Feature flag for fetching from ASM

.github/workflows/main.yml

@@ -21,7 +21,7 @@ jobs:
       - name: Setup go
         uses: actions/setup-go@v2
         with:
-          go-version: '1.17.x'
+          go-version: '1.19.x'
 
       - name: Install staticcheck
         run: go install honnef.co/go/tools/cmd/staticcheck@latest
@@ -34,6 +34,6 @@ jobs:
 
       - name: Run golint
         run: golint ./...
-      
+
       - name: Run Tests
         run: go test -cover -p 1 -race -v ./...

.github/workflows/release.yml

@@ -16,7 +16,7 @@ jobs:
       - name: Setup go
         uses: actions/setup-go@v2
         with:
-          go-version: '1.17.x'
+          go-version: '1.19.x'
 
       - name: Install staticcheck
         run: go install honnef.co/go/tools/cmd/staticcheck@latest
@@ -30,18 +30,19 @@ jobs:
   release:
     runs-on: ubuntu-latest
     needs: [ test ]
+    permissions: write-all
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-        
+
       - name: Unshallow
         run: git fetch --prune --unshallow
-        
+
       - name: Set up Go
         uses: actions/setup-go@v2
         with:
-          go-version: '1.17.x'
-          
+          go-version: '1.19.x'
+
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2
         with:

.gitignore

@@ -14,6 +14,8 @@
 # Dependency directories (remove the comment below to include it)
 # vendor/
 
+bin/*
+
 aws.toml
 credentials.json
 token.json

.goreleaser.yml

@@ -22,7 +22,7 @@ builds:
     - goos: windows
       goarch: 386
   ldflags:
-     - -s -w -X github.com/awslabs/ssosync/cmd.version={{.Version}} -X github.com/awslabs/ssosync/cmd.commit={{.Commit}} -X github.com/awslabs/ssosync/cmd.date={{.Date}} -X github.com/awslabs/ssosync/cmd.builtBy=goreleaser
+     - -s -w -X github.com/awslabs/ssosync/cmd.version={{.Version}} -X github.com/awslabs/ssosync/cmd.commit={{.Commit}} -X github.com/awslabs/ssosync/cmd.date={{.Date}} -X github.com/awslabs/ssosync/cmd.builtBy=goreleaser -X github.com/awslabs/ssosync/cmd.gitRepo={{.GitURL}}
 checksum:
   name_template: '{{ .ProjectName }}_checksums.txt'
 changelog:

README.md

@@ -1,3 +1,7 @@
+# Fork of AWS SSO Sync
+Removes need for ASM Secrets
+
+
 # SSO Sync
 
 ![Github Action](https://github.com/awslabs/ssosync/workflows/main/badge.svg)

cmd/root.go

@@ -20,14 +20,14 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/awslabs/ssosync/internal"
-	"github.com/awslabs/ssosync/internal/config"
-	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-lambda-go/events"
-        "github.com/aws/aws-sdk-go/service/codepipeline"
 	"github.com/aws/aws-lambda-go/lambda"
+	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/codepipeline"
 	"github.com/aws/aws-sdk-go/service/secretsmanager"
+	"github.com/awslabs/ssosync/internal"
+	"github.com/awslabs/ssosync/internal/config"
 	"github.com/pkg/errors"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
@@ -39,6 +39,8 @@ var (
 	commit  = "none"
 	date    = "unknown"
 	builtBy = "unknown"
+
+	gitRepo = "unknown"
 )
 
 var cfg *config.Config
@@ -66,9 +68,10 @@ Complete documentation is available at https://github.com/awslabs/ssosync`,
 // running inside of AWS Lambda, we use the Lambda
 // execution path.
 func Execute() {
-        if cfg.IsLambda {
-                log.Info("Executing as Lambda")
-        	lambda.Start(Handler) 
+	log.Info(fmt.Sprintf("Starting Version: %s, of Repo: %s", version, gitRepo))
+	if cfg.IsLambda {
+		log.Info("Executing as Lambda")
+		lambda.Start(Handler)
 	}
 
