0.8.3: tag with SSO signing email/user-id

Signed-off-by: Gyuho Lee <[email protected]>
ava-labs · Jun 2, 2023 · a1e213e · a1e213e
1 parent 33c509d
commit a1e213e
Show file tree

Hide file tree

Showing 14 changed files with 96 additions and 58 deletions.
diff --git a/avalanche-kms/Cargo.toml b/avalanche-kms/Cargo.toml
@@ -1,12 +1,12 @@
 [package]
 name = "avalanche-kms"
-version = "0.8.2" # https://github.com/ava-labs/avalanche-ops/releases
+version = "0.8.3" # https://github.com/ava-labs/avalanche-ops/releases
 edition = "2021"
 rust-version = "1.69"
 
 [dependencies]
 avalanche-types = { version = "0.0.393", features = ["jsonrpc_client", "wallet", "wallet_evm", "kms_aws"] } # https://crates.io/crates/avalanche-types
-aws-manager = { version = "0.28.11", features = ["kms", "sts"] } # https://github.com/gyuho/aws-manager/tags
+aws-manager = { version = "0.28.13", features = ["kms", "sts"] } # https://github.com/gyuho/aws-manager/tags
 clap = { version = "4.3.0", features = ["cargo", "derive"] } # https://github.com/clap-rs/clap/releases
 crossterm = "0.26.1"
 dialoguer = "0.10.4"

diff --git a/avalanche-ops/Cargo.toml b/avalanche-ops/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "avalanche-ops"
-version = "0.8.2" # https://crates.io/crates/avalanche-ops
+version = "0.8.3" # https://crates.io/crates/avalanche-ops
 edition = "2021"
 rust-version = "1.69"
 publish = true
@@ -11,7 +11,7 @@ license = "Apache-2.0"
 
 [dependencies]
 avalanche-types = { version = "0.0.393", features = ["avalanchego"] } # https://crates.io/crates/avalanche-types
-aws-manager = { version = "0.28.11", features = ["ec2", "sts"] } # https://github.com/gyuho/aws-manager/tags
+aws-manager = { version = "0.28.13", features = ["ec2", "sts"] } # https://github.com/gyuho/aws-manager/tags
 compress-manager = "0.0.10"
 dir-manager = "0.0.1"
 env_logger = "0.10.0"

diff --git a/avalanche-ops/src/aws/cfn-templates/asg_ubuntu.yaml b/avalanche-ops/src/aws/cfn-templates/asg_ubuntu.yaml
@@ -11,6 +11,10 @@ Parameters:
     Type: String
     Description: Unique identifier, prefix for all resources created below.
 
+  UserId:
+    Type: String
+    Description: For tagging resources.
+
   NetworkId:
     Type: Number
     Description: Avalanche network ID, used for resource tagging.
@@ -453,6 +457,7 @@ Resources:
       # load balancer name '...' cannot be longer than '32' characters
       Tags:
         - { Key: Name, Value: !Sub "${Id}-nlb" }
+        - { Key: UserId, Value: !Sub "${UserId}" }
 
   # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html
   NLBTargetGroup:
@@ -549,6 +554,7 @@ Resources:
           - ResourceType: instance
             Tags:
               - { Key: Name, Value: !Sub "${Id}-${ArchType}" }
+              - { Key: UserId, Value: !Sub "${UserId}" }
 
         # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-userdata
         # https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/QuickStartEC2Instance.html
@@ -794,6 +800,9 @@ Resources:
         - Key: ID
           Value: !Ref Id
           PropagateAtLaunch: true
+        - Key: USER_ID
+          Value: !Ref UserId
+          PropagateAtLaunch: true
         - Key: NETWORK_ID
           Value: !Ref NetworkId
           PropagateAtLaunch: true

diff --git a/avalanche-ops/src/aws/cfn-templates/vpc.yaml b/avalanche-ops/src/aws/cfn-templates/vpc.yaml
@@ -10,6 +10,10 @@ Parameters:
     Type: String
     Description: Unique identifier, prefix for all resources created below.
 
