jlengrand/engine
1
0
Fork 0
mirror of https://github.com/jlengrand/engine.git synced 2026-03-10 08:11:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: move helper fonctions into engine

Browse Source
This commit is contained in:
marc
2020-12-17 11:47:46 +01:00
committed by Pierre Mavro
parent 95135d3c78
commit 287c972a23
7 changed files with 109 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
Cargo.lock generated
View File

@@ -1876,6 +1876,7 @@ dependencies = [
"rusoto_dynamodb", "rusoto_dynamodb",
"rusoto_ecr", "rusoto_ecr",
"rusoto_eks", "rusoto_eks",
"rusoto_iam",
"rusoto_s3", "rusoto_s3",
"rusoto_sts", "rusoto_sts",
"rust-crypto", "rust-crypto",
@@ -2354,6 +2355,20 @@ dependencies = [
"serde_json", "serde_json",
] ]
[[package]]
name = "rusoto_iam"
version = "0.45.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "73f792f9b9977eb4af7dae0de5ec6ced243a75a8ba25b903d8251cc8ac42b1a5"
dependencies = [
"async-trait",
"bytes 0.5.6",
"futures 0.3.7",
"rusoto_core",
"serde_urlencoded 0.6.1",
"xml-rs",
]
[[package]] [[package]]
name = "rusoto_s3" name = "rusoto_s3"
version = "0.45.0" version = "0.45.0"

1
Cargo.toml
View File

@@ -52,6 +52,7 @@ rusoto_ecr = "0.45.0"
rusoto_eks = "0.45.0" rusoto_eks = "0.45.0"
rusoto_s3 = "0.45.0" rusoto_s3 = "0.45.0"
rusoto_dynamodb = "0.45.0" rusoto_dynamodb = "0.45.0"
rusoto_iam = "0.45.0"
# Digital Ocean Deps # Digital Ocean Deps
digitalocean = "0.1.1" digitalocean = "0.1.1"

4
lib/aws/bootstrap/ecr-qovery.tf
View File

@@ -1,4 +0,0 @@
# Qovery registry repository for application images store
data "external" "ecr_qovery_repo" {
program = ["./helper.sh", "create_ecr_repository", "qovery"]
}

5
lib/aws/bootstrap/elasticsearch.tf
View File

@@ -1,8 +1,3 @@
# Because it needs to be uniq across all clusters and Terraform doesn't brings solution to this, I'm using this hack
data "external" "create_elasticsearch_role" {
program = ["./helper.sh", "create_elasticsearch_role_for_aws_service", "AWSServiceRoleForAmazonElasticsearchService", "es.amazonaws.com"]
}
locals { locals {
tags_elasticsearch = merge( tags_elasticsearch = merge(
local.tags_eks, local.tags_eks,

4
lib/aws/bootstrap/helper.j2.sh
View File

@@ -127,10 +127,6 @@ case $1 in
check_args 2 check_args 2
create_elasticsearch_role_for_aws_service "$2" "$3" create_elasticsearch_role_for_aws_service "$2" "$3"
;; ;;
create_ecr_repository)
check_args 1
create_ecr_repository "$2"
;;
is_cni_handled_by_aws) is_cni_handled_by_aws)
check_args 1 check_args 1
is_cni_handled_by_aws "$2" is_cni_handled_by_aws "$2"

