Use handlebars to update IAM role placeholders instead of regex

defenseunicorns · Oct 30, 2023 · d3b9615 · d3b9615
1 parent b6f1f8e
commit d3b9615
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 11 deletions.
diff --git a/iam/package-lock.json b/iam/package-lock.json
diff --git a/iam/package.json b/iam/package.json
@@ -6,6 +6,7 @@
     },
     "dependencies": {
         "@pulumi/aws": "^6.6.1",
-        "@pulumi/pulumi": "^3.91.0"
+        "@pulumi/pulumi": "^3.91.0",
+        "handlebars": "^4.7.8"
     }
 }
diff --git a/iam/utils.ts b/iam/utils.ts
@@ -1,6 +1,7 @@
 import { iam, getCallerIdentity } from "@pulumi/aws";
 import { getCluster } from "@pulumi/aws/eks";
 import { readFileSync } from "fs";
+import { compile } from "handlebars";
 
 export function createPolicy(file: string, policyName: string) {
   const policy = readFileSync(file, "utf8");
@@ -16,16 +17,14 @@ export function createRole(
   clusterId: string,
 ) {
   const placeholderRole = readFileSync(file, "utf8");
+  const template = compile(placeholderRole)
+
+  const updatedPlaceholders = {
+    AWS_ACCOUNT_ID: accountId,
+    EKS_CLUSTER_ID: clusterId,
+  }
 
-  const partiallyUpdatedRole = placeholderRole.replace(
-    new RegExp("{{AWS_ACCOUNT_ID}}", "g"),
-    accountId,
-  );
-
-  const updatedRole = partiallyUpdatedRole.replace(
-    new RegExp("{{EKS_CLUSTER_ID}}", "g"),
-    clusterId,
-  );
+  const updatedRole = template(updatedPlaceholders)
 
   return new iam.Role(roleName, {
     assumeRolePolicy: updatedRole,