Skip to content

Commit

Permalink
feat: features and bug fixes from pull requests (#154)
Browse files Browse the repository at this point in the history 
* feat: create remote branch

* fix: remove resource class for macos

* fix: change executor version

* chore: add correct environment variables to odic description (#152)

* fix: allow override without specifying version (#151)

In the `install` command, if `override_installed` is set to `true` but `version` is not specified, the orb will attempt to download the AWS CLI from a path including "latest". This won't work; you access the latest version by not specifying a version at all in the URL, ie an empty string.

* feat: add region flag to assume-role-with-web-identity (#149)

* feat: add validation for region in command

* refactor: use echo | circleci env subst

* refactor: rename internal orb variables to orb standards

* refactor: add utils file

* refactor: add install scripts

* refactor: separate functions

* chore: code cleanup

* refactor: address pr comments

* refactor: address pr comments

* refactor: address pr comments

---------

Co-authored-by: Samuel Wibrow <15628653+swibrow@users.noreply.github.com>
Co-authored-by: Steven Pitts <25968054+stevenpitts@users.noreply.github.com>
Co-authored-by: John <john.dunn@reifyhealth.com>
  • Loading branch information
@brivu @swibrow
@stevenpitts @dunnjt
4 people authored Aug 29, 2023
1 parent 8f0d172 commit 031bcf7
Show file tree
Hide file tree
Showing 13 changed files with 256 additions and 188 deletions.
3 changes: 1 addition & 2 deletions .circleci/test-deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -234,8 +234,7 @@ executors:
- image: cimg/base:stable
macos:
macos:
xcode: 13.3.0
resource_class: macos.x86.medium.gen2
xcode: 14.2.0
arm:
machine:
image: ubuntu-2004:202101-01
Expand Down
18 changes: 13 additions & 5 deletions src/commands/assume_role_with_web_identity.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
description: |
Generate a shortlived AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY_ID and AWS_SESSION_TOKEN using the $CIRCLE_OIDC_TOKEN_V2.
Generate a shortlived AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN using the $CIRCLE_OIDC_TOKEN_V2.
A properly configured web identity based ARN is also required for configuration.
Use these keys and create a profile with the aws-cli/setup commands.
For more information, see the CircleCI OIDC docs: https://circleci.com/docs/2.0/openid-connect-tokens/
Expand All @@ -26,12 +26,20 @@ parameters:
type: string
default: "default"

region:
description: |
AWS region to operate in
(defaults to env var of ${AWS_DEFAULT_REGION})
type: string
default: ${AWS_DEFAULT_REGION}

