Micah Hausler micahhausler

## custom-duration-seconds-example.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: aws-config
data:
  credential-process: |
    #!/usr/bin/env bash
    aws sts assume-role-with-web-identity \
      --duration-seconds 43200 \
      --web-identity-token file:///var/run/secrets/eks.amazonaws.com/serviceaccount/token \

## config.ini
[default]

region                  = us-west-2
role_arn                = arn:aws:iam::123456789012:role/role-name
web_identity_token_file = /var/run/secrets/eks.amazonaws.com/serviceaccount/token
duration_seconds        = 43200 # 12 hours, maximum
# role_session_name      = pod_name

## test_runner.go
package tests

import (
	"reflect"
	"strings"
	"testing"
)

type TestRunner struct{}

## policy.json
{
    "default": [
        {
            "type": "insecureAcceptAnything"
        }
    ],
    "transports":
        {
            "docker-daemon":
                {

## account-m-role-iam-policy.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::444455556666:role/account-n-role"
        }
    ]
}

## Makefile.diff
diff --git a/Makefile b/Makefile
index 253d32b..7329f04 100644
--- a/Makefile
+++ b/Makefile
@@ -22,11 +22,11 @@ export DOCKER_CLI_EXPERIMENTAL := enabled

 image-amd64:
        mkdir -p out
-       linuxkit build -docker -disable-content-trust -pull -format kernel+initrd -name hook-x86_64 -dir out $(LINUXKIT_CONFIG)
+       linuxkit build -docker -format kernel+initrd -name hook-x86_64 -dir out $(LINUXKIT_CONFIG)

## service.proto
syntax = "proto3";

import "github.com/gogo/protobuf/gogoproto/gogo.proto";
import "google/protobuf/any.proto";

package v1alpha1;

service TokenGeneratorService {
  // Generate a token with the provided claims
  rpc GenerateToken(GenerateTokenRequest) returns (GenerateTokenResponse) {}

## service.proto
syntax = "proto3";

import "github.com/gogo/protobuf/gogoproto/gogo.proto";

package v1alpha1;

service TokenGeneratorService {
  // Generate a token with the provided claims
  rpc GenerateToken(GenerateTokenRequest) returns (GenerateTokenResponse) {}
  // List all active public keys

## Dockerfile
FROM php:alpine
RUN apk -U add composer && \
    composer require aws/aws-sdk-php
ADD ./script.php /opt/code/script.php
CMD php /opt/code/script.php

## main.go
package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws/endpoints"
	"gopkg.in/gcfg.v1"
)

type CloudConfig struct {
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: aws-config
	data:
	credential-process: \|
	#!/usr/bin/env bash
	aws sts assume-role-with-web-identity \
	--duration-seconds 43200 \
	--web-identity-token file:///var/run/secrets/eks.amazonaws.com/serviceaccount/token \
	[default]

	region = us-west-2
	role_arn = arn:aws:iam::123456789012:role/role-name
	web_identity_token_file = /var/run/secrets/eks.amazonaws.com/serviceaccount/token
	duration_seconds = 43200 # 12 hours, maximum
	# role_session_name = pod_name
	package tests

	import (
	"reflect"
	"strings"
	"testing"
	)

	type TestRunner struct{}
	{
	"default": [
	{
	"type": "insecureAcceptAnything"
	}
	],
	"transports":
	{
	"docker-daemon":
	{
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Effect": "Allow",
	"Action": "sts:AssumeRole",
	"Resource": "arn:aws:iam::444455556666:role/account-n-role"
	}
	]
	}
	diff --git a/Makefile b/Makefile
	index 253d32b..7329f04 100644
	--- a/Makefile
	+++ b/Makefile
	@@ -22,11 +22,11 @@ export DOCKER_CLI_EXPERIMENTAL := enabled

	image-amd64:
	mkdir -p out
	- linuxkit build -docker -disable-content-trust -pull -format kernel+initrd -name hook-x86_64 -dir out $(LINUXKIT_CONFIG)
	+ linuxkit build -docker -format kernel+initrd -name hook-x86_64 -dir out $(LINUXKIT_CONFIG)
	syntax = "proto3";

	import "github.com/gogo/protobuf/gogoproto/gogo.proto";
	import "google/protobuf/any.proto";

	package v1alpha1;

	service TokenGeneratorService {
	// Generate a token with the provided claims
	rpc GenerateToken(GenerateTokenRequest) returns (GenerateTokenResponse) {}
	FROM php:alpine
	RUN apk -U add composer && \
	composer require aws/aws-sdk-php
	ADD ./script.php /opt/code/script.php
	CMD php /opt/code/script.php
	package main

	import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws/endpoints"
	"gopkg.in/gcfg.v1"
	)

	type CloudConfig struct {