Skip to content

Commit

Permalink
feat: add support for cross account access management
Browse files Browse the repository at this point in the history
  • Loading branch information
@anjaliagg9791
anjaliagg9791 committed Nov 19, 2024
1 parent 7480d87 commit f686b11
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 9 deletions.
38 changes: 30 additions & 8 deletions plugins/providers/alicloudiam/client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,14 +28,36 @@ type iamClient struct {
iamService *ram.Client
}

func NewIamClient(accessKeyID, accessKeySecret, resourceName string) (AliCloudIamClient, error) {
creds, err := credentials.NewCredential(&credentials.Config{
Type: bptr.FromString("access_key"),
AccessKeyId: bptr.FromString(accessKeyID),
AccessKeySecret: bptr.FromString(accessKeySecret),
})
if err != nil {
return nil, fmt.Errorf("failed to create a new credentials: %w", err)
func NewIamClient(accessKeyID, accessKeySecret, resourceName, roleToAssume string) (AliCloudIamClient, error) {
var creds credentials.Credential
var err error
fmt.Println(roleToAssume)
if roleToAssume != "" {
credentialsConfig := new(credentials.Config).
// Specify the type of the credential.
SetType("ram_role_arn").
// Specify the AccessKey ID.
SetAccessKeyId(accessKeyID).
// Specify the AccessKey secret.
SetAccessKeySecret(accessKeySecret).
SetRoleArn(roleToAssume).
SetRoleSessionName("session2").
SetRoleSessionExpiration(3600)

creds, err = credentials.NewCredential(credentialsConfig)
if err != nil {
fmt.Println("error creating credential client:", err.Error())
return nil, err
}
} else {
creds, err = credentials.NewCredential(&credentials.Config{
Type: bptr.FromString("access_key"),
AccessKeyId: bptr.FromString(accessKeyID),
AccessKeySecret: bptr.FromString(accessKeySecret),
})
if err != nil {
return nil, fmt.Errorf("failed to create a new credentials: %w", err)
}
}

iamService, err := ram.NewClient(&openapi.Config{Credential: creds})
Expand Down
1 change: 1 addition & 0 deletions plugins/providers/alicloudiam/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ const (
type Credentials struct {
AccessKeyID string `mapstructure:"access_key_id" json:"access_key_id" validate:"required,base64"`
AccessKeySecret string `mapstructure:"access_key_secret" json:"access_key_secret" validate:"required,base64"`
RoleToAssume string `mapstructure:"role_to_assume" json:"role_to_assume,omitempty"`
ResourceName string `mapstructure:"resource_name" json:"resource_name" validate:"required"`
}

Expand Down
2 changes: 1 addition & 1 deletion plugins/providers/alicloudiam/provider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -219,7 +219,7 @@ func (p *Provider) getIamClient(pc *domain.ProviderConfig) (AliCloudIamClient, e
}

_ = credentials.Decrypt(p.crypto)
client, err := NewIamClient(credentials.AccessKeyID, credentials.AccessKeySecret, credentials.ResourceName)
client, err := NewIamClient(credentials.AccessKeyID, credentials.AccessKeySecret, credentials.ResourceName, credentials.RoleToAssume)
if err != nil {
return nil, err
}
Expand Down

0 comments on commit f686b11

Please sign in to comment.