steps:
- run:
name: Generate shortlived AWS Keys using CircleCI OIDC token.
environment:
ORB_STR_ROLE_ARN: <<parameters.role_arn>>
ORB_STR_ROLE_SESSION_NAME: <<parameters.role_session_name>>
ORB_INT_SESSION_DURATION: <<parameters.session_duration>>
ORB_STR_PROFILE_NAME: <<parameters.profile_name>>
AWS_CLI_STR_ROLE_ARN: <<parameters.role_arn>>
AWS_CLI_STR_ROLE_SESSION_NAME: <<parameters.role_session_name>>
AWS_CLI_INT_SESSION_DURATION: <<parameters.session_duration>>
AWS_CLI_STR_PROFILE_NAME: <<parameters.profile_name>>
AWS_CLI_STR_REGION: <<parameters.region>>
command: <<include(scripts/assume_role_with_web_identity.sh)>>
14 changes: 9 additions & 5 deletions src/commands/install.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,13 @@ steps:
- run:
name: Install AWS CLI - <<parameters.version>>
environment:
ORB_STR_AWS_CLI_VERSION: <<parameters.version>>
ORB_BOOL_DISABLE_PAGER: <<parameters.disable_aws_pager>>
ORB_BOOL_OVERRIDE: <<parameters.override_installed>>
ORB_EVAL_INSTALL_DIR: <<parameters.install_dir>>
ORB_EVAL_BINARY_DIR: <<parameters.binary_dir>>
AWS_CLI_STR_AWS_CLI_VERSION: <<parameters.version>>
AWS_CLI_BOOL_DISABLE_PAGER: <<parameters.disable_aws_pager>>
AWS_CLI_BOOL_OVERRIDE: <<parameters.override_installed>>
AWS_CLI_EVAL_INSTALL_DIR: <<parameters.install_dir>>
AWS_CLI_EVAL_BINARY_DIR: <<parameters.binary_dir>>
SCRIPT_INSTALL_WINDOWS: << include(scripts/windows/install.sh) >>
SCRIPT_INSTALL_LINUX: << include(scripts/linux/install.sh) >>
SCRIPT_INSTALL_MACOS: << include(scripts/macos/install.sh) >>
SCRIPT_UTILS: << include(scripts/utils.sh) >>
command: <<include(scripts/install.sh)>>
6 changes: 3 additions & 3 deletions src/commands/role_arn_setup.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ steps:
- run:
name: Configure role arn for profile <<parameters.profile_name>>
environment:
ORB_STR_PROFILE_NAME: <<parameters.profile_name>>
ORB_STR_SOURCE_PROFILE: <<parameters.source_profile>>
ORB_STR_ROLE_ARN: <<parameters.role_arn>>
AWS_CLI_STR_PROFILE_NAME: <<parameters.profile_name>>
AWS_CLI_STR_SOURCE_PROFILE: <<parameters.source_profile>>
AWS_CLI_STR_ROLE_ARN: <<parameters.role_arn>>
command: <<include(scripts/role_arn_setup.sh)>>
13 changes: 7 additions & 6 deletions src/commands/setup.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,13 +110,14 @@ steps:
role_session_name: <<parameters.role_session_name>>
session_duration: <<parameters.session_duration>>
profile_name: <<parameters.profile_name>>
region: <<parameters.region>>
- run:
name: Configure AWS Access Key ID
environment:
ORB_STR_ACCESS_KEY_ID: <<parameters.aws_access_key_id>>
ORB_STR_SECRET_ACCESS_KEY: <<parameters.aws_secret_access_key>>
ORB_STR_PROFILE_NAME: <<parameters.profile_name>>
ORB_BOOL_CONFIG_DEFAULT_REGION: <<parameters.configure_default_region>>
ORB_BOOL_CONFIG_PROFILE_REGION: <<parameters.configure_profile_region>>
ORB_STR_REGION: <<parameters.region>>
AWS_CLI_STR_ACCESS_KEY_ID: <<parameters.aws_access_key_id>>
AWS_CLI_STR_SECRET_ACCESS_KEY: <<parameters.aws_secret_access_key>>
AWS_CLI_STR_PROFILE_NAME: <<parameters.profile_name>>
AWS_CLI_BOOL_CONFIG_DEFAULT_REGION: <<parameters.configure_default_region>>
AWS_CLI_BOOL_CONFIG_PROFILE_REGION: <<parameters.configure_profile_region>>
AWS_CLI_STR_REGION: <<parameters.region>>
command: <<include(scripts/configure.sh)>>
22 changes: 14 additions & 8 deletions src/scripts/assume_role_with_web_identity.sh
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,13 @@
#!/bin/sh
ORB_STR_ROLE_SESSION_NAME="$(circleci env subst "${ORB_STR_ROLE_SESSION_NAME}")"
ORB_STR_ROLE_ARN="$(circleci env subst "${ORB_STR_ROLE_ARN}")"
ORB_STR_PROFILE_NAME="$(circleci env subst "$ORB_STR_PROFILE_NAME")"
AWS_CLI_STR_ROLE_SESSION_NAME="$(echo "${AWS_CLI_STR_ROLE_SESSION_NAME}" | circleci env subst)"
AWS_CLI_STR_ROLE_ARN="$(echo "${AWS_CLI_STR_ROLE_ARN}" | circleci env subst)"
AWS_CLI_STR_PROFILE_NAME="$(echo "${AWS_CLI_STR_PROFILE_NAME}" | circleci env subst)"
AWS_CLI_STR_REGION="$(echo "${AWS_CLI_STR_REGION}" | circleci env subst)"

# Replaces white spaces in role session name with dashes
ORB_STR_ROLE_SESSION_NAME=$(echo "${ORB_STR_ROLE_SESSION_NAME}" | tr ' ' '-')
AWS_CLI_STR_ROLE_SESSION_NAME=$(echo "${AWS_CLI_STR_ROLE_SESSION_NAME}" | tr ' ' '-')

if [ -z "${ORB_STR_ROLE_SESSION_NAME}" ]; then
if [ -z "${AWS_CLI_STR_ROLE_SESSION_NAME}" ]; then
echo "Role session name is required"
exit 1
fi
Expand All @@ -21,12 +22,17 @@ if [ ! "$(command -v aws)" ]; then
exit 1
fi

if [ -n "${AWS_CLI_STR_REGION}" ]; then
set -- "$@" --region "${AWS_CLI_STR_REGION}"
fi

read -r AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN <<EOF
$(aws sts assume-role-with-web-identity \
--role-arn "${ORB_STR_ROLE_ARN}" \
--role-session-name "${ORB_STR_ROLE_SESSION_NAME}" \
--role-arn "${AWS_CLI_STR_ROLE_ARN}" \
--role-session-name "${AWS_CLI_STR_ROLE_SESSION_NAME}" \
--web-identity-token "${CIRCLE_OIDC_TOKEN_V2}" \
--duration-seconds "${ORB_INT_SESSION_DURATION}" \
--duration-seconds "${AWS_CLI_INT_SESSION_DURATION}" \
"$@" \
--query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' \
--output text)
EOF
Expand Down
35 changes: 18 additions & 17 deletions src/scripts/configure.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,37 +5,38 @@ if grep "Alpine" /etc/issue > /dev/null 2>&1; then
. "$BASH_ENV"
fi

ORB_STR_ACCESS_KEY_ID=$(circleci env subst "$ORB_STR_ACCESS_KEY_ID")
ORB_STR_SECRET_ACCESS_KEY=$(circleci env subst "$ORB_STR_SECRET_ACCESS_KEY")
AWS_SESSION_TOKEN="$(circleci env subst "$AWS_SESSION_TOKEN")"
ORB_STR_REGION="$(circleci env subst "$ORB_STR_REGION")"
ORB_STR_PROFILE_NAME="$(circleci env subst "$ORB_STR_PROFILE_NAME")"
AWS_CLI_STR_ACCESS_KEY_ID="$(echo "$AWS_CLI_STR_ACCESS_KEY_ID" | circleci env subst)"
AWS_CLI_STR_SECRET_ACCESS_KEY="$(echo "$AWS_CLI_STR_SECRET_ACCESS_KEY" | circleci env subst)"
AWS_SESSION_TOKEN="$(echo "$AWS_SESSION_TOKEN" | circleci env subst)"
AWS_CLI_STR_REGION="$(echo "$AWS_CLI_STR_REGION" | circleci env subst)"
AWS_CLI_STR_PROFILE_NAME="$(echo "$AWS_CLI_STR_PROFILE_NAME" | circleci env subst)"

if [ -z "$ORB_STR_ACCESS_KEY_ID" ] || [ -z "${ORB_STR_SECRET_ACCESS_KEY}" ]; then
if [ -z "$AWS_CLI_STR_ACCESS_KEY_ID" ] || [ -z "${AWS_CLI_STR_SECRET_ACCESS_KEY}" ]; then
echo "Cannot configure profile. AWS access key id and AWS secret access key must be provided."
exit 1
fi

set -x
aws configure set aws_access_key_id \
"$ORB_STR_ACCESS_KEY_ID" \
--profile "$ORB_STR_PROFILE_NAME"
"$AWS_CLI_STR_ACCESS_KEY_ID" \
--profile "$AWS_CLI_STR_PROFILE_NAME"

aws configure set aws_secret_access_key \
"$ORB_STR_SECRET_ACCESS_KEY" \
--profile "$ORB_STR_PROFILE_NAME"
"$AWS_CLI_STR_SECRET_ACCESS_KEY" \
--profile "$AWS_CLI_STR_PROFILE_NAME"

if [ -n "${AWS_SESSION_TOKEN}" ]; then
aws configure set aws_session_token \
"${AWS_SESSION_TOKEN}" \
--profile "$ORB_STR_PROFILE_NAME"
--profile "$AWS_CLI_STR_PROFILE_NAME"
fi


if [ "$ORB_BOOL_CONFIG_DEFAULT_REGION" -eq "1" ]; then
aws configure set default.region "$ORB_STR_REGION"
if [ "$AWS_CLI_BOOL_CONFIG_DEFAULT_REGION" -eq "1" ]; then
aws configure set default.region "$AWS_CLI_STR_REGION"
fi

if [ "$ORB_BOOL_CONFIG_PROFILE_REGION" -eq "1" ]; then
aws configure set region "$ORB_STR_REGION" \
--profile "$ORB_STR_PROFILE_NAME"
if [ "$AWS_CLI_BOOL_CONFIG_PROFILE_REGION" -eq "1" ]; then
aws configure set region "$AWS_CLI_STR_REGION" \
--profile "$AWS_CLI_STR_PROFILE_NAME"
fi
set +x
162 changes: 27 additions & 135 deletions src/scripts/install.sh
View file
Original file line number Diff line number Diff line change
@@ -1,101 +1,28 @@
# shellcheck disable=SC2148
ORB_STR_AWS_CLI_VERSION="$(circleci env subst "${ORB_STR_AWS_CLI_VERSION}")"
ORB_EVAL_INSTALL_DIR="$(eval echo "${ORB_EVAL_INSTALL_DIR}")"
ORB_EVAL_BINARY_DIR="$(eval echo "${ORB_EVAL_BINARY_DIR}")"

if grep "Alpine" /etc/issue >/dev/null 2>&1; then
if [ "$ID" = 0 ]; then export SUDO=""; else export SUDO="sudo"; fi
#!/bin/sh
AWS_CLI_STR_AWS_CLI_VERSION="$(echo "${AWS_CLI_STR_AWS_CLI_VERSION}" | circleci env subst)"
AWS_CLI_EVAL_INSTALL_DIR="$(eval echo "${AWS_CLI_EVAL_INSTALL_DIR}" | circleci env subst)"
AWS_CLI_EVAL_BINARY_DIR="$(eval echo "${AWS_CLI_EVAL_BINARY_DIR}" | circleci env subst)"

eval "$SCRIPT_UTILS"
detect_os
set_sudo

# Install per platform
if [ "$SYS_ENV_PLATFORM" = "linux" ] || [ "$SYS_ENV_PLATFORM" = "linux_alpine" ]; then
eval "$SCRIPT_INSTALL_LINUX"
elif [ "$SYS_ENV_PLATFORM" = "windows" ]; then
eval "$SCRIPT_INSTALL_WINDOWS"
elif [ "$SYS_ENV_PLATFORM" = "macos" ]; then
eval "$SCRIPT_INSTALL_MACOS"
else
if [[ $EUID == 0 ]]; then export SUDO=""; else export SUDO="sudo"; fi
echo "This orb does not currently support your platform. If you believe it should, please consider opening an issue on the GitHub repository:"
echo "https://github.com/CircleCI-Public/aws-cli-orb/issues/new"
exit 1
fi

Install_AWS_CLI() {
echo "Installing AWS CLI v2"
cd /tmp || exit
# Platform check
if uname -a | grep "Darwin"; then
export SYS_ENV_PLATFORM=macos
elif uname -a | grep "x86_64 GNU/Linux"; then
export SYS_ENV_PLATFORM=linux_x86
elif uname -a | grep "aarch64 GNU/Linux"; then
export SYS_ENV_PLATFORM=linux_arm
elif uname -a | grep "x86_64 Msys"; then
export SYS_ENV_PLATFORM=windows
elif grep "Alpine" /etc/issue >/dev/null 2>&1; then
export SYS_ENV_PLATFORM=linux_alpine
else
echo "This platform appears to be unsupported."
uname -a
exit 1
fi

# Install per platform
case $SYS_ENV_PLATFORM in
linux_x86)
curl -sSL "https://awscli.amazonaws.com/awscli-exe-linux-x86_64$1.zip" -o "awscliv2.zip"
unzip -q -o awscliv2.zip
$SUDO ./aws/install -i "${ORB_EVAL_INSTALL_DIR}" -b "${ORB_EVAL_BINARY_DIR}"
rm -r awscliv2.zip ./aws
;;
windows)
if [ ! "$(command -v choco)" ]; then
echo "Chocolatey is required to uninstall AWS"
exit 1
fi
choco install awscli --version="$1"
echo "$1"
if echo "$1" | grep "2."; then
echo "export PATH=\"\${PATH}:/c/Program Files/Amazon/AWSCLIV2\"" >> "$BASH_ENV"

else
echo "export PATH=\"\${PATH}:/c/Program Files/Amazon/AWSCLI/bin\"" >>"$BASH_ENV"
fi
;;
macos)
curl -sSL "https://awscli.amazonaws.com/AWSCLIV2$1.pkg" -o "AWSCLIV2.pkg"
$SUDO installer -pkg AWSCLIV2.pkg -target /
rm AWSCLIV2.pkg
;;
linux_arm)
curl -sSL "https://awscli.amazonaws.com/awscli-exe-linux-aarch64$1.zip" -o "awscliv2.zip"
unzip -q -o awscliv2.zip
$SUDO ./aws/install -i "${ORB_EVAL_INSTALL_DIR}" -b "${ORB_EVAL_BINARY_DIR}"
rm -r awscliv2.zip ./aws
;;
linux_alpine)
# Add dependencies to install AWS CLI on Alpine Linux
apk update
apk --no-cache add \
binutils \
curl
apk --no-cache add libcurl
apk --no-cache upgrade libcurl
curl -L https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub -o /etc/apk/keys/sgerrand.rsa.pub
curl -LO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.34-r0/glibc-2.34-r0.apk
curl -LO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.34-r0/glibc-bin-2.34-r0.apk
curl -LO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.34-r0/glibc-i18n-2.34-r0.apk

