From 584db9c3dcab94ad7091ea7d55132ceabd05d611 Mon Sep 17 00:00:00 2001 From: Brian Vu Date: Thu, 7 Sep 2023 12:36:17 -0700 Subject: [PATCH 1/4] fix: add validation for version --- src/scripts/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/scripts/install.sh b/src/scripts/install.sh index d8172ae..e81207b 100644 --- a/src/scripts/install.sh +++ b/src/scripts/install.sh @@ -34,7 +34,7 @@ Toggle_Pager(){ if ! command -v aws >/dev/null 2>&1; then Install_AWS_CLI "${AWS_CLI_STR_AWS_CLI_VERSION}" Toggle_Pager -elif [ "$AWS_CLI_BOOL_OVERRIDE" -eq 1 ]; then +elif [ "$AWS_CLI_BOOL_OVERRIDE" -eq 1 ] || [ "${AWS_CLI_STR_AWS_CLI_VERSION}" != "latest" ]; then Uninstall_AWS_CLI Install_AWS_CLI "${AWS_CLI_STR_AWS_CLI_VERSION}" Toggle_Pager From 29091c6a97ad3841bff23799c4ea692f8c7c6e65 Mon Sep 17 00:00:00 2001 From: Brian Vu Date: Thu, 7 Sep 2023 12:37:18 -0700 Subject: [PATCH 2/4] fix: remove debug --- .circleci/test-deploy.yml | 4 ++-- src/commands/setup.yml | 4 ++-- src/scripts/assume_role_with_web_identity.sh | 5 +++-- src/scripts/configure.sh | 7 +++---- src/scripts/role_arn_setup.sh | 4 ++-- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml index 8d1938d..5cddd4d 100644 --- a/.circleci/test-deploy.yml +++ b/.circleci/test-deploy.yml @@ -156,13 +156,13 @@ workflows: - integration-test-install: name: integration-test-web-identity-with-profile role_arn: arn:aws:iam::122211685980:role/CPE_ECR_OIDC_TEST - profile_name: "OIDC-Tester" + profile_name: OIDC-Tester context: [CPE-OIDC] executor: docker-base post-steps: - run: name: Web Identity Test - Logging into ECR - command: aws ecr get-login-password --region us-west-2 --profile "OIDC-Tester" | docker login --username AWS --password-stdin 122211685980.dkr.ecr.us-west-2.amazonaws.com + command: aws ecr get-login-password --region us-west-2 --profile OIDC-Tester | docker login --username AWS --password-stdin 122211685980.dkr.ecr.us-west-2.amazonaws.com # Testing executors that do not AWS CLI pre-installed - integration-test-install: name: integration-test-install-<> diff --git a/src/commands/setup.yml b/src/commands/setup.yml index 91366f5..afc7a37 100644 --- a/src/commands/setup.yml +++ b/src/commands/setup.yml @@ -44,7 +44,7 @@ parameters: the environment variable you will use to hold this value, i.e. AWS_ACCESS_KEY. type: string - default: ${AWS_ACCESS_KEY_ID} + default: AWS_ACCESS_KEY_ID aws_secret_access_key: description: | @@ -52,7 +52,7 @@ parameters: the environment variable you will use to hold this value, i.e. AWS_SECRET_ACCESS_KEY. type: string - default: ${AWS_SECRET_ACCESS_KEY} + default: AWS_SECRET_ACCESS_KEY region: description: | diff --git a/src/scripts/assume_role_with_web_identity.sh b/src/scripts/assume_role_with_web_identity.sh index 4efb411..8e175e7 100644 --- a/src/scripts/assume_role_with_web_identity.sh +++ b/src/scripts/assume_role_with_web_identity.sh @@ -4,9 +4,9 @@ AWS_CLI_STR_ROLE_ARN="$(echo "${AWS_CLI_STR_ROLE_ARN}" | circleci env subst)" AWS_CLI_STR_PROFILE_NAME="$(echo "${AWS_CLI_STR_PROFILE_NAME}" | circleci env subst)" AWS_CLI_STR_REGION="$(echo "${AWS_CLI_STR_REGION}" | circleci env subst)" + # Replaces white spaces in role session name with dashes AWS_CLI_STR_ROLE_SESSION_NAME=$(echo "${AWS_CLI_STR_ROLE_SESSION_NAME}" | tr ' ' '-') - if [ -z "${AWS_CLI_STR_ROLE_SESSION_NAME}" ]; then echo "Role session name is required" exit 1 @@ -23,6 +23,7 @@ if [ ! "$(command -v aws)" ]; then fi if [ -n "${AWS_CLI_STR_REGION}" ]; then + echo "${AWS_CLI_STR_REGION}" set -- "$@" --region "${AWS_CLI_STR_REGION}" fi @@ -47,4 +48,4 @@ else echo "export AWS_SESSION_TOKEN=\"${AWS_SESSION_TOKEN}\"" } >>"$BASH_ENV" echo "Assume role with web identity succeeded" -fi +fi \ No newline at end of file diff --git a/src/scripts/configure.sh b/src/scripts/configure.sh index 0a036d6..a0218cc 100644 --- a/src/scripts/configure.sh +++ b/src/scripts/configure.sh @@ -5,8 +5,8 @@ if grep "Alpine" /etc/issue > /dev/null 2>&1; then . "$BASH_ENV" fi -AWS_CLI_STR_ACCESS_KEY_ID="$(echo "$AWS_CLI_STR_ACCESS_KEY_ID" | circleci env subst)" -AWS_CLI_STR_SECRET_ACCESS_KEY="$(echo "$AWS_CLI_STR_SECRET_ACCESS_KEY" | circleci env subst)" +AWS_CLI_STR_ACCESS_KEY_ID="$(echo "\$$AWS_CLI_STR_ACCESS_KEY_ID" | circleci env subst)" +AWS_CLI_STR_SECRET_ACCESS_KEY="$(echo "\$$AWS_CLI_STR_SECRET_ACCESS_KEY" | circleci env subst)" AWS_SESSION_TOKEN="$(echo "$AWS_SESSION_TOKEN" | circleci env subst)" AWS_CLI_STR_REGION="$(echo "$AWS_CLI_STR_REGION" | circleci env subst)" AWS_CLI_STR_PROFILE_NAME="$(echo "$AWS_CLI_STR_PROFILE_NAME" | circleci env subst)" @@ -15,7 +15,7 @@ if [ -z "$AWS_CLI_STR_ACCESS_KEY_ID" ] || [ -z "${AWS_CLI_STR_SECRET_ACCESS_KEY} echo "Cannot configure profile. AWS access key id and AWS secret access key must be provided." exit 1 fi -set -x + aws configure set aws_access_key_id \ "$AWS_CLI_STR_ACCESS_KEY_ID" \ --profile "$AWS_CLI_STR_PROFILE_NAME" @@ -39,4 +39,3 @@ if [ "$AWS_CLI_BOOL_CONFIG_PROFILE_REGION" -eq "1" ]; then aws configure set region "$AWS_CLI_STR_REGION" \ --profile "$AWS_CLI_STR_PROFILE_NAME" fi -set +x \ No newline at end of file diff --git a/src/scripts/role_arn_setup.sh b/src/scripts/role_arn_setup.sh index d7544b0..f3393b7 100644 --- a/src/scripts/role_arn_setup.sh +++ b/src/scripts/role_arn_setup.sh @@ -7,7 +7,7 @@ if [ ! -f "${HOME}/.aws/credentials" ]; then echo "Credentials not found. Run setup command before role-arn-setup." exit 1 fi -set -x + aws configure set profile."${AWS_CLI_STR_PROFILE_NAME}".role_arn "${AWS_CLI_STR_ROLE_ARN}" aws configure set profile."${AWS_CLI_STR_PROFILE_NAME}".source_profile "${AWS_CLI_STR_SOURCE_PROFILE}" -set +x + From 381f56dc86117a82691003602d5575cbb071cae2 Mon Sep 17 00:00:00 2001 From: Brian Vu Date: Fri, 8 Sep 2023 11:00:40 -0700 Subject: [PATCH 3/4] chore: code cleanup --- .circleci/test-deploy.yml | 4 ++-- src/scripts/assume_role_with_web_identity.sh | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml index 5cddd4d..8d1938d 100644 --- a/.circleci/test-deploy.yml +++ b/.circleci/test-deploy.yml @@ -156,13 +156,13 @@ workflows: - integration-test-install: name: integration-test-web-identity-with-profile role_arn: arn:aws:iam::122211685980:role/CPE_ECR_OIDC_TEST - profile_name: OIDC-Tester + profile_name: "OIDC-Tester" context: [CPE-OIDC] executor: docker-base post-steps: - run: name: Web Identity Test - Logging into ECR - command: aws ecr get-login-password --region us-west-2 --profile OIDC-Tester | docker login --username AWS --password-stdin 122211685980.dkr.ecr.us-west-2.amazonaws.com + command: aws ecr get-login-password --region us-west-2 --profile "OIDC-Tester" | docker login --username AWS --password-stdin 122211685980.dkr.ecr.us-west-2.amazonaws.com # Testing executors that do not AWS CLI pre-installed - integration-test-install: name: integration-test-install-<> diff --git a/src/scripts/assume_role_with_web_identity.sh b/src/scripts/assume_role_with_web_identity.sh index 8e175e7..3273571 100644 --- a/src/scripts/assume_role_with_web_identity.sh +++ b/src/scripts/assume_role_with_web_identity.sh @@ -23,7 +23,6 @@ if [ ! "$(command -v aws)" ]; then fi if [ -n "${AWS_CLI_STR_REGION}" ]; then - echo "${AWS_CLI_STR_REGION}" set -- "$@" --region "${AWS_CLI_STR_REGION}" fi From d00c45cb4a598a4e2ba43bcb1edb9f848709d891 Mon Sep 17 00:00:00 2001 From: Brian Vu Date: Fri, 8 Sep 2023 12:02:39 -0700 Subject: [PATCH 4/4] ci: add testing for version override --- .circleci/test-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml index 8d1938d..734e263 100644 --- a/.circleci/test-deploy.yml +++ b/.circleci/test-deploy.yml @@ -198,7 +198,7 @@ workflows: version: "2.1.10" install_dir: "/usr/local/aws-cli" binary_dir: "" - override_installed: true + override_installed: false filters: *filters post-steps: - check_aws_version: