Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Converted Assume Role to C# and also Fixed Secret Key Access to Non-Plain Text #744

Merged
merged 16 commits into from
Jul 15, 2020
Merged

Converted Assume Role to C# and also Fixed Secret Key Access to Non-Plain Text #744

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
47f586c
converting aws assume-role to go, add README.md, and the test for it
Jul 2, 2020
b65ff85
add dotnet publish to test of serverless
Jul 6, 2020
a7bda0c
add dotnet publish to extra runtime validation
Jul 6, 2020
09d9848
set serverless test run build to be true
Jul 7, 2020
76e25b8
os exec version dotnet build serverless test
Jul 7, 2020
e1a369b
one assignment
Jul 7, 2020
78f68ae
exec.Command returns a cmd
Jul 7, 2020
371df21
add dir
Jul 7, 2020
aabced0
different path
Jul 7, 2020
cf21741
dotnet publish
Jul 7, 2020
876e5c6
1.conversion assume-role to cs 2.encryped secret access key 3. indica…
Jul 8, 2020
579adfa
in test for AwsCsAssumeRole change the namespace of unprivilegedUsern…
Jul 8, 2020
2562356
For aws assume role projects, resolve cs indentation, name of stack i…
Jul 14, 2020
8aed9d3
Change name of the stack
Jul 14, 2020
91e6b90
fix the test for cs
Jul 14, 2020
1dc646d
change indentation
Jul 15, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
change indentation
  • Loading branch information
XUANHE ZHOU committed Jul 15, 2020
commit 1dc646d0eb1ba95a6425c867043613a6417ee493
5 changes: 3 additions & 2 deletions aws-cs-assume-role/assume-role/AssumeRoleStack.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,8 @@ public AssumeRoleStack()
var awsConfig = new Pulumi.Config("aws");
var config = new Pulumi.Config();
var roleToAssumeARN = config.Require("roleToAssumeARN");
var provider = new Aws.Provider("privileged", new Aws.ProviderArgs {
var provider = new Aws.Provider("privileged", new Aws.ProviderArgs
{
AssumeRole = new Aws.Inputs.ProviderAssumeRoleArgs
{
RoleArn = roleToAssumeARN,
Expand All @@ -21,7 +22,7 @@ public AssumeRoleStack()
},
Region = awsConfig.Require("region"),
});
var bucket = new Aws.S3.Bucket("myBucket", null, new CustomResourceOptions{Provider = provider});
var bucket = new Aws.S3.Bucket("myBucket", null, new CustomResourceOptions { Provider = provider });
}

[Output]
Expand Down
17 changes: 17 additions & 0 deletions aws-cs-assume-role/assume-role/assume-role.sln
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio 15
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "assume-role", "assume-role.csproj", "{A33F8284-FA5E-45B4-94F0-8F47CA263750}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{A33F8284-FA5E-45B4-94F0-8F47CA263750}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{A33F8284-FA5E-45B4-94F0-8F47CA263750}.Debug|Any CPU.Build.0 = Debug|Any CPU
{A33F8284-FA5E-45B4-94F0-8F47CA263750}.Release|Any CPU.ActiveCfg = Release|Any CPU
{A33F8284-FA5E-45B4-94F0-8F47CA263750}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
EndGlobal
55 changes: 29 additions & 26 deletions aws-cs-assume-role/create-role/CreateRoleStack.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,35 +11,36 @@ public CreateRoleStack()
{
var config = new Pulumi.Config();
var unprivilegedUsername = config.Require("unprivilegedUsername");
var unprivilegedUser = new Iam.User("unprivilegedUser", new Iam.UserArgs
{
Name = unprivilegedUsername,
});

var unprivilegedUser = new Iam.User("unprivilegedUser", new Iam.UserArgs
{
Name = unprivilegedUsername,
});

var unprivilegedUserCreds = new Iam.AccessKey("unprivileged-user-key", new Iam.AccessKeyArgs
{
User = unprivilegedUser.Name,
},
},
// additional_secret_outputs specify properties that must be encrypted as secrets
// https://www.pulumi.com/docs/intro/concepts/programming-model/#additionalsecretoutputs
new CustomResourceOptions { AdditionalSecretOutputs = { "secret" } });

var tempPolicy = unprivilegedUser.Arn.Apply((string arn) => {
AssumeRolePolicyArgs policyArgs = new AssumeRolePolicyArgs(arn);
return JsonSerializer.Serialize<AssumeRolePolicyArgs>(policyArgs);
});
var tempPolicy = unprivilegedUser.Arn.Apply((string arn) =>
{
AssumeRolePolicyArgs policyArgs = new AssumeRolePolicyArgs(arn);
return JsonSerializer.Serialize<AssumeRolePolicyArgs>(policyArgs);
});

var allowS3ManagementRole = new Iam.Role("allow-s3-management", new Iam.RoleArgs
{
Description = "Allow management of S3 buckets",
AssumeRolePolicy = tempPolicy
});

var rolePolicy = new Iam.RolePolicy("allow-s3-management-policy", new Iam.RolePolicyArgs
{
Role = allowS3ManagementRole.Name,
Policy =
Policy =
@"{
""Version"": ""2012-10-17"",
""Statement"": [{
Expand All @@ -50,8 +51,8 @@ public CreateRoleStack()
}]
}"
},
new CustomResourceOptions{Parent = allowS3ManagementRole}
);
new CustomResourceOptions { Parent = allowS3ManagementRole }
);
this.roleArn = allowS3ManagementRole.Arn;
this.accessKeyId = unprivilegedUserCreds.Id;
this.secretAccessKey = unprivilegedUserCreds.Secret;
Expand All @@ -60,9 +61,10 @@ public CreateRoleStack()
public class AssumeRolePolicyArgs
{
public string Version => "2012-10-17";
public StatementArgs Statement {get; private set;}
public StatementArgs Statement { get; private set; }

public AssumeRolePolicyArgs(string arn) {
public AssumeRolePolicyArgs(string arn)
{
Statement = new StatementArgs(arn);
}

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Extra line

Expand All @@ -71,18 +73,19 @@ public AssumeRolePolicyArgs(string arn) {
public class StatementArgs
{
public string Sid => "AllowAssumeRole";
public string Effect => "Allow";
public PrincipalArgs Principal {get; private set;}
public string Effect => "Allow";
public PrincipalArgs Principal { get; private set; }
public string Action => "sts:AssumeRole";

public StatementArgs(string arn) {

public StatementArgs(string arn)
{
Principal = new PrincipalArgs(arn);
}
}

public class PrincipalArgs
{
public string AWS {get; private set;}
public string AWS { get; private set; }

public PrincipalArgs(string arn)
{
Expand All @@ -91,14 +94,14 @@ public PrincipalArgs(string arn)
}




[Output]
public Output<string> roleArn { get; set;}
public Output<string> roleArn { get; set; }
[Output]
public Output<string> accessKeyId { get; set;}
public Output<string> accessKeyId { get; set; }
[Output]
public Output<string> secretAccessKey {get; set;}
public Output<string> secretAccessKey { get; set; }


}