
 
 		}
 
 	} else if ceToken.AzureCredentialID != 0 {
 
 		azInt, err := repo.AzureIntegration().ReadAzureIntegration(ceToken.ProjectID, ceToken.AzureCredentialID)