Skip to content

Commit

Permalink
Pass account id instead of hardcoding it
Browse files Browse the repository at this point in the history
  • Loading branch information
@dricross
dricross committed Jan 29, 2025
1 parent 0e07445 commit 1865e1d
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 8 deletions.
8 changes: 8 additions & 0 deletions environment/metadata.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ type MetaData struct {
PrometheusConfig string
OtelConfig string
SampleApp string
AccountId string
}

type MetaDataStrings struct {
Expand Down Expand Up @@ -105,6 +106,7 @@ type MetaDataStrings struct {
PrometheusConfig string
OtelConfig string
SampleApp string
AccountId string
}

func registerComputeType(dataString *MetaDataStrings) {
Expand Down Expand Up @@ -282,6 +284,10 @@ func registerAmpWorkspaceId(dataString *MetaDataStrings) {
flag.StringVar(&(dataString.AmpWorkspaceId), "ampWorkspaceId", "", "workspace Id for Amazon Managed Prometheus (AMP)")
}

func registerAccountId(dataString *MetaDataStrings) {
flag.StringVar(&(dataString.AccountId), "accountId", "", "AWS account Id")
}

func RegisterEnvironmentMetaDataFlags() *MetaDataStrings {
registerComputeType(registeredMetaDataStrings)
registerECSData(registeredMetaDataStrings)
Expand All @@ -300,6 +306,7 @@ func RegisterEnvironmentMetaDataFlags() *MetaDataStrings {
registerInstancePlatform(registeredMetaDataStrings)
registerAgentStartCommand(registeredMetaDataStrings)
registerAmpWorkspaceId(registeredMetaDataStrings)
registerAccountId(registeredMetaDataStrings)

return registeredMetaDataStrings
}
Expand Down Expand Up @@ -344,6 +351,7 @@ func GetEnvironmentMetaData() *MetaData {
metaDataStorage.PrometheusConfig = registeredMetaDataStrings.PrometheusConfig
metaDataStorage.OtelConfig = registeredMetaDataStrings.OtelConfig
metaDataStorage.SampleApp = registeredMetaDataStrings.SampleApp
metaDataStorage.AccountId = registeredMetaDataStrings.AccountId

return metaDataStorage
}
10 changes: 9 additions & 1 deletion terraform/ec2/assume_role/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,12 @@ module "basic_components" {
region = var.region
}

data "aws_caller_identity" "current" {}

output "account_id" {
value = data.aws_caller_identity.current.account_id
}

#####################################################################
# Generate EC2 Key Pair for log in access to EC2
#####################################################################
Expand Down Expand Up @@ -202,7 +208,7 @@ resource "null_resource" "integration_test_run" {
"cd ~/amazon-cloudwatch-agent-test",
"echo run sanity test && go test ./test/sanity -p 1 -v",
"echo base assume role arn is ${aws_iam_role.roles["no_context_keys"].arn}",
"go test ${var.test_dir} -p 1 -timeout 1h -computeType=EC2 -bucket=${var.s3_bucket} -plugins='${var.plugin_tests}' -cwaCommitSha=${var.cwa_github_sha} -caCertPath=${var.ca_cert_path} -assumeRoleArn=${aws_iam_role.roles["no_context_keys"].arn} -instanceArn=${aws_instance.cwagent.arn} -v"
"go test ${var.test_dir} -p 1 -timeout 1h -computeType=EC2 -bucket=${var.s3_bucket} -plugins='${var.plugin_tests}' -cwaCommitSha=${var.cwa_github_sha} -caCertPath=${var.ca_cert_path} -assumeRoleArn=${aws_iam_role.roles["no_context_keys"].arn} -instanceArn=${aws_instance.cwagent.arn} -accountId=${data.aws_caller_identity.account_id.account_id} -v"
]
}

Expand All @@ -219,3 +225,5 @@ data "aws_ami" "latest" {
values = [var.ami]
}
}


8 changes: 1 addition & 7 deletions test/assume_role/assume_role_unix.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,12 +48,6 @@ func (suite *AssumeRoleTestSuite) TearDownSuite() {

var (
testRunners []*test_runner.TestRunner = []*test_runner.TestRunner{
// {
// TestRunner: &AssumeRoleTestRunner{
// BaseTestRunner: test_runner.BaseTestRunner{},
// name: "AssumeRoleTest",
// },
// },
{
TestRunner: &ConfusedDeputyAssumeRoleTestRunner{
AssumeRoleTestRunner: AssumeRoleTestRunner{
Expand Down Expand Up @@ -424,7 +418,7 @@ func (t *ConfusedDeputyAssumeRoleTestRunner) setupEnvironmentVariables() error {
common.CopyFile("service_configs/amazon-cloudwatch-agent.service", "/etc/systemd/system/amazon-cloudwatch-agent.service")

if t.setSourceAccountEnvVar {
sourceAccount := "506463145083"
sourceAccount := environment.GetEnvironmentMetaData().AccountId
if t.useIncorrectSourceAccount {
sourceAccount = "123456789012"
}
Expand Down

0 comments on commit 1865e1d

Please sign in to comment.