-
Notifications
You must be signed in to change notification settings - Fork 5
/
broker.go
145 lines (122 loc) · 4.61 KB
/
broker.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
package main
import (
"context"
"encoding/json"
"errors"
"fmt"
"strings"
"code.cloudfoundry.org/lager"
"github.com/aws/aws-sdk-go/service/organizations"
"github.com/jinzhu/gorm"
_ "github.com/jinzhu/gorm/dialects/sqlite"
"github.com/pivotal-cf/brokerapi"
)
type notImplementedError struct{}
func (e notImplementedError) Error() string {
return "Not implemented"
}
type awsAccountBroker struct {
mgr accountManager
baseEmail string
logger lager.Logger
db *gorm.DB
}
func awsStatusToBrokerInstanceState(status organizations.CreateAccountStatus) brokerapi.LastOperationState {
switch *status.State {
case "IN_PROGRESS":
return brokerapi.InProgress
case "SUCCEEDED":
return brokerapi.Succeeded
}
// fallback, including "FAILED"
// https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListCreateAccountStatus.html#API_ListCreateAccountStatus_RequestSyntax
return brokerapi.Failed
}
func generateUniqueEmail(baseEmail string, id string) string {
emailParts := strings.SplitN(baseEmail, "@", 2)
return fmt.Sprintf("%s+%s@%s", emailParts[0], id, emailParts[1])
}
func (b awsAccountBroker) Services(ctx context.Context) []brokerapi.Service {
return []brokerapi.Service{
brokerapi.Service{
// Hard coding random (version 4) GUID. If we need to run multiple
// instances of the broker, we may need to do this differently
ID: "1d138a29-ac8b-4360-be9b-db50867fee95",
Name: "aws-account",
Description: "Provisions AWS accounts under the organization",
Bindable: true,
Plans: []brokerapi.ServicePlan{
brokerapi.ServicePlan{
// Another hard coded GUID. I don't know if this needs to be
// unique across the service manager or just within the Service
ID: "2e8718e2-0991-48d2-b3be-514303bf762d",
Name: "devsecops",
Description: "Provisions AWS accounts under the organization",
},
},
Metadata: &brokerapi.ServiceMetadata{
DisplayName: "AWS account broker",
// LongDescription: "...",
DocumentationUrl: "https://github.com/GSA/aws-account-broker",
SupportUrl: "https://github.com/GSA/aws-account-broker/issues/new",
// ImageUrl: "...",
ProviderDisplayName: "The IDI team in GSA IT",
},
Tags: []string{
"aws",
"iaas",
},
},
}
}
type serviceInstance struct {
gorm.Model
InstanceID string
RequestID string
}
func (b awsAccountBroker) Provision(ctx context.Context, instanceID string, details brokerapi.ProvisionDetails, asyncAllowed bool) (brokerapi.ProvisionedServiceSpec, error) {
spec := brokerapi.ProvisionedServiceSpec{}
if !asyncAllowed {
return spec, brokerapi.ErrAsyncRequired
}
email := generateUniqueEmail(b.baseEmail, instanceID)
createResult, err := b.mgr.CreateAccount(instanceID, email, b.db)
if err != nil {
return spec, err
}
b.logger.Info("Account created for " + email)
spec.IsAsync = true
status, _ := json.Marshal(createResult.CreateAccountStatus)
spec.OperationData = string(status)
return spec, nil
}
func (b awsAccountBroker) Deprovision(ctx context.Context, instanceID string, details brokerapi.DeprovisionDetails, asyncAllowed bool) (brokerapi.DeprovisionServiceSpec, error) {
spec := brokerapi.DeprovisionServiceSpec{}
return spec, errors.New("Not able to close accout through the API - see https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html")
}
func (b awsAccountBroker) Bind(ctx context.Context, instanceID, bindingID string, details brokerapi.BindDetails) (brokerapi.Binding, error) {
binding := brokerapi.Binding{}
return binding, notImplementedError{}
}
func (b awsAccountBroker) Unbind(ctx context.Context, instanceID, bindingID string, details brokerapi.UnbindDetails) error {
return notImplementedError{}
}
func (b awsAccountBroker) Update(ctx context.Context, instanceID string, details brokerapi.UpdateDetails, asyncAllowed bool) (brokerapi.UpdateServiceSpec, error) {
spec := brokerapi.UpdateServiceSpec{}
return spec, notImplementedError{}
}
func (b awsAccountBroker) LastOperation(ctx context.Context, instanceID, operationData string) (brokerapi.LastOperation, error) {
var instance serviceInstance
b.db.First(&instance, "instance_id = ?", instanceID)
awsStatus, err := b.mgr.GetAccountStatus(instance.RequestID)
brokerState := awsStatusToBrokerInstanceState(*awsStatus)
op := brokerapi.LastOperation{
State: brokerState,
Description: awsStatus.GoString(),
}
return op, err
}
func newAWSAccountBroker(baseEmail string, logger lager.Logger, db *gorm.DB) (awsAccountBroker, error) {
mgr, err := newAccountManager()
return awsAccountBroker{mgr, baseEmail, logger, db}, err
}