+  UserId:
+    Type: String
+    Description: For tagging resources.
+
   VpcCidr:
     Type: String
     Default: 10.0.0.0/16
@@ -97,6 +101,8 @@ Resources:
       Tags:
         - Key: Name
           Value: !Join ["-", [!Ref Id, "igw"]]
+        - Key: UserId
+          Value: !Ref UserId
 
   VPC:
     Type: AWS::EC2::VPC
@@ -107,6 +113,8 @@ Resources:
       Tags:
         - Key: Name
           Value: !Join ["-", [!Ref Id, "vpc"]]
+        - Key: UserId
+          Value: !Ref UserId
 
   VPCGatewayAttachment:
     Type: AWS::EC2::VPCGatewayAttachment
@@ -137,6 +145,8 @@ Resources:
           Value: !Join ["-", [!Ref Id, "public-subnet-1"]]
         - Key: Network
           Value: Public
+        - Key: UserId
+          Value: !Ref UserId
 
   PublicSubnet2:
     Type: AWS::EC2::Subnet
@@ -155,6 +165,8 @@ Resources:
           Value: !Join ["-", [!Ref Id, "public-subnet-2"]]
         - Key: Network
           Value: Public
+        - Key: UserId
+          Value: !Ref UserId
 
   PublicSubnet3:
     Condition: HasMoreThan2Azs
@@ -174,6 +186,8 @@ Resources:
           Value: !Join ["-", [!Ref Id, "public-subnet-3"]]
         - Key: Network
           Value: Public
+        - Key: UserId
+          Value: !Ref UserId
 
   PublicRouteTable:
     Type: AWS::EC2::RouteTable
@@ -186,6 +200,8 @@ Resources:
           Value: !Join ["-", [!Ref Id, "public-round-table"]]
         - Key: Network
           Value: Public
+        - Key: UserId
+          Value: !Ref UserId
 
   PublicRoute:
     Type: AWS::EC2::Route

diff --git a/avalanche-ops/src/aws/spec.rs b/avalanche-ops/src/aws/spec.rs
@@ -121,8 +121,8 @@ pub struct KmsKey {
 pub struct Resource {
     /// AWS STS caller loaded from its local environment.
     /// READ ONLY.
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub identity: Option<sts::Identity>,
+    #[serde(default)]
+    pub identity: sts::Identity,
 
     /// AWS region to create resources.
     /// MUST BE NON-EMPTY.
@@ -161,7 +161,7 @@ impl Default for Resource {
 impl Resource {
     pub fn default() -> Self {
         Self {
-            identity: None,
+            identity: sts::Identity::default(),
 
             regions: vec![String::from("us-west-2")],
             s3_bucket: String::new(),

diff --git a/avalanched-aws/Cargo.toml b/avalanched-aws/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "avalanched-aws"
-version = "0.8.2" # https://github.com/ava-labs/avalanche-ops/releases
+version = "0.8.3" # https://github.com/ava-labs/avalanche-ops/releases
 edition = "2021"
 rust-version = "1.69"
 
@@ -14,7 +14,7 @@ avalanche-ops = { path = "../avalanche-ops" }
 avalanche-telemetry-cloudwatch-installer = "0.0.107" # https://crates.io/crates/avalanche-telemetry-cloudwatch-installer
 avalanche-types = { version = "0.0.393", features = ["avalanchego", "jsonrpc_client", "subnet_evm"] } # https://crates.io/crates/avalanche-types
 aws-ip-provisioner-installer = "0.0.94" # https://crates.io/crates/aws-ip-provisioner-installer
-aws-manager = { version = "0.28.11", features = ["autoscaling", "cloudwatch", "ec2", "s3"] } # https://github.com/gyuho/aws-manager/tags
+aws-manager = { version = "0.28.13", features = ["autoscaling", "cloudwatch", "ec2", "s3"] } # https://github.com/gyuho/aws-manager/tags
 aws-sdk-cloudwatch = "0.28.0" # https://github.com/awslabs/aws-sdk-rust/releases
 aws-sdk-ec2 = "0.28.0" # https://github.com/awslabs/aws-sdk-rust/releases
 aws-sdk-s3 = "0.28.0" # https://github.com/awslabs/aws-sdk-rust/releases

