Commit c84fd02
authored
* feat(accounts): wire AWS Organizations discovery endpoint to DiscoverOrgAccounts (closes #208)
POST /api/accounts/discover-org used to return a stub
"not yet implemented" message. Wire it end-to-end against the
already-shipped accounts.DiscoverOrgAccounts function:
1. Parse {account_id} body, validate it's a UUID.
2. Load the named account via config.GetCloudAccount; 404 if missing.
3. Validate provider == "aws" and aws_is_org_root == true; 400
otherwise.
4. Resolve the org-root's stored credentials via
credentials.ResolveAWSCredentialProvider and build an aws.Config.
5. Call accounts.DiscoverOrgAccounts (injectable seam:
Handler.discoverOrgFn for tests; nil-default falls back to the
real Organizations API call).
6. Dedupe each member account by (provider="aws", external_id)
against the existing aws cloud_accounts roster.
7. Persist new members with enabled=false, aws_auth_mode=bastion,
aws_bastion_id pointing at the org root — so the operator must
review/approve and fill in the target role ARN before any
discovered account participates in scheduled collection.
8. Return {discovered, created, skipped} counts.
Spec acceptance F-1, F-2, F-3 from
specs/multi-account-execution/acceptance.md.
Test additions in handler_accounts_test.go cover the primary
acceptance dimensions:
- 400 on invalid JSON body
- 400 on invalid account_id (not a UUID)
- 400 on non-AWS account
- 400 on aws_is_org_root=false
- 404 on account not found
- happy path: 3 discovered, 1 already known (skipped), 2 created;
asserts each persisted row has enabled=false +
aws_auth_mode=bastion + aws_bastion_id=org-root.ID
The router-level smoke test in router_handlers_test.go is updated
to assert the routing dispatcher reaches the handler (now expects
a ClientError 400 on the empty body it sends, instead of the prior
NotNil result from the stub).
MockConfigStore gains ListCloudAccountsFn + CreateCloudAccountFn
hooks so the org-discovery happy-path test can inject an existing
roster and capture the persisted rows.
* fix(accounts): tighten discoverOrgAccounts per CR pass 1 — admin-only, drop misleading bastion default, drop blanket-400 (#212)
Three CR-pass-1 findings on PR #212 addressed in one commit:
1. Permission scope: switch from requirePermission("create",
"accounts") to requireAdmin. Org discovery can create N
cloud_accounts rows in one call and bring unfamiliar accounts
into the roster — admin scope is the right gate even though
the rows boot disabled. requireAdmin honours both the admin
API-key and bearer-token paths used elsewhere.
2. Drop the default AWSAuthMode="bastion" on persisted rows.
awsAmbientCredResult treats role_arn or bastion modes with an
empty AWSRoleARN as "ambient host credentials" — semantically
correct for the CUDly self-account, but WRONG for a
freshly-discovered member account, which would have falsely
passed the test-credentials endpoint. Persist with
AWSAuthMode="" instead; the operator's review step must set
BOTH the mode AND a non-empty AWSRoleARN before flipping
enabled=true. AWSBastionID is still pre-filled with the org
root's ID so the operator's edit is just "add role ARN, set
mode=bastion". The empty mode also fails
ResolveAWSCredentialProvider's switch with a clear
"unsupported aws_auth_mode" error if the row is enabled
prematurely.
3. buildOrgRootAWSConfig no longer wraps every
ResolveAWSCredentialProvider error as ClientError(400). The
resolver mixes definite client-side validation failures
(missing aws_role_arn) with transient server-side ones
(credential store unavailable, network errors during
access-key load); without a sentinel/typed error in the
credentials package today, blanket-400 was misleading. Wrap
the error as a regular Go error instead — the handler-default
surface is 5xx, retries are possible, and the error message
makes it into the structured log either way. A proper
400/500 split lives in a future credentials-package
error-type cleanup; flagged in the doc comment.
Test update: TestDiscoverOrgAccounts_HappyPathDedupesAndPersists
now asserts AWSAuthMode is empty on persisted rows (was checking
"bastion"). The doc above the assertions explains the WHY so a
future maintainer doesn't "fix" it back.
go test ./... clean. No behaviour change other than the three
items above.
