-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
OCM-2373 | feat: Moved helpers associated with getRole
- Loading branch information
den-rgb
committed
Oct 18, 2023
1 parent
58f797b
commit a5529bc
Showing
14 changed files
with
326 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
package validations | ||
|
||
import ( | ||
"fmt" | ||
"github.com/aws/aws-sdk-go/service/iam" | ||
"github.com/aws/aws-sdk-go/aws" | ||
semver "github.com/hashicorp/go-version" | ||
"github.com/openshift-online/ocm-common/pkg" | ||
) | ||
|
||
func GetRoleName(prefix string, role string) string { | ||
name := fmt.Sprintf("%s-%s-Role", prefix, role) | ||
if len(name) > pkg.MaxByteSize { | ||
name = name[0:pkg.MaxByteSize] | ||
} | ||
return name | ||
} | ||
|
||
func IsManagedRole(roleTags []*iam.Tag) bool { | ||
for _, tag := range roleTags { | ||
if aws.StringValue(tag.Key) == ManagedPolicies && aws.StringValue(tag.Value) == "true" { | ||
return true | ||
} | ||
} | ||
|
||
return false | ||
} | ||
|
||
func HasCompatibleVersionTags(iamTags []*iam.Tag, version string) (bool, error) { | ||
if len(iamTags) == 0 { | ||
return false, nil | ||
} | ||
|
||
wantedVersion, err := semver.NewVersion(version) | ||
if err != nil { | ||
return false, err | ||
} | ||
|
||
for _, tag := range iamTags { | ||
if aws.StringValue(tag.Key) == OpenShiftVersion { | ||
if version == aws.StringValue(tag.Value) { | ||
return true, nil | ||
} | ||
|
||
currentVersion, err := semver.NewVersion(aws.StringValue(tag.Value)) | ||
if err != nil { | ||
return false, err | ||
} | ||
return currentVersion.GreaterThanOrEqual(wantedVersion), nil | ||
} | ||
} | ||
return false, nil | ||
} | ||
|
||
func IamResourceHasTag(iamTags []*iam.Tag, tagKey string, tagValue string) bool { | ||
for _, tag := range iamTags { | ||
if aws.StringValue(tag.Key) == tagKey && aws.StringValue(tag.Value) == tagValue { | ||
return true | ||
} | ||
} | ||
|
||
return false | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,144 @@ | ||
package validations | ||
|
||
import ( | ||
"fmt" | ||
"github.com/aws/aws-sdk-go/aws" | ||
"github.com/aws/aws-sdk-go/service/iam" | ||
|
||
. "github.com/onsi/ginkgo/v2" | ||
. "github.com/onsi/gomega" | ||
) | ||
|
||
var _ = Describe("AWS IAM Functions", func() { | ||
Describe("GetRoleName", func() { | ||
It("should generate a role name with the given prefix and role name", func() { | ||
prefix := "myPrefix" | ||
roleName := "myRole" | ||
expectedName := fmt.Sprintf("%s-%s-Role", prefix, roleName) | ||
|
||
name := GetRoleName(prefix, roleName) | ||
|
||
Expect(name).To(Equal(expectedName)) | ||
}) | ||
|
||
It("should truncate the generated name if it exceeds 64 characters", func() { | ||
prefix := "myPrefix" | ||
roleName := "myVeryLongRoleNameThatExceedsSixtyFourCharacters123456" | ||
expectedName := "myPrefix-myVeryLongRoleNameThatExceedsSixtyFourCharacters123456-" | ||
|
||
name := GetRoleName(prefix, roleName) | ||
|
||
Expect(name).To(Equal(expectedName)) | ||
}) | ||
}) | ||
|
||
Describe("isManagedRole", func() { | ||
It("should return true if the 'ManagedPolicies' tag has the value 'true'", func() { | ||
roleTags := []*iam.Tag{ | ||
{Key: aws.String(ManagedPolicies), Value: aws.String("true")}, | ||
} | ||
|
||
result := IsManagedRole(roleTags) | ||
|
||
Expect(result).To(BeTrue()) | ||
}) | ||
|
||
It("should return false if the 'ManagedPolicies' tag does not have the value 'true'", func() { | ||
roleTags := []*iam.Tag{ | ||
{Key: aws.String(ManagedPolicies), Value: aws.String("false")}, | ||
} | ||
|
||
result := IsManagedRole(roleTags) | ||
|
||
Expect(result).To(BeFalse()) | ||
}) | ||
|
||
It("should return false if the 'ManagedPolicies' tag is not present", func() { | ||
roleTags := []*iam.Tag{ | ||
{Key: aws.String("SomeOtherTag"), Value: aws.String("true")}, | ||
} | ||
|
||
result := IsManagedRole(roleTags) | ||
|
||
Expect(result).To(BeFalse()) | ||