diff --git a/avalancheup-aws/Cargo.toml b/avalancheup-aws/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "avalancheup-aws"
-version = "0.8.2" # https://github.com/ava-labs/avalanche-ops/releases
+version = "0.8.3" # https://github.com/ava-labs/avalanche-ops/releases
 edition = "2021"
 rust-version = "1.69"
 
@@ -11,8 +11,8 @@ path = "src/main.rs"
 [dependencies]
 avalanche-ops = { path = "../avalanche-ops" }
 avalanche-types = { version = "0.0.393", features = ["avalanchego", "jsonrpc_client", "wallet", "subnet", "subnet_evm", "kms_aws"] } # https://crates.io/crates/avalanche-types
-aws-dev-machine = "0.0.16"
-aws-manager = { version = "0.28.11", features = ["cloudformation", "cloudwatch", "ec2", "s3", "ssm", "sts"] } # https://github.com/gyuho/aws-manager/tags
+aws-dev-machine = "0.0.17"
+aws-manager = { version = "0.28.13", features = ["cloudformation", "cloudwatch", "ec2", "s3", "ssm", "sts"] } # https://github.com/gyuho/aws-manager/tags
 aws-sdk-cloudformation = "0.28.0" # https://github.com/awslabs/aws-sdk-rust/releases
 aws-sdk-ec2 = "0.28.0" # https://github.com/awslabs/aws-sdk-rust/releases
 aws-sdk-s3 = "0.28.0" # https://github.com/awslabs/aws-sdk-rust/releases

diff --git a/avalancheup-aws/src/apply/mod.rs b/avalancheup-aws/src/apply/mod.rs
@@ -87,19 +87,17 @@ pub async fn execute(log_level: &str, spec_file_path: &str, skip_prompt: bool) -
     let current_identity = sts_manager.get_identity().await.unwrap();
 
     // validate identity
-    if let Some(identity) = &spec.resource.identity {
+    if !spec.resource.identity.user_id.is_empty() {
         // AWS calls must be made from the same caller
-        if !identity.eq(&current_identity) {
-            return Err(Error::new(
-                ErrorKind::Other,
-                format!(
-                    "config identity {:?} != currently loaded identity {:?}",
-                    identity, current_identity
-                ),
-            ));
+        if spec.resource.identity.user_id != current_identity.user_id {
+            log::warn!(
+                "config identity {:?} != currently loaded identity {:?}",
+                spec.resource.identity,
+                current_identity
+            );
         }
     } else {
-        spec.resource.identity = Some(current_identity);
+        spec.resource.identity = current_identity;
     }
 
     // set defaults based on ID
@@ -639,6 +637,7 @@ pub async fn execute(log_level: &str, spec_file_path: &str, skip_prompt: bool) -
             let vpc_stack_name = regional_resource.cloudformation_vpc.clone().unwrap();
             let vpc_params = Vec::from([
                 build_param("Id", &spec.id),
+                build_param("UserId", &spec.resource.identity.user_id),
                 build_param("VpcCidr", "10.0.0.0/16"),
                 build_param("PublicSubnetCidr1", "10.0.64.0/19"),
                 build_param("PublicSubnetCidr2", "10.0.128.0/19"),
@@ -767,6 +766,7 @@ pub async fn execute(log_level: &str, spec_file_path: &str, skip_prompt: bool) -
 
