Skip to content

Commit

Permalink
feat: opt assume role function
Browse files Browse the repository at this point in the history
  • Loading branch information
msq177 committed Apr 22, 2024
1 parent d845544 commit 2f137d5
Show file tree
Hide file tree
Showing 3 changed files with 65 additions and 35 deletions.
2 changes: 1 addition & 1 deletion common/common_volcengine_version.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,5 @@ package common

const (
TerraformProviderName = "terraform-provider-volcengine"
TerraformProviderVersion = "0.0.141"
TerraformProviderVersion = "0.0.142"
)
1 change: 0 additions & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ require (
github.com/hashicorp/terraform-plugin-sdk v1.7.0
github.com/mitchellh/copystructure v1.0.0
github.com/stretchr/testify v1.7.0
github.com/volcengine/volc-sdk-golang v1.0.23
github.com/volcengine/volcengine-go-sdk v1.0.75
golang.org/x/sync v0.0.0-20190423024810-112230192c58
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4
Expand Down
97 changes: 64 additions & 33 deletions volcengine/provider.go
Original file line number Diff line number Diff line change
@@ -1,9 +1,13 @@
package volcengine

import (
"context"
"fmt"
"net/http"
"net/url"
"os"
"strconv"
"time"

"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
"github.com/volcengine/terraform-provider-volcengine/volcengine/organization/organization"
Expand All @@ -12,8 +16,10 @@ import (
"github.com/volcengine/terraform-provider-volcengine/volcengine/organization/organization_service_control_policy_attachment"
"github.com/volcengine/terraform-provider-volcengine/volcengine/organization/organization_service_control_policy_enabler"
"github.com/volcengine/terraform-provider-volcengine/volcengine/organization/organization_unit"
"github.com/volcengine/volc-sdk-golang/base"
"github.com/volcengine/volc-sdk-golang/service/sts"
"github.com/volcengine/volcengine-go-sdk/volcengine"
"github.com/volcengine/volcengine-go-sdk/volcengine/credentials"
"github.com/volcengine/volcengine-go-sdk/volcengine/session"
"github.com/volcengine/volcengine-go-sdk/volcengine/volcengineutil"

"github.com/volcengine/terraform-provider-volcengine/volcengine/alb/alb"
"github.com/volcengine/terraform-provider-volcengine/volcengine/alb/alb_acl"
Expand Down Expand Up @@ -950,53 +956,78 @@ func ProviderConfigure(d *schema.ResourceData) (interface{}, error) {
if err != nil {
return nil, err
}
config.AccessKey = cred.AccessKeyId
config.SecretKey = cred.SecretAccessKey
config.SessionToken = cred.SessionToken
config.AccessKey = cred["AccessKeyId"].(string)
config.SecretKey = cred["SecretAccessKey"].(string)
config.SessionToken = cred["SessionToken"].(string)
}

client, err := config.Client()
return client, err
}

func assumeRole(c ve.Config, arTrn, arSessionName, arPolicy string, arDurationSeconds int) (*sts.Credentials, error) {
ins := sts.NewInstance()
if c.Region != "" {
ins.SetRegion(c.Region)
func assumeRole(c ve.Config, arTrn, arSessionName, arPolicy string, arDurationSeconds int) (map[string]interface{}, error) {
version := fmt.Sprintf("%s/%s", ve.TerraformProviderName, ve.TerraformProviderVersion)
conf := volcengine.NewConfig().
WithRegion(c.Region).
WithExtraUserAgent(volcengine.String(version)).
WithCredentials(credentials.NewStaticCredentials(c.AccessKey, c.SecretKey, c.SessionToken)).
WithDisableSSL(c.DisableSSL).
WithExtendHttpRequest(func(ctx context.Context, request *http.Request) {
if len(c.CustomerHeaders) > 0 {
for k, v := range c.CustomerHeaders {
request.Header.Add(k, v)
}
}
}).
WithEndpoint(volcengineutil.NewEndpoint().WithCustomerEndpoint(c.Endpoint).GetEndpoint())

if c.ProxyUrl != "" {
u, _ := url.Parse(c.ProxyUrl)
t := &http.Transport{
Proxy: http.ProxyURL(u),
}
httpClient := http.DefaultClient
httpClient.Transport = t
httpClient.Timeout = time.Duration(30000) * time.Millisecond
}
if c.Endpoint != "" {
ins.SetHost(c.Endpoint)

sess, err := session.NewSession(conf)
if err != nil {
return nil, err
}

ins.Client.SetAccessKey(c.AccessKey)
ins.Client.SetSecretKey(c.SecretKey)
input := &sts.AssumeRoleRequest{
RoleTrn: arTrn,
RoleSessionName: arSessionName,
DurationSeconds: arDurationSeconds,
Policy: arPolicy,
universalClient := ve.NewUniversalClient(sess, c.CustomerEndpoints)

action := "AssumeRole"
req := map[string]interface{}{
"RoleTrn": arTrn,
"RoleSessionName": arSessionName,
"DurationSeconds": arDurationSeconds,
"Policy": arPolicy,
}
output, statusCode, err := ins.AssumeRole(input)
var (
reqId string
errObj *base.ErrorObj
)
if output != nil {
reqId = output.ResponseMetadata.RequestId
errObj = output.ResponseMetadata.Error
resp, err := universalClient.DoCall(getUniversalInfo(action), &req)
if err != nil {
return nil, fmt.Errorf("AssumeRole failed, error: %s", err.Error())
}
results, err := ve.ObtainSdkValue("Result.Credentials", *resp)
if err != nil {
return nil, fmt.Errorf("AssumeRole error, httpcode is %v and reqId is %s error is %s", statusCode, reqId, err.Error())
return nil, err
}
if errObj != nil {
return nil, fmt.Errorf("AssumeRole error, code is %v and reqId is %s error is %s", errObj.Code, reqId, errObj.Message)
cred, ok := results.(map[string]interface{})
if !ok {
return nil, fmt.Errorf("AssumeRole Result.Credentials is not Map")
}
return cred, nil
}

if output.Result == nil || output.Result.Credentials == nil {
return nil, fmt.Errorf("assume role failed, result is nil")
func getUniversalInfo(actionName string) ve.UniversalInfo {
return ve.UniversalInfo{
ServiceName: "sts",
Version: "2018-01-01",
HttpMethod: ve.GET,
ContentType: ve.Default,
Action: actionName,
}

return output.Result.Credentials, nil
}

func defaultCustomerEndPoints() map[string]string {
Expand Down

0 comments on commit 2f137d5

Please sign in to comment.