From a381578aaeffb0fb9d50c2d26c108141cd6b6d20 Mon Sep 17 00:00:00 2001 From: Charles Marshall <66831205+charlesmmarshall@users.noreply.github.com> Date: Tue, 5 Mar 2024 14:48:09 +0000 Subject: [PATCH 1/2] Go update and workflow fixes (#1) Fork of workspace manager that was originally created by Tom while working at MoJ. This updates go to 1.21 and goreleaser as well as replacing the workflows with a combined semver tag and release workflow. * update go packages * update go releaser config * update release workflow * localised readme changes --- .github/workflows/pr-and-push.yml | 52 +++++++++++++++++++++++++++++++ .github/workflows/release.yml | 26 ---------------- .gitignore | 4 ++- .goreleaser.yml | 16 ++++------ README.md | 3 +- go.mod | 9 +++--- go.sum | 25 +++++---------- 7 files changed, 75 insertions(+), 60 deletions(-) create mode 100644 .github/workflows/pr-and-push.yml delete mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/pr-and-push.yml b/.github/workflows/pr-and-push.yml new file mode 100644 index 0000000..7a359a5 --- /dev/null +++ b/.github/workflows/pr-and-push.yml @@ -0,0 +1,52 @@ +name: "[PR & PUSH] Tag & Release" + +on: + pull_request: + branches: ['main'] + paths: ['go.mod', 'go.sum', 'main.go', 'cmd/**', 'terraform/workspace_cleanup/**'] + push: + branches: ['main'] + paths: ['go.mod', 'go.sum', 'main.go', 'cmd/**', 'terraform/workspace_cleanup/**'] + +jobs: + tag_and_release: + name: "Tag and release" + runs-on: ubuntu-latest + env: + prerelease: ${{ github.ref != 'refs/heads/main' }} + steps: + - name: "Checkout" + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: "Generate semver tag" + id: semver + uses: ministryofjustice/opg-github-actions/.github/actions/semver-tag@v3.0.2 + with: + prerelease: ${{ env.prerelease }} + releases_enabled: false + with_v: true + - name: "Checkout to created semver tag" + uses: actions/checkout@v4 + with: + fetch-depth: 0 + ref: ${{ steps.semver.outputs.created_tag }} + - name: Create release and artifacts + id: release + uses: goreleaser/goreleaser-action@v5 + with: + distribution: goreleaser + version: latest + args: release --clean + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + end: + name: 'End of workflow' + runs-on: 'ubuntu-latest' + needs: [tag_and_release] + steps: + - id: end + name: End + run: | + echo "End" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index bd22666..0000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: Release -on: - push: - branches: - - "!*" - tags: - - "v*.*.*" - -jobs: - build: - runs-on: ubuntu-latest - name: goreleaser - steps: - - name: Set up Go - uses: actions/setup-go@v1 - with: - go-version: 1.14 - id: go - - name: Checkout code into the go module directory - uses: actions/checkout@v1 - - name: release - uses: goreleaser/goreleaser-action@master - with: - args: release - env: - GITHUB_TOKEN: ${{ secrets.access_token }} diff --git a/.gitignore b/.gitignore index 8ee9f3c..27253d2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ .idea .terraform -terraform-ws-cleanup \ No newline at end of file +terraform-ws-cleanup +dist** +_target** \ No newline at end of file diff --git a/.goreleaser.yml b/.goreleaser.yml index 3f60822..dfe05d8 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -1,12 +1,13 @@ -project_name: terraform-workspace-manager +project_name: opg-terraform-workspace-manager env_files: - github_token: ${{ secrets.access_token }} + github_token: ${{ secrets.GITHUB_TOKEN }} release: + prerelease: auto github: - owner: TomTucka - name: terraform-workspace-manager + owner: ministryofjustice + name: opg-terraform-workspace-manager builds: - binary: terraform-workspace-manager @@ -25,9 +26,4 @@ builds: - arm - arm64 archives: - - - name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}" - replacements: - darwin: Darwin - linux: Linux - amd64: x86_64 + - name_template: '{{- .ProjectName }}_{{- title .Os }}_{{- if eq .Arch "amd64" }}x86_64{{- else if eq .Arch "386" }}i386{{- else }}{{ .Arch }}{{ end }}{{- if .Arm }}v{{ .Arm }}{{ end -}}' \ No newline at end of file diff --git a/README.md b/README.md index f74639e..86c9e34 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,6 @@ # terraform-workspace-cleanup +Forked from [this code base](https://github.com/TomTucka/terraform-workspace-manager). ## Use Case @@ -17,7 +18,7 @@ To use our module you can use the following snippet: ``` module "workspace-cleanup" { - source = "git@github.com:TomTucka/terraform-workspace-cleanup/terraform/workspace_cleanup" + source = "git@github.com:ministryofjustice/opg-terraform-workspace-manager/terraform/workspace_cleanup" enabled = true } ``` diff --git a/go.mod b/go.mod index bafacd5..aba0ab2 100644 --- a/go.mod +++ b/go.mod @@ -1,8 +1,7 @@ module terraform-workspace-cleanup -go 1.14 +go 1.21 -require ( - github.com/aws/aws-sdk-go v1.32.5 - github.com/stretchr/testify v1.5.1 -) +require github.com/aws/aws-sdk-go v1.50.31 + +require github.com/jmespath/go-jmespath v0.4.0 // indirect diff --git a/go.sum b/go.sum index 3e50ced..cd07535 100644 --- a/go.sum +++ b/go.sum @@ -1,23 +1,14 @@ -github.com/aws/aws-sdk-go v1.32.5 h1:Sz0C7deIoMu5lFGTVkIN92IEZrUz1AWIDDW+9p6n1Rk= -github.com/aws/aws-sdk-go v1.32.5/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= +github.com/aws/aws-sdk-go v1.50.31 h1:gx2NRLLEDUmQFC4YUsfMUKkGCwpXVO8ijUecq/nOQGA= +github.com/aws/aws-sdk-go v1.50.31/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= -github.com/jmespath/go-jmespath v0.3.0 h1:OS12ieG61fsCg5+qLJ+SsW9NicxNkg3b25OyT2yCeUc= -github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2 h1:CCH4IOTTfewWjGOlSp+zGcjutRKlBEZQ6wTn8ozI/nI= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= From 072fd38a8865fcf1e8a82ec368a3f47d62ab65c1 Mon Sep 17 00:00:00 2001 From: jamesrwarren Date: Mon, 7 Apr 2025 17:05:28 +0100 Subject: [PATCH 2/2] DDLS-570 allow assume role bypass --- cmd/register_workspace.go | 12 +++++++----- cmd/retrieve_registered_workspaces.go | 13 ++++++++----- main.go | 6 ++++-- 3 files changed, 19 insertions(+), 12 deletions(-) diff --git a/cmd/register_workspace.go b/cmd/register_workspace.go index 543387e..41fddb6 100644 --- a/cmd/register_workspace.go +++ b/cmd/register_workspace.go @@ -18,18 +18,20 @@ type Session struct { AwsSession *session.Session } -func RegisterWorkspace(workspace *string, accountId *string, iamRoleName *string, timeToProtect *int64) { +func RegisterWorkspace(workspace *string, accountId *string, iamRoleName *string, timeToProtect *int64, assumeRole *bool) { sess, err := session.NewSession() if err != nil { log.Fatalln(err) } - RoleArn := "arn:aws:iam::" + *accountId + ":role/" + *iamRoleName - - creds := stscreds.NewCredentials(sess, RoleArn) - awsConfig := aws.Config{Credentials: creds, Region: aws.String("eu-west-1")} + awsConfig := aws.Config{Region: aws.String("eu-west-1")} + if *assumeRole { + RoleArn := "arn:aws:iam::" + *accountId + ":role/" + *iamRoleName + creds := stscreds.NewCredentials(sess, RoleArn) + awsConfig.Credentials = creds + } svc := dynamodb.New(sess, &awsConfig) type Workspace struct { diff --git a/cmd/retrieve_registered_workspaces.go b/cmd/retrieve_registered_workspaces.go index c186340..32d8bcb 100644 --- a/cmd/retrieve_registered_workspaces.go +++ b/cmd/retrieve_registered_workspaces.go @@ -15,17 +15,20 @@ type Item struct { WorkspaceName string } -func RetrieveProtectedWorkspaces(accountId *string, iamRoleName *string) { +func RetrieveProtectedWorkspaces(accountId *string, iamRoleName *string, assumeRole *bool) { sess, err := session.NewSession() if err != nil { log.Fatalln(err) } - RoleArn := "arn:aws:iam::" + *accountId + ":role/" + *iamRoleName + awsConfig := aws.Config{Region: aws.String("eu-west-1")} - creds := stscreds.NewCredentials(sess, RoleArn) - awsConfig := aws.Config{Credentials: creds, Region: aws.String("eu-west-1")} + if *assumeRole { + RoleArn := "arn:aws:iam::" + *accountId + ":role/" + *iamRoleName + creds := stscreds.NewCredentials(sess, RoleArn) + awsConfig.Credentials = creds + } svc := dynamodb.New(sess, &awsConfig) @@ -54,4 +57,4 @@ func RetrieveProtectedWorkspaces(accountId *string, iamRoleName *string) { func exitWithError(err error) { fmt.Fprintln(os.Stderr, err) os.Exit(1) -} \ No newline at end of file +} diff --git a/main.go b/main.go index 9a897ef..a73f74d 100644 --- a/main.go +++ b/main.go @@ -17,12 +17,14 @@ func main() { var awsAccountId string var awsIAMRoleName string var timeToProtect int64 + var assumeRole bool flag.StringVar(&workspaceName, "register-workspace", "", "Register a workspace to be deleted at a later point") flag.StringVar(&awsAccountId, "aws-account-id", "", "Account ID for IAM Role") flag.StringVar(&awsIAMRoleName, "aws-iam-role", "", "AWS IAM Role Name") flag.Int64Var(&timeToProtect, "time-to-protect", 1 , "Time in hours to protect workspace for") flag.BoolVar(&protectedWorkspaces, "protected-workspaces", false, "get list of protected workspaces for deletion") + flag.BoolVar(&assumeRole, "assume-role", true, "whether to assume the passed role rather than use calling creds") flag.Parse() if awsAccountId == "" { @@ -36,11 +38,11 @@ func main() { } if protectedWorkspaces { - cmd.RetrieveProtectedWorkspaces(&awsAccountId, &awsIAMRoleName) + cmd.RetrieveProtectedWorkspaces(&awsAccountId, &awsIAMRoleName, &assumeRole) } if workspaceName != "" { - cmd.RegisterWorkspace(&workspaceName, &awsAccountId, &awsIAMRoleName, &timeToProtect) + cmd.RegisterWorkspace(&workspaceName, &awsAccountId, &awsIAMRoleName, &timeToProtect, &assumeRole) } else if protectedWorkspaces != true { fmt.Println("Error: Workspace not passed") flag.Usage()