}) | ||
}) | ||
|
||
var _ = Describe("HasCompatibleVersionTags", func() { | ||
var iamTags []*iam.Tag | ||
|
||
BeforeEach(func() { | ||
iamTags = []*iam.Tag{ | ||
{Key: aws.String(OpenShiftVersion), Value: aws.String("1.2.3")}, | ||
{Key: aws.String("SomeOtherTag"), Value: aws.String("value")}, | ||
} | ||
}) | ||
|
||
It("should return true if the version tag matches the provided version", func() { | ||
version := "1.2.3" | ||
|
||
result, err := HasCompatibleVersionTags(iamTags, version) | ||
|
||
Expect(result).To(BeTrue()) | ||
Expect(err).To(BeNil()) | ||
}) | ||
|
||
It("should return false if the version tag does not match the provided version", func() { | ||
version := "2.0.0" | ||
|
||
result, err := HasCompatibleVersionTags(iamTags, version) | ||
|
||
Expect(result).To(BeFalse()) | ||
Expect(err).To(BeNil()) | ||
}) | ||
|
||
It("should return false if the version tag is not present", func() { | ||
version := "1.2.3" | ||
iamTags = []*iam.Tag{ | ||
{Key: aws.String("SomeOtherTag"), Value: aws.String("value")}, | ||
} | ||
|
||
result, err := HasCompatibleVersionTags(iamTags, version) | ||
|
||
Expect(result).To(BeFalse()) | ||
Expect(err).To(BeNil()) | ||
}) | ||
|
||
It("should return an error if the provided version is not a valid semantic version", func() { | ||
version := "invalid-version" | ||
|
||
result, err := HasCompatibleVersionTags(iamTags, version) | ||
|
||
Expect(result).To(BeFalse()) | ||
Expect(err).ToNot(BeNil()) | ||
}) | ||
}) | ||
|
||
var _ = Describe("IamResourceHasTag", func() { | ||
It("should return true if the tag with the specified key and value exists", func() { | ||
iamTags := []*iam.Tag{ | ||
{Key: aws.String("Tag1"), Value: aws.String("Value1")}, | ||
{Key: aws.String("Tag2"), Value: aws.String("Value2")}, | ||
} | ||
tagKey := "Tag1" | ||
tagValue := "Value1" | ||
|
||
result := IamResourceHasTag(iamTags, tagKey, tagValue) | ||
|
||
Expect(result).To(BeTrue()) | ||
}) | ||
|
||
It("should return false if the tag with the specified key and value does not exist", func() { | ||
iamTags := []*iam.Tag{ | ||
{Key: aws.String("Tag1"), Value: aws.String("Value1")}, | ||
{Key: aws.String("Tag2"), Value: aws.String("Value2")}, | ||
} | ||
tagKey := "Tag3" | ||
tagValue := "Value3" | ||
|
||
result := IamResourceHasTag(iamTags, tagKey, tagValue) | ||
|
||
Expect(result).To(BeFalse()) | ||
}) | ||
}) | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
package validations | ||
|
||
const prefix = "rosa_" | ||
|
||
const ManagedPolicies = prefix + "managed_policies" | ||
|
||
// OpenShiftVersion is the name of the tag that will contain | ||
// the version of OpenShift that the resources are used for | ||
const OpenShiftVersion = prefix + "openshift_version" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
package validations | ||
|
||
import ( | ||
"testing" | ||
|
||
. "github.com/onsi/ginkgo/v2" | ||
. "github.com/onsi/gomega" | ||
) | ||
|
||
func TestValidations(t *testing.T) { | ||
RegisterFailHandler(Fail) | ||
RunSpecs(t, "Validations Suite") | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
package pkg | ||
|
||
const MaxByteSize = 64 |
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
package validations | ||
|
||
import ( | ||
"fmt" | ||
"net/url" | ||
"strings" | ||
) | ||
|
||
func ValidateIssuerUrlMatchesAssumePolicyDocument( | ||
roleArn string, parsedUrl *url.URL, assumePolicyDocument string) error { | ||
issuerUrl := parsedUrl.Host | ||
if parsedUrl.Path != "" { | ||
issuerUrl += parsedUrl.Path | ||
} | ||
decodedAssumePolicyDocument, err := url.QueryUnescape(assumePolicyDocument) | ||
if err != nil { | ||
return err | ||
} | ||
if !strings.Contains(decodedAssumePolicyDocument, issuerUrl) { | ||
return fmt.Errorf("Operator role '%s' does not have trusted relationship to '%s' issuer URL", | ||
roleArn, issuerUrl) | ||
} | ||
return nil | ||
} |
Oops, something went wrong.