Improve aws-credentials app lookup process

apppackio · Nov 12, 2021 · f457a6c · f457a6c
1 parent 2b87a11
commit f457a6c
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 48 deletions.
diff --git a/app/app.go b/app/app.go
@@ -986,28 +986,27 @@ func Init(name string, awsCredentials bool) (*App, error) {
 		reviewApp = nil
 	}
 	var sess *session.Session
-	var err error
-	var appRole *auth.AppRole
-	if awsCredentials {
-		sess = session.Must(session.NewSession())
-		appRole, err = auth.AppRoleFromAWS(sess, name)
-	} else {
-		sess, appRole, err = auth.AppAWSSession(name)
-	}
-	if err != nil {
-		return nil, err
-	}
 	app := App{
 		Name:      name,
-		Pipeline:  appRole.Pipeline,
-		Session:   sess,
 		ReviewApp: reviewApp,
 	}
-	// TODO: pipeline is stored on the app role, but aws credentials don't use the role
-	// this is a horribly hacky way to look it up
+
 	if awsCredentials {
-		app.LoadSettings()
+		sess = session.Must(session.NewSession())
+		app.Session = sess
+		err := app.LoadSettings()
+		if err != nil {
+			return nil, err
+		}
+		// this is a horribly hacky way to figure out if the app is a pipeline, but it works
 		app.Pipeline = strings.Contains(app.Settings.StackID, fmt.Sprintf("/apppack-pipeline-%s/", app.Name))
+	} else {
+		sess, appRole, err := auth.AppAWSSession(name)
+		if err != nil {
+			return nil, err
+		}
+		app.Pipeline = appRole.Pipeline
+		app.Session = sess
 	}
 	if !app.Pipeline && app.ReviewApp != nil {
 		return nil, fmt.Errorf("%s is a standard app and can't have review apps", name)

diff --git a/auth/auth.go b/auth/auth.go
@@ -9,9 +9,6 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/session"
-	"github.com/aws/aws-sdk-go/service/dynamodb"
-	"github.com/aws/aws-sdk-go/service/dynamodb/dynamodbattribute"
-	"github.com/aws/aws-sdk-go/service/sts"
 	awsconsoleurl "github.com/jkueh/go-aws-console-url"
 	"github.com/sirupsen/logrus"
 )
@@ -30,35 +27,6 @@ const (
 	cachePrefix   = "io.apppack"
 )
 
-// AppRoleFromAWS gets an AppRole direct from DynamoDB instead of the AppPack API
-// needed for use with `--aws-credentials` which can't access the API
-func AppRoleFromAWS(sess *session.Session, appName string) (*AppRole, error) {
-	stsSvc := sts.New(sess)
-	resp, err := stsSvc.GetCallerIdentity(&sts.GetCallerIdentityInput{})
-	if err != nil {
-		return nil, err
-	}
-	accountID := resp.Account
-	ddbSvc := dynamodb.New(sess)
-	item, err := ddbSvc.GetItem(&dynamodb.GetItemInput{
-		TableName: aws.String("apppack"),
-		Key: map[string]*dynamodb.AttributeValue{
-			"primary_id":   {S: aws.String(fmt.Sprintf("APP#%s", *accountID))},
-			"secondary_id": {S: &appName},
-		},
-	})
-	if err != nil {
-		return nil, err
-	}
-	a := AppRole{}
-	err = dynamodbattribute.UnmarshalMap(item.Item, &a)
-	if err != nil {
-		return nil, err
-	}
-	a.AccountID = *accountID
-	return &a, nil
-}
-
 func Logout() error {
 	dir, err := os.UserCacheDir()
 	if err != nil {