From d62a23ed62f144d486d91c016e04e387cbd9ec09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lukas=20L=C3=B6sche?= Date: Wed, 20 Sep 2023 14:46:08 +0200 Subject: [PATCH] [plugins/aws] Get account name from profile (#1778) * [plugins/aws] Get account name from profile * [plugins/aws] More safeguards * Use core_feedback --- plugins/aws/resoto_plugin_aws/__init__.py | 31 +++++++++++++++++-- .../aws/resoto_plugin_aws/configuration.py | 4 +++ 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/plugins/aws/resoto_plugin_aws/__init__.py b/plugins/aws/resoto_plugin_aws/__init__.py index c4024a47c9..4e4910a9a9 100644 --- a/plugins/aws/resoto_plugin_aws/__init__.py +++ b/plugins/aws/resoto_plugin_aws/__init__.py @@ -454,7 +454,7 @@ def current_account_id_and_partition(profile: Optional[str] = None) -> Tuple[str raise botocore.exceptions.NoCredentialsError() -def set_account_names(accounts: List[AwsAccount]) -> None: +def set_account_names(accounts: List[AwsAccount], core_feedback: CoreFeedback) -> None: def set_account_name(account: AwsAccount) -> None: def set_name_from_account_alias() -> bool: try: @@ -491,6 +491,28 @@ def set_name_from_org() -> bool: pass return False + def set_name_from_profile() -> bool: + if account.profile: + account.name = account.profile + log.debug(f"Set name for {account.kdname} from profile") + return True + return False + + # if we prefer the profile name and we have a profile + # we set the name from the profile and return immediately + if Config.aws.prefer_profile_as_account_name: + if Config.aws.scrape_org: + core_feedback.error( + "Possible misconfiguration: setting prefer_profile_as_account_name" + " with scrape_org enabled is likely not what you want", + log, + ) + if set_name_from_profile(): + return + + # otherwise we try to set the name from the account alias + # or the organization - depending on the configuration + # and what permissions we have if Config.aws.prefer_account_alias_as_name: if not set_name_from_account_alias(): set_name_from_org() @@ -498,6 +520,11 @@ def set_name_from_org() -> bool: if not set_name_from_org(): set_name_from_account_alias() + # if we still don't have a name, we try + # to set it from the profile if one is set + if account.name is None and not Config.aws.scrape_org: + set_name_from_profile() + if len(accounts) == 0: return @@ -591,7 +618,7 @@ def get_accounts(core_feedback: CoreFeedback) -> List[AwsAccount]: except botocore.exceptions.BotoCoreError as e: core_feedback.error(f"Unable to get accounts for profile {profile}: {e}", log) - set_account_names(accounts) + set_account_names(accounts, core_feedback) return accounts diff --git a/plugins/aws/resoto_plugin_aws/configuration.py b/plugins/aws/resoto_plugin_aws/configuration.py index c1b1ecc8e9..0f586eb200 100644 --- a/plugins/aws/resoto_plugin_aws/configuration.py +++ b/plugins/aws/resoto_plugin_aws/configuration.py @@ -171,6 +171,10 @@ class AwsConfig: " the role will be assumed when calling organizations:DescribeAccount." }, ) + prefer_profile_as_account_name: bool = field( + default=False, + metadata={"description": "Prefer the profile name as the account name, if a profile was used."}, + ) fork_process: bool = field( default=True, metadata={