13
src/cloud_provider/aws/kubernetes/mod.rs
View File

@@ -17,11 +17,12 @@ use crate::deletion_utilities::{get_firsts_namespaces_to_delete, get_qovery_mana
use crate::dns_provider; use crate::dns_provider;
use crate::dns_provider::DnsProvider; use crate::dns_provider::DnsProvider;
use crate::error::EngineErrorCause::Internal; use crate::error::EngineErrorCause::Internal;
use crate::error::{cast_simple_error_to_engine_error, EngineError, EngineErrorCause}; use crate::error::{cast_simple_error_to_engine_error, EngineError, EngineErrorCause, SimpleError};
use crate::fs::workspace_directory; use crate::fs::workspace_directory;
use crate::models::{ use crate::models::{
Context, Listen, Listener, Listeners, ListenersHelper, ProgressInfo, ProgressLevel, ProgressScope, Context, Listen, Listener, Listeners, ListenersHelper, ProgressInfo, ProgressLevel, ProgressScope,
}; };
use crate::cloud_provider::aws::kubernetes::roles::get_default_roles_to_create;
use crate::object_storage::s3::S3; use crate::object_storage::s3::S3;
use crate::object_storage::ObjectStorage; use crate::object_storage::ObjectStorage;
use crate::string::terraform_list_format; use crate::string::terraform_list_format;
@@ -30,6 +31,7 @@ use retry::Error::Operation;
use retry::OperationResult; use retry::OperationResult;
pub mod node; pub mod node;
pub mod roles;
#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)] #[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct Options { pub struct Options {
@@ -416,6 +418,15 @@ impl<'a> Kubernetes for EKS<'a> {
self.context.execution_id(), self.context.execution_id(),
)); ));
// create AWS IAM roles
let default_role_to_create = get_default_roles_to_create();
for role in default_role_to_create {
match role.create_service_linked_role() {
Ok(_) => info!("Role {}, is successfully linked"),
Err(_) => error!("Role {}, isn't well linked"),
}
}
let temp_dir = workspace_directory( let temp_dir = workspace_directory(
self.context.workspace_root_dir(), self.context.workspace_root_dir(),
self.context.execution_id(), self.context.execution_id(),

81
src/cloud_provider/aws/kubernetes/roles.rs Normal file
View File

@@ -0,0 +1,81 @@
use self::rusoto_iam::{
CreateServiceLinkedRoleRequest, GetRoleError, GetRoleRequest, GetRoleResponse, Iam, IamClient,
};
use crate::error::{EngineError, SimpleError, SimpleErrorKind};
use crate::models::Context;
use rusoto_core::{Client, HttpClient, Region, RusotoError};
use rusoto_credential::StaticProvider;
use tokio::macros::support::Future;
use tokio::runtime::Runtime;
extern crate rusoto_iam;
pub struct Role {
role_name: String,
service_name: String,
description: String,
}
pub fn get_default_roles_to_create() -> Vec<Role> {
let mut defaults_role_to_create: Vec<Role> = Vec::new();
defaults_role_to_create.push(Role {
role_name: "create_elasticsearch_role_for_aws_service".to_string(),
service_name: "AWSServiceRoleForAmazonElasticsearchService".to_string(),
description: "role permissions policy allows Amazon ES to complete create, delete, describe, modify on ec2 and elb".to_string(),
});
defaults_role_to_create
}
impl Role {
pub fn new(role_name: String, service_name: String, description: String) -> Self {
Role {
role_name,
service_name,
description,
}
}
pub async fn is_exist(&self) -> bool {
let credentials = StaticProvider::new(
access_key_id.to_string(),
secret_access_key.to_string(),
None,
None,
);
let client = Client::new_with(credentials, HttpClient::new().unwrap());
let iam_client = IamClient::new_with_client(client, Region::default());
let role = iam_client.get_role(GetRoleRequest { role_name }).await;
return match role {
Ok(_) => true,
Err(_) => false,
};
}
pub fn create_service_linked_role(&self) -> Result<(), SimpleError> {
let future_is_exist = self.is_exist();
Runtime::new()
.expect("Failed to create Tokio runtime to check if role exist")
.block_on(future_is_exist);
return match future_is_exist {
true => {
info!("Role {} already exist, nothing to do", &self.role_name);
Ok(())
}
false => {
info!("Role {} doesn't exist, let's create it !", &self.role_name);
let client = Client::new_with(credentials, HttpClient::new().unwrap());
let iam_client = IamClient::new_with_client(client, Region::default());
iam_client.create_service_linked_role(CreateServiceLinkedRoleRequest {
aws_service_name: self.service_name.clone(),
custom_suffix: None,
description: Some(self.description.clone()),
});
Ok(())
}
_ => Err(SimpleError::new(
SimpleErrorKind::Other,
Some(format!("Unable to check if role {} exist", &self.role_name)),
)),
};
}
}