Merge pull request #73 from jameszwang/ocm-11325

OCM-11325 | test: Update assume role policy for shared-vpc role
openshift-online · Sep 23, 2024 · cb285ed · cb285ed
2 parents 235b5b3 + 5c692bf
commit cb285ed
Showing 1 changed file with 33 additions and 0 deletions.
diff --git a/pkg/aws/aws_client/role.go b/pkg/aws/aws_client/role.go
@@ -459,3 +459,36 @@ func (client *AWSClient) CreateRoleForAdditionalPrincipals(roleName string, inst
 
 	return client.CreateRole(roleName, string(assumeRolePolicyDocument), "", make(map[string]string), "/")
 }
+
+func (client *AWSClient) UpdateAssumeRolePolicy(roleName string, assumeRolePolicyDocument string) error {
+	input := &iam.UpdateAssumeRolePolicyInput{
+		RoleName:       &roleName,
+		PolicyDocument: &assumeRolePolicyDocument,
+	}
+
+	_, err := client.IamClient.UpdateAssumeRolePolicy(context.TODO(), input)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (client *AWSClient) UpdateAssumeRolePolicyForSharedVPCRole(roleName string, installerRoleArn string,
+	ingressOperatorRoleArn string) error {
+	statement := map[string]interface{}{
+		"Sid":    "Statement1",
+		"Effect": "Allow",
+		"Principal": map[string]interface{}{
+			"AWS": []string{installerRoleArn, ingressOperatorRoleArn},
+		},
+		"Action": "sts:AssumeRole",
+	}
+
+	assumeRolePolicyDocument, err := completeRolePolicyDocument(statement)
+	if err != nil {
+		log.LogError("Failed to convert Role Policy Document into JSON: %s", err.Error())
+		return err
+	}
+	err = client.UpdateAssumeRolePolicy(roleName, assumeRolePolicyDocument)
+	return err
+}