forked from kubernetes/kops
/
iaminstanceprofilerole.go
104 lines (86 loc) · 2.72 KB
/
iaminstanceprofilerole.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
package awstasks
import (
"fmt"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/iam"
"github.com/golang/glog"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/cloudup/awsup"
"k8s.io/kops/upup/pkg/fi/cloudup/terraform"
)
type IAMInstanceProfileRole struct {
InstanceProfile *IAMInstanceProfile
Role *IAMRole
}
func (e *IAMInstanceProfileRole) String() string {
return fi.TaskAsString(e)
}
func (e *IAMInstanceProfileRole) Find(c *fi.Context) (*IAMInstanceProfileRole, error) {
cloud := c.Cloud.(awsup.AWSCloud)
if e.Role == nil || e.Role.ID == nil {
glog.V(2).Infof("Role/RoleID not set")
return nil, nil
}
roleID := *e.Role.ID
request := &iam.GetInstanceProfileInput{InstanceProfileName: e.InstanceProfile.Name}
response, err := cloud.IAM().GetInstanceProfile(request)
if awsErr, ok := err.(awserr.Error); ok {
if awsErr.Code() == "NoSuchEntity" {
return nil, nil
}
}
if err != nil {
return nil, fmt.Errorf("error getting IAMInstanceProfile: %v", err)
}
ip := response.InstanceProfile
for _, role := range ip.Roles {
if aws.StringValue(role.RoleId) != roleID {
continue
}
actual := &IAMInstanceProfileRole{}
actual.InstanceProfile = &IAMInstanceProfile{ID: ip.InstanceProfileId, Name: ip.InstanceProfileName}
actual.Role = &IAMRole{ID: role.RoleId, Name: role.RoleName}
return actual, nil
}
return nil, nil
}
func (e *IAMInstanceProfileRole) Run(c *fi.Context) error {
return fi.DefaultDeltaRunMethod(e, c)
}
func (s *IAMInstanceProfileRole) CheckChanges(a, e, changes *IAMInstanceProfileRole) error {
if a != nil {
if e.Role == nil {
return fi.RequiredField("Role")
}
if e.InstanceProfile == nil {
return fi.RequiredField("InstanceProfile")
}
}
return nil
}
func (_ *IAMInstanceProfileRole) RenderAWS(t *awsup.AWSAPITarget, a, e, changes *IAMInstanceProfileRole) error {
if a == nil {
request := &iam.AddRoleToInstanceProfileInput{
InstanceProfileName: e.InstanceProfile.Name,
RoleName: e.Role.Name,
}
_, err := t.Cloud.IAM().AddRoleToInstanceProfile(request)
if err != nil {
return fmt.Errorf("error creating IAMInstanceProfileRole: %v", err)
}
}
// TODO: Should we use path as our tag?
return nil // No tags in IAM
}
type terraformIAMInstanceProfile struct {
Name *string `json:"name"`
Roles []*terraform.Literal `json:"roles"`
}
func (_ *IAMInstanceProfileRole) RenderTerraform(t *terraform.TerraformTarget, a, e, changes *IAMInstanceProfileRole) error {
tf := &terraformIAMInstanceProfile{
Name: e.InstanceProfile.Name,
Roles: []*terraform.Literal{e.Role.TerraformLink()},
}
return t.RenderResource("aws_iam_instance_profile", *e.InstanceProfile.Name, tf)
}