access key

ruokun-niu · Jan 17, 2025 · 7c2e55e · 7c2e55e
1 parent 00f4ccf
commit 7c2e55e
Show file tree

Hide file tree

Showing 10 changed files with 78 additions and 5 deletions.
diff --git a/control-planes/kubernetes_provider/src/spec_builder/identity.rs b/control-planes/kubernetes_provider/src/spec_builder/identity.rs
@@ -110,7 +110,15 @@ pub fn apply_identity(spec: &mut KubernetesSpec, identity: &ServiceIdentity) {
                 "eks.amazonaws.com/role-arn".to_string(),
                 arn.to_string(),
             );
+        }
+        ServiceIdentity::AwsIamAccessKey {
+            access_key_id,
+            secret_access_key,
+        } => {
+            env_vars.insert("AWS_ACCESS_KEY_ID".to_string(), access_key_id.clone());
+            env_vars.insert("AWS_SECRET_ACCESS_KEY".to_string(), secret_access_key.clone());
 
+            id_type = "AwsIamAccessKey";
         }
     }
 

diff --git a/control-planes/mgmt_api/src/api/v1/mappings/providers.rs b/control-planes/mgmt_api/src/api/v1/mappings/providers.rs
@@ -96,6 +96,13 @@ impl From<ServiceIdentityDto> for ServiceIdentity {
             ServiceIdentityDto::AwsIamRole { role_arn } => ServiceIdentity::AwsIamRole {
                 role_arn: role_arn.into(),
             },
+            ServiceIdentityDto::AwsIamAccessKey {
+                access_key_id,
+                secret_access_key,
+            } => ServiceIdentity::AwsIamAccessKey {
+                access_key_id: access_key_id.into(),
+                secret_access_key: secret_access_key.into(),
+            }
         }
     }
 }
@@ -128,6 +135,13 @@ impl From<ServiceIdentity> for ServiceIdentityDto {
             ServiceIdentity::AwsIamRole { role_arn } => ServiceIdentityDto::AwsIamRole {
                 role_arn: role_arn.into(),
             },
+            ServiceIdentity::AwsIamAccessKey {
+                access_key_id,
+                secret_access_key,
+            } => ServiceIdentityDto::AwsIamAccessKey {
+                access_key_id: access_key_id.into(),
+                secret_access_key: secret_access_key.into(),
+            }
         }
     }
 }

diff --git a/control-planes/mgmt_api/src/api/v1/models/providers.rs b/control-planes/mgmt_api/src/api/v1/models/providers.rs
@@ -80,6 +80,12 @@ pub enum ServiceIdentityDto {
         #[serde(rename = "roleArn")]
         role_arn: ConfigValueDto,
     },
+    AwsIamAccessKey {
+        #[serde(rename = "accessKeyId")]
+        access_key_id: ConfigValueDto,
+        #[serde(rename = "secretAccessKey")]
+        secret_access_key: ConfigValueDto,
+    }
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone)]

diff --git a/control-planes/mgmt_api/src/domain/mappings.rs b/control-planes/mgmt_api/src/domain/mappings.rs
@@ -219,6 +219,13 @@ impl From<ServiceIdentity> for resource_provider_api::models::ServiceIdentity {
                     role_arn: role_arn.into(),
                 }
             }
+            ServiceIdentity::AwsIamAccessKey {
+                access_key_id,
+                secret_access_key,
+            } => resource_provider_api::models::ServiceIdentity::AwsIamAccessKey {
+                access_key_id: access_key_id.into(),
+                secret_access_key: secret_access_key.into(),
+            },
         }
     }
 }

diff --git a/control-planes/mgmt_api/src/domain/models.rs b/control-planes/mgmt_api/src/domain/models.rs
@@ -282,6 +282,12 @@ pub enum ServiceIdentity {
         #[serde(rename = "roleArn")]
         role_arn: ConfigValue,
     },
+    AwsIamAccessKey {
+        #[serde(rename = "accessKeyId")]
+        access_key_id: ConfigValue,
+        #[serde(rename = "secretAccessKey")]
+        secret_access_key: ConfigValue,
+    }
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone)]

diff --git a/control-planes/resource_provider_api/src/models.rs b/control-planes/resource_provider_api/src/models.rs
@@ -212,6 +212,12 @@ pub enum ServiceIdentity {
         #[serde(rename = "roleArn")]
         role_arn: ConfigValue,
     },
+    AwsIamAccessKey {
+        #[serde(rename = "accessKeyId")]
+        access_key_id: ConfigValue,
+        #[serde(rename = "secretAccessKey")]
+        secret_access_key: ConfigValue,
+    }
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone)]

diff --git a/reactions/aws/eventbridge-reaction/Program.cs b/reactions/aws/eventbridge-reaction/Program.cs
@@ -29,7 +29,19 @@
                       services.AddSingleton<IChangeFormatter, ChangeFormatter>();
                       services.AddSingleton<AmazonEventBridgeClient>(sp =>
                       {
-                          return new AmazonEventBridgeClient();
+                          var configuration = sp.GetRequiredService<IConfiguration>();
+                          switch (configuration.GetIdentityType())
+                          {
+                            case IdentityType.AwsIamRole:
+                              return new AmazonEventBridgeClient();
+                            case IdentityType.AwsIamAccessKey:
+                              var accessKey = configuration.GetAwsIamAccessKeyId();
+                              var secretKey = configuration.GetAwsIamSecretKey();
+                              return new AmazonEventBridgeClient(accessKey, secretKey);
+                            default:
+                              Reaction<object>.TerminateWithError("Invalid Identity Type. Valid values are AwsIamRole and AwsIamAccessKey");
+                              throw new Exception("Invalid Identity Type. Valid values are AwsIamRole and AwsIamAccessKey");
+                          }
                       });
                    })
                      .Build();

diff --git a/reactions/aws/eventbridge-reaction/eventbridge-reaction.csproj b/reactions/aws/eventbridge-reaction/eventbridge-reaction.csproj
@@ -11,7 +11,7 @@
   <ItemGroup>
     <PackageReference Include="AWSSDK.EventBridge" Version="3.7.402.17" />
     <PackageReference Include="AWSSDK.SecurityToken" Version="3.7.401.29" />
-    <PackageReference Include="Drasi.Reaction.SDK" Version="0.1.7-alpha" />
+    <PackageReference Include="Drasi.Reaction.SDK" Version="0.1.8-alpha" />
   </ItemGroup>
 
 </Project>
diff --git a/reactions/sdk/dotnet/Drasi.Reaction.SDK/ConfigurationExtensions.cs b/reactions/sdk/dotnet/Drasi.Reaction.SDK/ConfigurationExtensions.cs
@@ -12,6 +12,8 @@ public static IdentityType GetIdentityType(this IConfiguration config)
                 "MicrosoftEntraWorkloadID" => IdentityType.MicrosoftEntraWorkloadID,
                 "ConnectionString" => IdentityType.ConnectionString,
                 "AccessKey" => IdentityType.AccessKey,
+                "AwsIamRole" => IdentityType.AwsIamRole,
+                "AwsIamAccessKey" => IdentityType.AwsIamAccessKey,
                 _ => IdentityType.None,
             };
         }
@@ -25,13 +27,25 @@ public static IdentityType GetIdentityType(this IConfiguration config)
         {
             return config.GetValue<string>("ACCESS_KEY");
         }
+
+        public static string? GetAwsIamAccessKeyId(this IConfiguration config)
+        {
+            return config.GetValue<string>("AWS_ACCESS_KEY_ID");
+        }
+
+        public static string? GetAwsIamSecretKey(this IConfiguration config)
+        {
+            return config.GetValue<string>("AWS_SECRET_ACCESS_KEY");
+        }
     }
 
     public enum IdentityType
     {
         None,
         MicrosoftEntraWorkloadID,
         ConnectionString,
-        AccessKey
+        AccessKey,
+        AwsIamRole,
+        AwsIamAccessKey,
     }
 }
diff --git a/reactions/sdk/dotnet/Drasi.Reaction.SDK/Drasi.Reaction.SDK.csproj b/reactions/sdk/dotnet/Drasi.Reaction.SDK/Drasi.Reaction.SDK.csproj
@@ -13,9 +13,9 @@
     <PackageLicenseExpression>Apache-2.0</PackageLicenseExpression>
     <RepositoryType>git</RepositoryType>
     <RepositoryUrl>https://github.com/drasi-project/drasi-platform.git</RepositoryUrl>
-    <Version>0.1.5</Version>
+    <Version>0.1.8</Version>
     <PackageIcon>drasi.png</PackageIcon>
-    <PackageVersion>0.1.5-alpha</PackageVersion>
+    <PackageVersion>0.1.8-alpha</PackageVersion>
     <PackageReadmeFile>README.md</PackageReadmeFile>
   </PropertyGroup>