remove additional "awsrole" metadata + add AWS Param Store

Infisical · Nov 22, 2024 · 91bc1af · 91bc1af
1 parent 78b9987
commit 91bc1af
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 19 deletions.
diff --git a/backend/src/server/routes/v1/integration-router.ts b/backend/src/server/routes/v1/integration-router.ts
@@ -9,6 +9,7 @@ import { getTelemetryDistinctId } from "@app/server/lib/telemetry";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
 import { IntegrationMetadataSchema } from "@app/services/integration/integration-schema";
+import { Integrations } from "@app/services/integration-auth/integration-list";
 import { PostHogEventTypes, TIntegrationCreatedEvent } from "@app/services/telemetry/telemetry-types";
 
 import {} from "../sanitizedSchemas";
@@ -206,32 +207,31 @@ export const registerIntegrationRouter = async (server: FastifyZodProvider) => {
         id: req.params.integrationId
       });
 
-      if (integration.integration === "aws-secret-manager") {
-        // Fetch additional AWS integration details
-        const awsRoleDetails = await server.services.integration.getIntegrationAWSAssumeRoleArn({
+      if (integration.region) {
+        integration.metadata = {
+          ...(integration.metadata || {}),
+          region: integration.region
+        };
+      }
+
+      if (
+        integration.integration === Integrations.AWS_SECRET_MANAGER ||
+        integration.integration === Integrations.AWS_PARAMETER_STORE
+      ) {
+        const awsRoleDetails = await server.services.integration.getIntegrationAWSIamRole({
           actorId: req.permission.id,
           actor: req.permission.type,
           actorAuthMethod: req.permission.authMethod,
           actorOrgId: req.permission.orgId,
           id: req.params.integrationId
         });
 
-        if (integration.metadata) {
+        if (awsRoleDetails) {
           integration.metadata = {
-            ...integration.metadata,
-            awsRegion: integration.region,
-            awsIamRole: awsRoleDetails.role
-          };
-        } else {
-          integration.metadata = {
-            awsRegion: integration.region,
+            ...(integration.metadata || {}),
             awsIamRole: awsRoleDetails.role
           };
         }
-      } else {
-        integration.metadata = {
-          region: integration.region
-        };
       }
 
       return { integration };

diff --git a/backend/src/services/integration/integration-service.ts b/backend/src/services/integration/integration-service.ts
@@ -262,7 +262,7 @@ export const integrationServiceFactory = ({
       type: KmsDataKey.SecretManager,
       projectId: integration.projectId
     });
-    let awsIamRole;
+    let awsIamRole: string | null = null;
     if (integrationAuth.encryptedAwsAssumeIamRoleArn) {
       const awsAssumeRoleArn = secretManagerDecryptor({
         cipherTextBlob: Buffer.from(integrationAuth.encryptedAwsAssumeIamRoleArn)
@@ -370,7 +370,7 @@ export const integrationServiceFactory = ({
     deleteIntegration,
     listIntegrationByProject,
     getIntegration,
-    getIntegrationAWSAssumeRoleArn: getIntegrationAWSIamRole,
+    getIntegrationAWSIamRole,
     syncIntegration
   };
 };
diff --git a/frontend/src/hooks/api/integrations/types.ts b/frontend/src/hooks/api/integrations/types.ts
@@ -59,7 +59,6 @@ export type TIntegration = {
     shouldEnableDelete?: boolean;
 
     awsIamRole?: string;
-    awsRegion?: string;
     region?: string;
   };
 };

diff --git a/...c/views/IntegrationsPage/IntegrationDetailsPage/components/IntegrationSettingsSection.tsx b/...c/views/IntegrationsPage/IntegrationDetailsPage/components/IntegrationSettingsSection.tsx
@@ -28,7 +28,6 @@ const metadataMappings: Record<keyof NonNullable<TIntegrationWithEnv["metadata"]
   shouldProtectSecrets: "GitLab Secret Protection Enabled",
   shouldEnableDelete: "GitHub Secret Deletion Enabled",
   awsIamRole: "AWS IAM Role",
-  awsRegion: "AWS Region",
   region: "Region"
 } as const;