* fix(accounts): stamp discovered org accounts metadata
* fix(accounts): skip duplicate org discoveries on insert
* fix(accounts): guard nil org discovery results
1 parent 5c1d38f commit c84fd02
5 files changed
Lines changed: 501 additions & 11 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
9 | 9 | | |
10 | 10 | | |
11 | 11 | | |
| 12 | + | |
12 | 13 | | |
13 | 14 | | |
14 | 15 | | |
| |||
78 | 79 | | |
79 | 80 | | |
80 | 81 | | |
| 82 | + | |
| 83 | + | |
| 84 | + | |
| 85 | + | |
| 86 | + | |
| 87 | + | |
81 | 88 | | |
82 | 89 | | |
83 | 90 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
10 | 10 | | |
11 | 11 | | |
12 | 12 | | |
| 13 | + | |
13 | 14 | | |
14 | 15 | | |
15 | 16 | | |
16 | 17 | | |
17 | 18 | | |
| 19 | + | |
| 20 | + | |
18 | 21 | | |
19 | 22 | | |
20 | 23 | | |
| |||
1086 | 1089 | | |
1087 | 1090 | | |
1088 | 1091 | | |
1089 | | - | |
| 1092 | + | |
| 1093 | + | |
| 1094 | + | |
| 1095 | + | |
| 1096 | + | |
| 1097 | + | |
| 1098 | + | |
| 1099 | + | |
| 1100 | + | |
| 1101 | + | |
| 1102 | + | |
| 1103 | + | |
| 1104 | + | |
| 1105 | + | |
| 1106 | + | |
| 1107 | + | |
| 1108 | + | |
| 1109 | + | |
| 1110 | + | |
| 1111 | + | |
| 1112 | + | |
| 1113 | + | |
| 1114 | + | |
| 1115 | + | |
| 1116 | + | |
| 1117 | + | |
| 1118 | + | |
1090 | 1119 | | |
1091 | | - | |
| 1120 | + | |
| 1121 | + | |
| 1122 | + | |
| 1123 | + | |
| 1124 | + | |
| 1125 | + | |
| 1126 | + | |
| 1127 | + | |
| 1128 | + | |
| 1129 | + | |
| 1130 | + | |
| 1131 | + | |
| 1132 | + | |
| 1133 | + | |
| 1134 | + | |
| 1135 | + | |
| 1136 | + | |
| 1137 | + | |
| 1138 | + | |
| 1139 | + | |
1092 | 1140 | | |
1093 | 1141 | | |
| 1142 | + | |
| 1143 | + | |
| 1144 | + | |
1094 | 1145 | | |
1095 | | - | |
| 1146 | + | |
| 1147 | + | |
| 1148 | + | |
| 1149 | + | |
| 1150 | + | |
| 1151 | + | |
| 1152 | + | |
| 1153 | + | |
| 1154 | + | |
| 1155 | + | |
| 1156 | + | |
| 1157 | + | |
| 1158 | + | |
| 1159 | + | |
| 1160 | + | |
| 1161 | + | |
| 1162 | + | |
| 1163 | + | |
| 1164 | + | |
| 1165 | + | |
| 1166 | + | |
| 1167 | + | |
| 1168 | + | |
| 1169 | + | |
| 1170 | + | |
| 1171 | + | |
| 1172 | + | |
| 1173 | + | |
| 1174 | + | |
| 1175 | + | |
| 1176 | + | |
| 1177 | + | |
| 1178 | + | |
| 1179 | + | |
| 1180 | + | |
| 1181 | + | |
| 1182 | + | |
| 1183 | + | |
| 1184 | + | |
| 1185 | + | |
| 1186 | + | |
| 1187 | + | |
| 1188 | + | |
| 1189 | + | |
| 1190 | + | |
| 1191 | + | |
| 1192 | + | |
| 1193 | + | |
| 1194 | + | |
| 1195 | + | |
| 1196 | + | |
| 1197 | + | |
| 1198 | + | |
| 1199 | + | |
| 1200 | + | |
| 1201 | + | |
| 1202 | + | |
| 1203 | + | |
| 1204 | + | |
| 1205 | + | |
| 1206 | + | |
| 1207 | + | |
| 1208 | + | |
| 1209 | + | |
| 1210 | + | |
| 1211 | + | |
| 1212 | + | |
| 1213 | + | |
| 1214 | + | |
| 1215 | + | |
| 1216 | + | |
| 1217 | + | |
| 1218 | + | |
| 1219 | + | |
| 1220 | + | |
| 1221 | + | |
| 1222 | + | |
| 1223 | + | |
| 1224 | + | |
| 1225 | + | |
| 1226 | + | |
| 1227 | + | |
| 1228 | + | |
| 1229 | + | |
| 1230 | + | |
| 1231 | + | |
| 1232 | + | |
| 1233 | + | |
| 1234 | + | |
| 1235 | + | |
| 1236 | + | |
| 1237 | + | |
| 1238 | + | |
| 1239 | + | |
| 1240 | + | |
| 1241 | + | |
| 1242 | + | |
| 1243 | + | |
| 1244 | + | |
| 1245 | + | |
| 1246 | + | |
| 1247 | + | |
| 1248 | + | |
| 1249 | + | |
| 1250 | + | |
| 1251 | + | |
| 1252 | + | |
| 1253 | + | |
| 1254 | + | |
| 1255 | + | |
| 1256 | + | |
| 1257 | + | |
| 1258 | + | |
| 1259 | + | |
| 1260 | + | |
| 1261 | + | |
| 1262 | + | |
| 1263 | + | |
| 1264 | + | |
| 1265 | + | |
| 1266 | + | |
| 1267 | + | |
| 1268 | + | |
| 1269 | + | |
| 1270 | + | |
| 1271 | + | |
| 1272 | + | |
| 1273 | + | |
| 1274 | + | |
| 1275 | + | |
| 1276 | + | |
1096 | 1277 | | |
1097 | 1278 | | |
1098 | 1279 | | |
| |||
0 commit comments