 	if err := rootCmd.Execute(); err != nil {
@@ -77,60 +80,60 @@ func Execute() {
 }
 
 func Handler(ctx context.Context, event events.CodePipelineEvent) (string, error) {
-    log.Debug(event)
-    err := rootCmd.Execute()
-    s := session.Must(session.NewSession())
-    cpl := codepipeline.New(s)
-
-    cfg.IsLambdaRunningInCodePipeline = len(event.CodePipelineJob.ID) > 0
-
-    if cfg.IsLambdaRunningInCodePipeline {
-        log.Info("Lambda has been invoked by CodePipeline")
-
-        if err != nil {
-    	    // notify codepipeline and mark its job execution as Failure
-    	    log.Fatalf(errors.Wrap(err, "Notifying CodePipeline and mark its job execution as Failure").Error())
-    	    jobID := event.CodePipelineJob.ID
-    	    if len(jobID) == 0 {
-    		panic("CodePipeline Job ID is not set")
-    	    }  
-    	    // mark the job as Failure.
-    	    cplFailure := &codepipeline.PutJobFailureResultInput{
-    		JobId: aws.String(jobID),
-    		FailureDetails: &codepipeline.FailureDetails{
-    			Message: aws.String(err.Error()),
-    			Type: aws.String("JobFailed"),
-    		},
-    	    }
-    	    _, cplErr := cpl.PutJobFailureResult(cplFailure)
-    	    if cplErr != nil {
-                log.Fatalf(errors.Wrap(err, "Failed to update CodePipeline jobID status").Error())
-    	    }
-    	    return "Failure", err
-        } else {
-            log.Info("Notifying CodePipeline and mark its job execution as Success")
-            jobID := event.CodePipelineJob.ID
-            if len(jobID) == 0 {
-    	       panic("CodePipeline Job ID is not set")
-            }
-            // mark the job as Success.
-            cplSuccess := &codepipeline.PutJobSuccessResultInput{
-    	       JobId: aws.String(jobID),
-            }
-            _, cplErr := cpl.PutJobSuccessResult(cplSuccess)
-            if cplErr != nil {
-                log.Fatalf(errors.Wrap(err, "Failed to update CodePipeline jobID status").Error())
-            }
-            return "Success", nil
-        }
-    } else {
-        if err != nil {
-            log.Fatalf(errors.Wrap(err, "Notifying Lambda and mark this execution as Failure").Error())
-            return "Failure", err
-        } else {
-            return "Success", nil
-        }
-    }
+	log.Debug(event)
+	err := rootCmd.Execute()
+	s := session.Must(session.NewSession())
+	cpl := codepipeline.New(s)
+
+	cfg.IsLambdaRunningInCodePipeline = len(event.CodePipelineJob.ID) > 0
+
+	if cfg.IsLambdaRunningInCodePipeline {
+		log.Info("Lambda has been invoked by CodePipeline")
+
+		if err != nil {
+			// notify codepipeline and mark its job execution as Failure
+			log.Fatalf(errors.Wrap(err, "Notifying CodePipeline and mark its job execution as Failure").Error())
+			jobID := event.CodePipelineJob.ID
+			if len(jobID) == 0 {
+				panic("CodePipeline Job ID is not set")
+			}
+			// mark the job as Failure.
+			cplFailure := &codepipeline.PutJobFailureResultInput{
+				JobId: aws.String(jobID),
+				FailureDetails: &codepipeline.FailureDetails{
+					Message: aws.String(err.Error()),
+					Type:    aws.String("JobFailed"),
+				},
+			}
+			_, cplErr := cpl.PutJobFailureResult(cplFailure)
+			if cplErr != nil {
+				log.Fatalf(errors.Wrap(err, "Failed to update CodePipeline jobID status").Error())
+			}
+			return "Failure", err
+		} else {
+			log.Info("Notifying CodePipeline and mark its job execution as Success")
+			jobID := event.CodePipelineJob.ID
+			if len(jobID) == 0 {
+				panic("CodePipeline Job ID is not set")
+			}
+			// mark the job as Success.
+			cplSuccess := &codepipeline.PutJobSuccessResultInput{
+				JobId: aws.String(jobID),
+			}
+			_, cplErr := cpl.PutJobSuccessResult(cplSuccess)
+			if cplErr != nil {
+				log.Fatalf(errors.Wrap(err, "Failed to update CodePipeline jobID status").Error())
+			}
+			return "Success", nil
+		}
+	} else {
+		if err != nil {
+			log.Fatalf(errors.Wrap(err, "Notifying Lambda and mark this execution as Failure").Error())
+			return "Failure", err
+		} else {
+			return "Success", nil
+		}
+	}
 }
 