         let mut common_asg_params = vec![
             build_param("Id", &spec.id),
+            build_param("UserId", &spec.resource.identity.user_id),
             build_param(
                 "NetworkId",
                 format!("{}", &spec.avalanchego_config.network_id).as_str(),
@@ -834,6 +834,8 @@ pub async fn execute(log_level: &str, spec_file_path: &str, skip_prompt: bool) -
         // just copy the regional machine params, and later overwrite if 'create-dev-machine' is true
         let mut common_dev_machine_params = BTreeMap::new();
         common_dev_machine_params.insert("Id".to_string(), format!("{}-dev-machine", spec.id));
+        common_dev_machine_params
+            .insert("UserId".to_string(), spec.resource.identity.user_id.clone());
         common_dev_machine_params.insert("AsgName".to_string(), format!("{}-dev-machine", spec.id));
         common_dev_machine_params.insert(
             "KmsKeyArn".to_string(),
@@ -1039,10 +1041,13 @@ pub async fn execute(log_level: &str, spec_file_path: &str, skip_prompt: bool) -
                         None,
                         OnFailure::Delete,
                         &cloudformation_asg_anchor_nodes_tmpl,
-                        Some(Vec::from([Tag::builder()
-                            .key("KIND")
-                            .value("avalanche-ops")
-                            .build()])),
+                        Some(Vec::from([
+                            Tag::builder().key("KIND").value("avalanche-ops").build(),
+                            Tag::builder()
+                                .key("UserId")
+                                .value(spec.resource.identity.user_id.clone())
+                                .build(),
+                        ])),
                         Some(anchor_asg_params),
                     )
                     .await
@@ -1515,10 +1520,13 @@ pub async fn execute(log_level: &str, spec_file_path: &str, skip_prompt: bool) -
                     None,
                     OnFailure::Delete,
                     &cloudformation_asg_non_anchor_nodes_tmpl,
-                    Some(Vec::from([Tag::builder()
-                        .key("KIND")
-                        .value("avalanche-ops")
-                        .build()])),
+                    Some(Vec::from([
+                        Tag::builder().key("KIND").value("avalanche-ops").build(),
+                        Tag::builder()
+                            .key("UserId")
+                            .value(spec.resource.identity.user_id.clone())
+                            .build(),
+                    ])),
                     Some(non_anchor_asg_params),
                 )
                 .await
@@ -2194,10 +2202,13 @@ cat /tmp/{node_id}.crt
                 Some(vec![Capability::CapabilityNamedIam]),
                 OnFailure::Delete,
                 &ssm_doc_tmpl,
-                Some(Vec::from([Tag::builder()
-                    .key("KIND")
-                    .value("avalanche-ops")
-                    .build()])),
+                Some(Vec::from([
+                    Tag::builder().key("KIND").value("avalanche-ops").build(),
+                    Tag::builder()
+                        .key("UserId")
+                        .value(spec.resource.identity.user_id.clone())
+                        .build(),
+                ])),
                 Some(cfn_params),
             )
             .await
@@ -2665,10 +2676,13 @@ default-spec --log-level=info --funded-keys={funded_keys} --region={region} --up
                 None,
                 OnFailure::Delete,
                 &asg_tmpl,
-                Some(Vec::from([Tag::builder()
-                    .key("KIND")
-                    .value("avalanche-ops")
-                    .build()])),
+                Some(Vec::from([
+                    Tag::builder().key("KIND").value("avalanche-ops").build(),
+                    Tag::builder()
+                        .key("UserId")
+                        .value(spec.resource.identity.user_id.clone())
+                        .build(),
+                ])),
                 Some(cfn_params),
             )
             .await

diff --git a/avalancheup-aws/src/delete/mod.rs b/avalancheup-aws/src/delete/mod.rs
@@ -1,7 +1,7 @@
 use std::{
     collections::HashMap,
     fs,
-    io::{self, stdout, Error, ErrorKind},
+    io::{self, stdout},
     path::Path,
 };
 
