From 112f930335308cec911a4c119384fab6fdaeba00 Mon Sep 17 00:00:00 2001 From: Saurabh Shrihar Date: Fri, 26 Apr 2024 14:11:53 +0400 Subject: [PATCH] Trying base 64 --- .../workflows/ecs_deploy_docker_taskdef.yaml | 24 +++++++++++++++++-- Support/taskdef_template/taskdef_creator.py | 14 ++++++++++- 2 files changed, 35 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ecs_deploy_docker_taskdef.yaml b/.github/workflows/ecs_deploy_docker_taskdef.yaml index cf0f4d0..37ba429 100644 --- a/.github/workflows/ecs_deploy_docker_taskdef.yaml +++ b/.github/workflows/ecs_deploy_docker_taskdef.yaml @@ -73,6 +73,15 @@ jobs: echo "taskdef_file_template=${{inputs.taskdef_file_template}}" >> $GITHUB_ENV fi + - name: Determine Account Number Source + id: determine_account_number + run: | + if [[ "${{ inputs.account_number }}" =~ ^secrets\..*$ ]]; then + echo "account_number_resolved=${{ secrets[format('{0}', inputs.account_number)] }}" >> $GITHUB_ENV + else + echo "account_number_resolved=${{ inputs.account_number }}" >> $GITHUB_ENV + fi + - name: Create taskdef file dynamically using parameters passed run: | script_dir="$(dirname ${{ env.taskdef_file_script }})" @@ -86,14 +95,25 @@ jobs: pipenv install && \ pipenv run python ${{ env.taskdef_file_script }} \ -pf code/${{ inputs.taskdef_file_vars }} -tt ${{ env.taskdef_file_template }} \ - -acc $(echo "${{ inputs.account_number }}" | base64 --decode) \ + -acc ${{ env.account_number_resolved }} \ -app ${{ inputs.app_name }} + - name: Get Account Number + id: get-account-number + run: | + script_dir="$(dirname ${{ env.taskdef_file_script }})" + if [[ -z "$script_dir" ]]; then + echo "Warning: Script name doesn't contain a directory path. Using current directory." + script_dir="." + fi + echo "account_number_read=$script_dir/$(base64 --decode account_number.txt | cut -d'=' -f2)" >> $GITHUB_ENV + shell: bash + - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v1 with: aws-region: ${{ inputs.aws_region }} - role-to-assume: arn:aws:iam::$(echo "${{ inputs.account_number }}" | base64 --decode):role/${{ inputs.app_name }}-GithubActionsRole + role-to-assume: arn:aws:iam::$(echo "${{ env.account_number_read }}" | base64 --decode):role/${{ inputs.app_name }}-GithubActionsRole role-session-name: GithubActionsSession - name: Login to Amazon ECR diff --git a/Support/taskdef_template/taskdef_creator.py b/Support/taskdef_template/taskdef_creator.py index d844f47..54ceff2 100644 --- a/Support/taskdef_template/taskdef_creator.py +++ b/Support/taskdef_template/taskdef_creator.py @@ -2,6 +2,7 @@ """ import argparse +import base64 import json import os import re @@ -118,6 +119,16 @@ def _print_secrets_to_create(self, json_data_str: str): print(f"Update SSM for secret: {secret}") + def _log_account_number_to_file(account_number: str): + """ + Logs account number in base64 encoded format to a file: account_number.txt + """ + current_directory = os.getcwd() + file_path = os.path.join(current_directory, "account_number.txt") + encoded_string = base64.b64encode(account_number.encode('utf-8')) + with open(file_path, 'w') as file_object: + file_object.write(encoded_string) + def create_taskdef_file(self, account_number: str): """Create a taskdef file based on the app name""" directory = os.path.dirname(self.args.taskdef_template) @@ -164,7 +175,8 @@ def substitute_values(self): self._substitute_secret_vars(user_data.get("secret_vars", [])) [user_data.pop(key) for key in ["env_vars", "secret_vars"] if key in user_data] for sub in expected_sub: - self._subtitute_data(user_data, sub) + self._subtitute_data(user_data, sub) + self._log_account_number_to_file(user_data["account_number"]) return user_data["account_number"]