Skip to content

Commit

Permalink
Use GetCallerIdentity instead of GetUser(nil) for getting account ID
Browse files Browse the repository at this point in the history 
We can't use iam.GetUser(nil) when using an IAM role, but we can with sts.GetCallerIdentity.
This is used to generate ARNs and once in config to validate the account id.
  • Loading branch information
@bigkraig
bigkraig committed Apr 28, 2016
1 parent 9bee6d9 commit 21818f4
Show file tree
Hide file tree
Showing 6 changed files with 30 additions and 31 deletions.
5 changes: 5 additions & 0 deletions builtin/providers/aws/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ import (
"github.com/aws/aws-sdk-go/service/s3"
"github.com/aws/aws-sdk-go/service/sns"
"github.com/aws/aws-sdk-go/service/sqs"
"github.com/aws/aws-sdk-go/service/sts"
)

type Config struct {
Expand Down Expand Up @@ -92,6 +93,7 @@ type AWSClient struct {
s3conn *s3.S3
sqsconn *sqs.SQS
snsconn *sns.SNS
stsconn *sts.STS
redshiftconn *redshift.Redshift
r53conn *route53.Route53
region string
Expand Down Expand Up @@ -205,6 +207,9 @@ func (c *Config) Client() (interface{}, error) {
log.Println("[INFO] Initializing SNS connection")
client.snsconn = sns.New(sess)

log.Println("[INFO] Initializing STS connection")
client.stsconn = sts.New(sess)

log.Println("[INFO] Initializing RDS Connection")
client.rdsconn = rds.New(sess)

Expand Down
11 changes: 5 additions & 6 deletions builtin/providers/aws/resource_aws_db_instance.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ import (

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/iam"
"github.com/aws/aws-sdk-go/service/rds"
"github.com/aws/aws-sdk-go/service/sts"

"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/helper/schema"
Expand Down Expand Up @@ -973,15 +973,14 @@ func resourceAwsDbInstanceStateRefreshFunc(
}

func buildRDSARN(identifier string, meta interface{}) (string, error) {
iamconn := meta.(*AWSClient).iamconn
stsconn := meta.(*AWSClient).stsconn
region := meta.(*AWSClient).region
// An zero value GetUserInput{} defers to the currently logged in user
resp, err := iamconn.GetUser(&iam.GetUserInput{})

resp, err := stsconn.GetCallerIdentity(&sts.GetCallerIdentityInput{})
if err != nil {
return "", err
}
userARN := *resp.User.Arn
accountID := strings.Split(userARN, ":")[4]
accountID := *resp.Account
arn := fmt.Sprintf("arn:aws:rds:%s:%s:db:%s", region, accountID, identifier)
return arn, nil
}
11 changes: 5 additions & 6 deletions builtin/providers/aws/resource_aws_db_parameter_group.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,8 @@ import (

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/iam"
"github.com/aws/aws-sdk-go/service/rds"
"github.com/aws/aws-sdk-go/service/sts"
)

func resourceAwsDbParameterGroup() *schema.Resource {
Expand Down Expand Up @@ -272,15 +272,14 @@ func resourceAwsDbParameterHash(v interface{}) int {
}

func buildRDSPGARN(d *schema.ResourceData, meta interface{}) (string, error) {
iamconn := meta.(*AWSClient).iamconn
stsconn := meta.(*AWSClient).stsconn
region := meta.(*AWSClient).region
// An zero value GetUserInput{} defers to the currently logged in user
resp, err := iamconn.GetUser(&iam.GetUserInput{})

resp, err := stsconn.GetCallerIdentity(&sts.GetCallerIdentityInput{})
if err != nil {
return "", err
}
userARN := *resp.User.Arn
accountID := strings.Split(userARN, ":")[4]
accountID := *resp.Account
arn := fmt.Sprintf("arn:aws:rds:%s:%s:pg:%s", region, accountID, d.Id())
return arn, nil
}
12 changes: 5 additions & 7 deletions builtin/providers/aws/resource_aws_db_security_group.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,12 @@ import (
"bytes"
"fmt"
"log"
"strings"
"time"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/iam"
"github.com/aws/aws-sdk-go/service/rds"
"github.com/aws/aws-sdk-go/service/sts"
"github.com/hashicorp/go-multierror"
"github.com/hashicorp/terraform/helper/hashcode"
"github.com/hashicorp/terraform/helper/resource"
Expand Down Expand Up @@ -345,15 +344,14 @@ func resourceAwsDbSecurityGroupStateRefreshFunc(
}

func buildRDSSecurityGroupARN(d *schema.ResourceData, meta interface{}) (string, error) {
iamconn := meta.(*AWSClient).iamconn
stsconn := meta.(*AWSClient).stsconn
region := meta.(*AWSClient).region
// An zero value GetUserInput{} defers to the currently logged in user
resp, err := iamconn.GetUser(&iam.GetUserInput{})

resp, err := stsconn.GetCallerIdentity(&sts.GetCallerIdentityInput{})
if err != nil {
return "", err
}
userARN := *resp.User.Arn
accountID := strings.Split(userARN, ":")[4]
accountID := *resp.Account
arn := fmt.Sprintf("arn:aws:rds:%s:%s:secgrp:%s", region, accountID, d.Id())
return arn, nil
}
11 changes: 5 additions & 6 deletions builtin/providers/aws/resource_aws_db_subnet_group.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ import (

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/iam"
"github.com/aws/aws-sdk-go/service/rds"
"github.com/aws/aws-sdk-go/service/sts"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/helper/schema"
)
Expand Down Expand Up @@ -225,15 +225,14 @@ func resourceAwsDbSubnetGroupDeleteRefreshFunc(
}

func buildRDSsubgrpARN(d *schema.ResourceData, meta interface{}) (string, error) {
iamconn := meta.(*AWSClient).iamconn
stsconn := meta.(*AWSClient).stsconn
region := meta.(*AWSClient).region
// An zero value GetUserInput{} defers to the currently logged in user
resp, err := iamconn.GetUser(&iam.GetUserInput{})

resp, err := stsconn.GetCallerIdentity(&sts.GetCallerIdentityInput{})
if err != nil {
return "", err
}
userARN := *resp.User.Arn
accountID := strings.Split(userARN, ":")[4]
accountID := *resp.Account
arn := fmt.Sprintf("arn:aws:rds:%s:%s:subgrp:%s", region, accountID, d.Id())
return arn, nil
}
Expand Down
11 changes: 5 additions & 6 deletions builtin/providers/aws/resource_aws_elasticache_cluster.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/elasticache"
"github.com/aws/aws-sdk-go/service/iam"
"github.com/aws/aws-sdk-go/service/sts"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/helper/schema"
)
Expand Down Expand Up @@ -620,15 +620,14 @@ func cacheClusterStateRefreshFunc(conn *elasticache.ElastiCache, clusterID, give
}

func buildECARN(d *schema.ResourceData, meta interface{}) (string, error) {
iamconn := meta.(*AWSClient).iamconn
stsconn := meta.(*AWSClient).stsconn
region := meta.(*AWSClient).region
// An zero value GetUserInput{} defers to the currently logged in user
resp, err := iamconn.GetUser(&iam.GetUserInput{})

resp, err := stsconn.GetCallerIdentity(&sts.GetCallerIdentityInput{})
if err != nil {
return "", err
}
userARN := *resp.User.Arn
accountID := strings.Split(userARN, ":")[4]
accountID := *resp.Account
arn := fmt.Sprintf("arn:aws:elasticache:%s:%s:cluster:%s", region, accountID, d.Id())
return arn, nil
}

0 comments on commit 21818f4

Please sign in to comment.