Merge pull request #54 from vijtrip2/env-var-fallback

use sts GetCallerIdentity to find AWS AccountID

Author: vijtrip2

CONTRIBUTING.md

@@ -64,7 +64,7 @@ any 'help wanted' issues is a great place to start.
 
 [See the documentation][dev-docs] for detailed development information.
 
-[dev-docs]: https://aws.github.io/aws-controllers-k8s/dev-docs/overview/
+[dev-docs]: https://aws-controllers-k8s.github.io/community/docs/contributor-docs/overview/
 
 ## Code of Conduct
 

go.mod

@@ -6,6 +6,7 @@ require (
 	github.com/aws/aws-sdk-go v1.37.10
 	github.com/go-logr/logr v0.1.0
 	github.com/google/go-cmp v0.3.1
+	github.com/jaypipes/envutil v1.0.0
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.1.0
 	github.com/spf13/pflag v1.0.5

go.sum

@@ -173,6 +173,8 @@ github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJ
 github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28=
 github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
+github.com/jaypipes/envutil v1.0.0 h1:u6Vwy9HwruFihoZrL0bxDLCa/YNadGVwKyPElNmZWow=
+github.com/jaypipes/envutil v1.0.0/go.mod h1:vgIRDly+xgBq0eeZRcflOHMMobMwgC6MkMbxo/Nw65M=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=

pkg/config/config.go

@@ -15,8 +15,12 @@ package config
 
 import (
 	"errors"
+	"fmt"
 	"net/url"
 
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/sts"
+	"github.com/jaypipes/envutil"
 	flag "github.com/spf13/pflag"
 	"go.uber.org/zap/zapcore"
 	ctrlrt "sigs.k8s.io/controller-runtime"
@@ -27,14 +31,14 @@ const (
 	flagEnableLeaderElection = "enable-leader-election"
 	flagMetricAddr           = "metrics-addr"
 	flagEnableDevLogging     = "enable-development-logging"
-	flagAWSAccountID         = "aws-account-id"
 	flagAWSRegion            = "aws-region"
 	flagAWSEndpointURL       = "aws-endpoint-url"
 	flagLogLevel             = "log-level"
 	flagResourceTags         = "resource-tags"
 	flagWatchNamespace       = "watch-namespace"
 	flagEnableWebhookServer  = "enable-webhook-server"
 	flagWebhookServerAddr    = "webhook-server-addr"
+	envVarAWSRegion          = "AWS_REGION"
 )
 
 // Config contains configuration otpions for ACK service controllers
@@ -81,14 +85,9 @@ func (cfg *Config) BindFlags() {
 		"Configures the logger to use a Zap development config (encoder=consoleEncoder,logLevel=Debug,stackTraceLevel=Warn, no sampling), "+
 			"otherwise a Zap production config will be used (encoder=jsonEncoder,logLevel=Info,stackTraceLevel=Error), sampling).",
 	)
-	flag.StringVar(
-		&cfg.AccountID, flagAWSAccountID,
-		"",
-		"The AWS Account ID in which the service controller will create resources",
-	)
 	flag.StringVar(
 		&cfg.Region, flagAWSRegion,
-		"",
+		envutil.WithDefault(envVarAWSRegion, ""),
 		"The AWS Region in which the service controller will create its resources",
 	)
 	flag.StringVar(
@@ -134,13 +133,31 @@ func (cfg *Config) SetupLogger() {
 	ctrlrt.SetLogger(zap.New(zap.UseFlagOptions(&zapOptions)))
 }
 
+// SetAWSAccountID uses sts GetCallerIdentity API to find AWS AccountId and set
+// in Config
+func (cfg *Config) SetAWSAccountID() error {
+	// use sts to find AWS AccountId
+	session, err := session.NewSession()
+	if err != nil {
+		return fmt.Errorf("unable to create session: %v", err)
+	}
+	client := sts.New(session)
+	res, err := client.GetCallerIdentity(&sts.GetCallerIdentityInput{})
+	if err != nil {
+		return fmt.Errorf("unable to get caller identity: %v", err)
+	}
+	cfg.AccountID = *res.Account
+	return nil
+}
+
 // Validate ensures the options are valid
 func (cfg *Config) Validate() error {
-	if cfg.AccountID == "" {
-		return errors.New("unable to start service controller as account ID is nil. Please pass --aws-account-id flag")
+	if err := cfg.SetAWSAccountID(); err != nil {
+		return errors.New("unable to determine account ID. Please make sure AWS credentials are setup in controller pod")
 	}
+
 	if cfg.Region == "" {
-		return errors.New("unable to start service controller as AWS region is nil. Please pass --aws-region flag")
+		return errors.New("unable to start service controller as AWS region is missing. Please pass --aws-region flag or set AWS_REGION environment variable")
 	}
 
 	if cfg.EndpointURL != "" {