From f0b1f295a4209d624706f94c6943a69760e4d41e Mon Sep 17 00:00:00 2001 From: Ilias Bertsimas Date: Thu, 16 Mar 2017 11:33:11 +0000 Subject: [PATCH] Allow IAM roam role per AWS account. --- README.md | 4 +++- main.go | 4 ++-- main_test.go | 2 +- test-fixtures/project.yaml | 4 +++- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 594d7f1..f7b1cb3 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,9 @@ From the files mentioned above here are some examples of what their contents nee ``` project: name_of_your_project region: eu-west-1 -roam-role: roam-role +roam-roles: + project-dev: roam-role-dev + project-prd: roam-role-prd use-sts: true encrypt-s3-state: true accounts-mapping: diff --git a/main.go b/main.go index 177518c..93015aa 100644 --- a/main.go +++ b/main.go @@ -21,7 +21,7 @@ import ( type conf struct { Project string Region string - Roam_role string `yaml:"roam-role"` + Roam_roles map[string]string `yaml:"roam-roles"` Accounts_mapping map[string]string `yaml:"accounts-mapping"` Use_sts bool `yaml:"use-sts"` Encrypt_s3_state bool `yaml:"encrypt-s3-state"` @@ -126,7 +126,7 @@ func main() { awsconf := &aws_helper.Config{ Region: project_config.Region, Profile: profile, - Role: project_config.Roam_role, + Role: project_config.Roam_roles[project_config.account], Account_id: project_config.Accounts_mapping[project_config.account], Use_mfa: use_mfa, Use_sts: project_config.Use_sts, diff --git a/main_test.go b/main_test.go index a8d35d9..f8e0f03 100644 --- a/main_test.go +++ b/main_test.go @@ -11,7 +11,7 @@ func TestProjectConfig(t *testing.T) { project_config := load_config(fmt.Sprintf("%s/project.yaml", fixtures_dir)) - if project_config.Project != "test" || project_config.Region != "eu-west-1" || !project_config.Use_sts || !project_config.Encrypt_s3_state || project_config.Roam_role != "roam-role" || len(project_config.Accounts_mapping[fmt.Sprintf("%s-dev", project_config.Project)]) <= 0 || len(project_config.Accounts_mapping[fmt.Sprintf("%s-prd", project_config.Project)]) <= 0 { + if project_config.Project != "test" || project_config.Region != "eu-west-1" || !project_config.Use_sts || !project_config.Encrypt_s3_state || len(project_config.Roam_roles[fmt.Sprintf("%s-dev", project_config.Project)]) <= 0 || len(project_config.Accounts_mapping[fmt.Sprintf("%s-dev", project_config.Project)]) <= 0 || len(project_config.Accounts_mapping[fmt.Sprintf("%s-prd", project_config.Project)]) <= 0 { t.Fatal("Project configuration parameters in fixtures don't match expected values when parsed.") } diff --git a/test-fixtures/project.yaml b/test-fixtures/project.yaml index 2e66cda..85d73d0 100644 --- a/test-fixtures/project.yaml +++ b/test-fixtures/project.yaml @@ -2,7 +2,9 @@ project: test region: eu-west-1 -roam-role: roam-role +roam-roles: + test-dev: roam-role-dev + test-prd: roam-role-prd use-sts: true encrypt-s3-state: true accounts-mapping: