fix: shared credentials and sso

update Packer and Terraform versions mount .aws dir correctly
controlplaneio · Dec 21, 2023 · 3bf06ac · 3bf06ac
1 parent 07f5bb2
commit 3bf06ac
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 51 deletions.
diff --git a/cmd/simulator/main.go b/cmd/simulator/main.go
@@ -40,6 +40,12 @@ func main() {
 		os.Exit(1)
 	}
 
+	homeDir, err := os.UserHomeDir()
+	if err != nil {
+		slog.Error("failed to determine user home dir", "error", err)
+		os.Exit(1)
+	}
+
 	adminBundleDir, err := conf.AdminBundleDir()
 	if err != nil {
 		slog.Error("failed to determine admin bundle dir", "error", err)
@@ -64,8 +70,8 @@ func main() {
 			Target: "/simulator/config/player",
 		},
 		{
-			Source:   "/home/ric/.aws",
-			Target:   "/home/ubuntu/.aws",
+			Source:   filepath.Join(homeDir, ".aws"),
+			Target:   aws.SharedConfigDir(conf.ContainerUser()),
 			ReadOnly: true,
 		},
 	}
@@ -154,7 +160,7 @@ func main() {
 			cli.WithScenarioListCmd(),
 			cli.WithScenarioDescribeCmd(),
 			cli.WithScenarioInstallCmd(scenarioManager),
-			//cli.WithScenarioUninstallCmd(scenarioManager), TODO: complete ansibilisation of scenarios to support uninstall
+			// cli.WithScenarioUninstallCmd(scenarioManager), TODO: complete ansibilisation of scenarios to support uninstall
 		),
 		cli.WithVersionCmd(cli.VersionInfo{
 			Version:   version,

diff --git a/core/aws/env.go b/core/aws/env.go
@@ -29,3 +29,11 @@ func EnvVars() []string {
 
 	return env
 }
+
+func SharedConfigDir(user string) string {
+	if user == "root" {
+		return "/root/.aws"
+	}
+
+	return fmt.Sprintf("/home/%s/.aws", user)
+}
diff --git a/dev.Dockerfile b/dev.Dockerfile
@@ -1,8 +1,8 @@
-ARG GOLANG_IMAGE=golang:1.21.3-alpine3.18@sha256:27c76dcf886c5024320f4fa8ceb57d907494a3bb3d477d0aa7ac8385acd871ea
-ARG GOLANGCI_LINT_IMAGE=golangci/golangci-lint:latest@sha256:c87d8a1a6521748fee124920c8e9302934ed26c9d3d48982449192b420a34686
-ARG PACKER_IMAGE=hashicorp/packer:1.9@sha256:03808122fbfdd88e03be0d21cce9b3317778319b415c77e88efe1a98db82c76a
-ARG TERRAFORM_IMAGE=hashicorp/terraform:1.5@sha256:c3bc74e7a2a8fab8216cbbedf12a9637db09288806a6aa537b6f397cba04dd93
-ARG UBUNTU_IMAGE=ubuntu:mantic@sha256:13f233a16be210b57907b98b0d927ceff7571df390701e14fe1f3901b2c4a4d7
+ARG GOLANG_IMAGE=golang:1.21.5-alpine3.19@sha256:55f716237933c85cee01748700755b4ac8736fb1ca974c9aed051691b68d6dc2
+ARG GOLANGCI_LINT_IMAGE=golangci/golangci-lint:latest@sha256:fb70c9b2e6d0763141f057abcafde7f88d5e4bb3b5882d6b14bc79382f04481c
+ARG PACKER_IMAGE=hashicorp/packer:1.10@sha256:00dcbbc0e5a3346a9d8b7ea97d86d2e1deb5be4191e027499646242fdb1768b6
+ARG TERRAFORM_IMAGE=hashicorp/terraform:1.6@sha256:d593c353357a3db5a795c2ba0b998580cf12bad9125807bd877092c2e813279b
+ARG UBUNTU_IMAGE=ubuntu:mantic@sha256:8d093e0651575a6437cc4a3d561f892a345d263aeac6156ef378fe6a4ccabd4c
 
 FROM ${GOLANGCI_LINT_IMAGE}
 

diff --git a/docs/aws-iam-permissions.md b/docs/aws-iam-permissions.md
@@ -105,44 +105,3 @@ You can use the Terraform configuration [here](../terraform/workspaces/simulator
   ]
 }
 ```
-
-## Using SSO
-
-Terraform does not support SSO correctly until v1.6., you can however, export the required variables to make it work
-
-Create an SSO profile as usual
-
-```shell
-[profile simulator-sso]
-sso_start_url = ...
-sso_region = ...
-sso_account_id = ...
-sso_role_name = ...
-region = ...
-output = ...
-```
-
-Then, before running a `simulator image` or `simulator infra` command, ensure you have the required environment
-variables set by running the following.
-
-```shell
-export AWS_REGION=...
-aws sso login --profile simulator-sso
-source <(aws configure export-credentials --format env)
-```
-
-Alternatively, you can use an SSO profile to perform an STS Assume Role
-
-```shell
-[profile simulator]
-role_arn = arn:aws:iam::<account-id>:role/simulator
-source_profile = simulator-sso
-```
-
-This time, ensure you login to your SSO profile, and then generate the STS credentials
-
-```shell
-export AWS_REGION=...
-aws sso login --profile simulator-sso
-source <(aws configure export-credentials --profile simulator --format env)
-```
diff --git a/internal/config/config.go b/internal/config/config.go
@@ -87,22 +87,30 @@ func (c *Config) Write() error {
 	return nil
 }
 
-func (c Config) AdminBundleDir() (string, error) {
+func (c *Config) AdminBundleDir() (string, error) {
 	dir, err := simulatorDir()
 	if err != nil {
 		return "", err
 	}
 	return filepath.Join(dir, "admin"), nil
 }
 
-func (c Config) PlayerBundleDir() (string, error) {
+func (c *Config) PlayerBundleDir() (string, error) {
 	dir, err := simulatorDir()
 	if err != nil {
 		return "", err
 	}
 	return filepath.Join(dir, "player"), nil
 }
 
+func (c *Config) ContainerUser() string {
+	if c.Rootless {
+		return "root"
+	}
+
+	return "ubuntu"
+}
+
 func simulatorDir() (string, error) {
 	dir, ok := os.LookupEnv(Dir)
 	if !ok {