 func init() {
@@ -170,6 +173,7 @@ func initConfig() {
 		"sync_method",
 		"region",
 		"identity_store_id",
+		"load_asm_secrets",
 	}
 
 	for _, e := range appEnvVars {
@@ -185,12 +189,12 @@ func initConfig() {
 	// config logger
 	logConfig(cfg)
 
-	if cfg.IsLambda {
-		configLambda()
+	if cfg.IsLambda && cfg.LoadAwsSecretManagerSecrets {
+		loadAwsSecretsManagerSecrets()
 	}
 }
 
-func configLambda() {
+func loadAwsSecretsManagerSecrets() {
 	s := session.Must(session.NewSession())
 	svc := secretsmanager.New(s)
 	secrets := config.NewSecrets(svc)

go.mod

@@ -1,27 +1,56 @@
 module github.com/awslabs/ssosync
 
-go 1.16
+go 1.19
 
 require (
-	github.com/BurntSushi/toml v1.0.0
-	github.com/aws/aws-lambda-go v1.23.0
-	github.com/aws/aws-sdk-go v1.44.102
-	github.com/fsnotify/fsnotify v1.4.9 // indirect
-	github.com/golang/mock v1.5.0
-	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.0
-	github.com/magiconair/properties v1.8.5 // indirect
-	github.com/mitchellh/mapstructure v1.4.1 // indirect
-	github.com/pelletier/go-toml v1.9.0 // indirect
+	github.com/BurntSushi/toml v1.2.1
+	github.com/aws/aws-lambda-go v1.41.0
+	github.com/aws/aws-sdk-go v1.44.264
+	github.com/golang/mock v1.6.0
+	github.com/hashicorp/go-retryablehttp v0.7.2
 	github.com/pkg/errors v0.9.1
-	github.com/sirupsen/logrus v1.8.1
-	github.com/spf13/afero v1.6.0 // indirect
-	github.com/spf13/cast v1.3.1 // indirect
-	github.com/spf13/cobra v1.1.3
+	github.com/sirupsen/logrus v1.9.2
+	github.com/spf13/cobra v1.7.0
+	github.com/spf13/viper v1.15.0
+	github.com/stretchr/testify v1.8.1
+	golang.org/x/oauth2 v0.8.0
+	google.golang.org/api v0.122.0
+)
+
+require (
+	cloud.google.com/go/compute v1.19.3 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/s2a-go v0.1.3 // indirect
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
+	github.com/googleapis/gax-go/v2 v2.8.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.7 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/spf13/afero v1.9.5 // indirect
+	github.com/spf13/cast v1.5.1 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
-	github.com/spf13/viper v1.7.1
-	github.com/stretchr/testify v1.7.0
-	golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c
-	google.golang.org/api v0.46.0
-	gopkg.in/ini.v1 v1.62.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/subosito/gotenv v1.4.2 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	golang.org/x/crypto v0.9.0 // indirect
+	golang.org/x/net v0.10.0 // indirect
+	golang.org/x/sys v0.8.0 // indirect
+	golang.org/x/text v0.9.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
+	google.golang.org/grpc v1.55.0 // indirect
+	google.golang.org/protobuf v1.30.0 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )