feat: add AWS-SQS cross account queue monitoring (#547)

* started sqs monitor cross sqs queues * finished sqs cross account queue monitoring Co-authored-by: Vaibhav <vaibhav.page@gmail.com>
argoproj · Mar 19, 2020 · f0b1eda · f0b1eda
1 parent 2c82dd9
commit f0b1eda
Show file tree

Hide file tree

Showing 9 changed files with 68 additions and 9 deletions.
diff --git a/api/event-source.html b/api/event-source.html
@@ -2111,6 +2111,18 @@ <h3 id="argoproj.io/v1alpha1.SQSEventSource">SQSEventSource
 source will be JSON</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>queueAccountId</code></br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>QueueAccountId is the ID of the account that created the queue to monitor</p>
+</td>
+</tr>
 </tbody>
 </table>
 <h3 id="argoproj.io/v1alpha1.SlackEventSource">SlackEventSource
@@ -2360,5 +2372,5 @@ <h3 id="argoproj.io/v1alpha1.StripeEventSource">StripeEventSource
 <hr/>
 <p><em>
 Generated with <code>gen-crd-api-reference-docs</code>
-on git commit <code>468aced</code>.
+on git commit <code>f010086</code>.
 </em></p>
diff --git a/api/event-source.md b/api/event-source.md
@@ -4170,6 +4170,29 @@ will be JSON
 
 </tr>
 
+<tr>
+
+<td>
+
+<code>queueAccountId</code></br> <em> string </em>
+
+</td>
+
+<td>
+
+<em>(Optional)</em>
+
+<p>
+
+QueueAccountId is the ID of the account that created the queue to
+monitor
+
+</p>
+
+</td>
+
+</tr>
+
 </tbody>
 
 </table>
@@ -4685,6 +4708,6 @@ all types of events will be processed. More info at
 <p>
 
 <em> Generated with <code>gen-crd-api-reference-docs</code> on git
-commit <code>468aced</code>. </em>
+commit <code>f010086</code>. </em>
 
 </p>
diff --git a/api/gateway.html b/api/gateway.html
@@ -671,5 +671,5 @@ <h3 id="argoproj.io/v1alpha1.Subscribers">Subscribers
 <hr/>
 <p><em>
 Generated with <code>gen-crd-api-reference-docs</code>
-on git commit <code>468aced</code>.
+on git commit <code>f010086</code>.
 </em></p>
diff --git a/api/gateway.md b/api/gateway.md
@@ -1323,6 +1323,6 @@ NATS refers to the subscribers over NATS protocol.
 <p>
 
 <em> Generated with <code>gen-crd-api-reference-docs</code> on git
-commit <code>468aced</code>. </em>
+commit <code>f010086</code>. </em>
 
 </p>
diff --git a/api/sensor.html b/api/sensor.html
@@ -3008,5 +3008,5 @@ <h3 id="argoproj.io/v1alpha1.URLArtifact">URLArtifact
 <hr/>
 <p><em>
 Generated with <code>gen-crd-api-reference-docs</code>
-on git commit <code>468aced</code>.
+on git commit <code>f010086</code>.
 </em></p>
diff --git a/api/sensor.md b/api/sensor.md
@@ -6001,6 +6001,6 @@ VerifyCert decides whether the connection is secure or not
 <p>
 
 <em> Generated with <code>gen-crd-api-reference-docs</code> on git
-commit <code>468aced</code>. </em>
+commit <code>f010086</code>. </em>
 
 </p>
diff --git a/examples/event-sources/aws-sqs.yaml b/examples/event-sources/aws-sqs.yaml
@@ -18,6 +18,7 @@ spec:
         key: secretkey
         # Name of the K8s secret that contains the secret key
         name: aws-secret
+      namespace: argo-events
       # aws region
       region: "us-east-1"
       # name of the queue. The gateway resolves the url of the queue from the queue name.
@@ -34,3 +35,19 @@ spec:
       region: "us-east-1"
       queue: "my-fake-queue-2"
       waitTimeSeconds: 20
+
+    cross-aws-account:
+      # Make sure AWS access credentials have permissions to "GetQueueUrl", "ReceiveMessage", and "DeleteMessage" of cross account Queue
+      accessKey:
+        key: accesskey
+        name: aws-secret
+      secretKey:
+        key: secretkey
+        name: aws-secret
+      namespace: argo-events
+      region: "us-east-1"
+      # name of queue to monitor
+      queue: "other-queue-name-3"
+      # AWS Account Id that created the queue
+      queueAccountId: "12345678"
+      waitTimeSeconds: 20
diff --git a/gateways/server/aws-sqs/start.go b/gateways/server/aws-sqs/start.go
@@ -18,7 +18,6 @@ package aws_sqs
 
 import (
 	"encoding/json"
-
 	"github.com/argoproj/argo-events/common"
 	"github.com/argoproj/argo-events/gateways"
 	"github.com/argoproj/argo-events/gateways/server"
@@ -83,9 +82,14 @@ func (listener *EventListener) listenEvents(eventSource *gateways.EventSource, c
 	sqsClient := sqslib.New(awsSession)
 
 	logger.Infoln("fetching queue url...")
-	queueURL, err := sqsClient.GetQueueUrl(&sqslib.GetQueueUrlInput{
+	getQueueUrlInput:= &sqslib.GetQueueUrlInput{
 		QueueName: &sqsEventSource.Queue,
-	})
+	}
+	if sqsEventSource.QueueAccountId != "" {
+	getQueueUrlInput = getQueueUrlInput.SetQueueOwnerAWSAccountId(sqsEventSource.QueueAccountId)
+	}
+
+	queueURL, err := sqsClient.GetQueueUrl(getQueueUrlInput)
 	if err != nil {
 		return errors.Wrapf(err, "failed to get the queue url for %s", eventSource.Name)
 	}

diff --git a/pkg/apis/eventsources/v1alpha1/types.go b/pkg/apis/eventsources/v1alpha1/types.go
@@ -267,6 +267,9 @@ type SQSEventSource struct {
 	// source will be JSON
 	// +optional
 	JSONBody bool `json:"jsonBody,omitempty" protobuf:"bytes,8,opt,name=jsonBody"`
+	// QueueAccountId is the ID of the account that created the queue to monitor
+	// +optional
+	QueueAccountId string `json:"queueAccountId,omitempty" protobuf:"bytes,9,opt,name=queueAccountId"`
 }
 
 // PubSubEventSource refers to event-source for GCP PubSub related events.