@@ -119,19 +119,18 @@ pub async fn execute(
     let sts_manager = sts::Manager::new(&shared_config);
     let current_identity = sts_manager.get_identity().await.unwrap();
 
-    if let Some(identity) = &spec.resource.identity {
+    // validate identity
+    if !spec.resource.identity.user_id.is_empty() {
         // AWS calls must be made from the same caller
-        if !identity.eq(&current_identity) {
-            return Err(Error::new(
-                ErrorKind::Other,
-                format!(
-                    "config identity {:?} != currently loaded identity {:?}",
-                    identity, current_identity
-                ),
-            ));
+        if spec.resource.identity.user_id != current_identity.user_id {
+            log::warn!(
+                "config identity {:?} != currently loaded identity {:?}",
+                spec.resource.identity,
+                current_identity
+            );
         }
     } else {
-        return Err(Error::new(ErrorKind::Other, "unknown identity"));
+        spec.resource.identity = current_identity;
     }
 
     execute!(

diff --git a/blizzard-aws/Cargo.toml b/blizzard-aws/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "blizzard-aws"
-version = "0.8.2" # https://github.com/ava-labs/avalanche-ops/releases
+version = "0.8.3" # https://github.com/ava-labs/avalanche-ops/releases
 edition = "2021"
 rust-version = "1.69"
 
@@ -10,7 +10,7 @@ path = "src/main.rs"
 
 [dependencies]
 avalanche-types = { version = "0.0.393", features = ["jsonrpc_client", "wallet", "wallet_evm"] } # https://crates.io/crates/avalanche-types
-aws-manager = { version = "0.28.11", features = ["cloudwatch", "ec2", "s3"] } # https://github.com/gyuho/aws-manager/tags
+aws-manager = { version = "0.28.13", features = ["cloudwatch", "ec2", "s3"] } # https://github.com/gyuho/aws-manager/tags
 aws-sdk-cloudwatch = "0.28.0" # https://github.com/awslabs/aws-sdk-rust/releases
 aws-sdk-ec2 = "0.28.0" # https://github.com/awslabs/aws-sdk-rust/releases
 aws-sdk-s3 = "0.28.0" # https://github.com/awslabs/aws-sdk-rust/releases

diff --git a/blizzardup-aws/Cargo.toml b/blizzardup-aws/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "blizzardup-aws"
-version = "0.8.2" # https://github.com/ava-labs/avalanche-ops/releases
+version = "0.8.3" # https://github.com/ava-labs/avalanche-ops/releases
 edition = "2021"
 rust-version = "1.69"
 
@@ -10,7 +10,7 @@ path = "src/main.rs"
 
 [dependencies]
 avalanche-types = { version = "0.0.393", features = ["avalanchego", "jsonrpc_client", "subnet_evm"] } # https://crates.io/crates/avalanche-types
-aws-manager = { version = "0.28.11", features = ["cloudformation", "cloudwatch", "ec2", "s3", "sts"] } # https://github.com/gyuho/aws-manager/tags
+aws-manager = { version = "0.28.13", features = ["cloudformation", "cloudwatch", "ec2", "s3", "sts"] } # https://github.com/gyuho/aws-manager/tags
 aws-sdk-cloudformation = "0.28.0" # https://github.com/awslabs/aws-sdk-rust/releases
 aws-sdk-ec2 = "0.28.0" # https://github.com/awslabs/aws-sdk-rust/releases
 aws-sdk-s3 = "0.28.0" # https://github.com/awslabs/aws-sdk-rust/releases

diff --git a/devnet-faucet/Cargo.toml b/devnet-faucet/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "devnet-faucet"
-version = "0.8.2" # https://github.com/ava-labs/avalanche-ops/releases
+version = "0.8.3" # https://github.com/ava-labs/avalanche-ops/releases
 edition = "2021"
 license = "MIT OR Apache-2.0"