apk add --force-overwrite --no-cache \
glibc-2.34-r0.apk \
glibc-bin-2.34-r0.apk \
glibc-i18n-2.34-r0.apk

/usr/glibc-compat/bin/localedef -i en_US -f UTF-8 en_US.UTF-8
curl -sSL "https://awscli.amazonaws.com/awscli-exe-linux-x86_64$1.zip" -o "awscliv2.zip"

echo "https://awscli.amazonaws.com/awscli-exe-linux-x86_64$1.zip"
unzip awscliv2.zip
aws/install
rm -r awscliv2.zip ./aws
;;
*)
echo "This orb does not currently support your platform. If you believe it should, please consider opening an issue on the GitHub repository:"
echo "https://github.com/CircleCI-Public/aws-cli-orb/issues/new"
exit 1
;;
esac
Toggle_Pager(){
# Toggle AWS Pager
if [ "$ORB_BOOL_DISABLE_PAGER" -eq 1 ]; then
if [ "$AWS_CLI_BOOL_DISABLE_PAGER" -eq 1 ]; then
if [ -z "${AWS_PAGER+x}" ]; then
echo 'export AWS_PAGER=""' >>"$BASH_ENV"
echo "AWS_PAGER is being set to the empty string to disable all output paging for AWS CLI commands."
Expand All @@ -104,48 +31,13 @@ Install_AWS_CLI() {
fi
}

Uninstall_AWS_CLI() {
if uname -a | grep "x86_64 Msys"; then
if [ ! "$(command -v choco)" ]; then
echo "Chocolatey is required to uninstall AWS"
exit 1
fi
choco uninstall awscli
else
AWS_CLI_PATH=$(command -v aws)
echo "$AWS_CLI_PATH"
if [ -n "$AWS_CLI_PATH" ]; then
EXISTING_AWS_VERSION=$(aws --version)
echo "Uninstalling ${EXISTING_AWS_VERSION}"
# shellcheck disable=SC2012
if [ -L "$AWS_CLI_PATH" ]; then
AWS_SYMLINK_PATH=$(ls -l "$AWS_CLI_PATH" | sed -e 's/.* -> //')
fi
if uname -a | grep "x86_64 Msys"; then export SUDO=""; fi
$SUDO rm -rf "$AWS_CLI_PATH" "$AWS_SYMLINK_PATH" "$HOME/.aws/" "/usr/local/bin/aws" "/usr/local/bin/aws_completer" "/usr/local/aws-cli"
else
echo "No AWS install found"
fi
fi
}

if [ ! "$(command -v aws)" ]; then
if [ "$ORB_STR_AWS_CLI_VERSION" = "latest" ]; then
Install_AWS_CLI ""
else
if uname -a | grep "x86_64 Msys"; then
Install_AWS_CLI "${ORB_STR_AWS_CLI_VERSION}"
else
Install_AWS_CLI "-${ORB_STR_AWS_CLI_VERSION}"
fi
fi
elif [ "$ORB_BOOL_OVERRIDE" -eq 1 ]; then
if ! command -v aws >/dev/null 2>&1; then
Install_AWS_CLI "${AWS_CLI_STR_AWS_CLI_VERSION}"
Toggle_Pager
elif [ "$AWS_CLI_BOOL_OVERRIDE" -eq 1 ]; then
Uninstall_AWS_CLI
if uname -a | grep "x86_64 Msys"; then
Install_AWS_CLI "${ORB_STR_AWS_CLI_VERSION}"
else
Install_AWS_CLI "-${ORB_STR_AWS_CLI_VERSION}"
fi
Install_AWS_CLI "${AWS_CLI_STR_AWS_CLI_VERSION}"
Toggle_Pager
else
echo "AWS CLI is already installed, skipping installation."
aws --version
Expand Down
Loading

0 comments on commit 031bcf7

Please sign in to comment.