Home Explore Help
Register Sign In
shenzhen
/
dify-plugin-daemon
Watch 2
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: ce519434b0
Branches Tags
dify-plugin-...
/
internal
/
core
/
aws
/
role.go

role.go 1.9 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172 
  1. package aws
    2. 

  2. 

  3. import (
    4. 

  4. 	"context"
    5. 

  5. 	"errors"
    6. 

  6. 	"fmt"
    7. 

  7. 

  8. 	"github.com/aws/aws-sdk-go-v2/aws"
    9. 

  9. 	"github.com/aws/aws-sdk-go-v2/service/iam"
    10. 

  10. )
    11. 

  11. 

  12. const (
    13. 

  13. 	DIFY_PLUGIN_LAMBDA_EXECUTION_ROLE = "dify-plugin-lambda-execution-role"
    14. 

  14. )
    15. 

  15. 

  16. // getOrCreateLambdaExecutionRole creates a new lambda execution role if it doesn't exist
    17. 

  17. // or returns the existing role's ARN
    18. 

  18. func getOrCreateLambdaExecutionRole(ctx context.Context) (string, error) {
    19. 

  19. 	iam_client := iam.NewFromConfig(*aws_lambda_config)
    20. 

  20. 

  21. 	// Check if the role already exists
    22. 

  22. 	_, err := iam_client.GetRole(ctx, &iam.GetRoleInput{
    23. 

  23. 		RoleName: aws.String(DIFY_PLUGIN_LAMBDA_EXECUTION_ROLE),
    24. 

  24. 	})
    25. 

  25. 

  26. 	if err == nil {
    27. 

  27. 		// Role already exists, return its ARN
    28. 

  28. 		return fmt.Sprintf("arn:aws:iam::%s:role/%s", lambda_account_id, DIFY_PLUGIN_LAMBDA_EXECUTION_ROLE), nil
    29. 

  29. 	}
    30. 

  30. 

  31. 	// Create the role if it doesn't exist
    32. 

  32. 	assume_role_policy_document := `{
    33. 

  33. 		"Version": "2012-10-17",
    34. 

  34. 		"Statement": [
    35. 

  35. 			{
    36. 

  36. 				"Effect": "Allow",
    37. 

  37. 				"Principal": {
    38. 

  38. 					"Service": "lambda.amazonaws.com"
    39. 

  39. 				},
    40. 

  40. 				"Action": "sts:AssumeRole"
    41. 

  41. 			}
    42. 

  42. 		]
    43. 

  43. 	}`
    44. 

  44. 

  45. 	create_role_output, err := iam_client.CreateRole(ctx, &iam.CreateRoleInput{
    46. 

  46. 		RoleName:                 aws.String(DIFY_PLUGIN_LAMBDA_EXECUTION_ROLE),
    47. 

  47. 		AssumeRolePolicyDocument: aws.String(assume_role_policy_document),
    48. 

  48. 	})
    49. 

  49. 	if err != nil {
    50. 

  50. 		return "", err
    51. 

  51. 	}
    52. 

  52. 

  53. 	// Attach the AWSLambdaBasicExecutionRole policy
    54. 

  54. 	_, err = iam_client.AttachRolePolicy(ctx, &iam.AttachRolePolicyInput{
    55. 

  55. 		RoleName:  aws.String(DIFY_PLUGIN_LAMBDA_EXECUTION_ROLE),
    56. 

  56. 		PolicyArn: aws.String("arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"),
    57. 

  57. 	})
    58. 

  58. 	if err != nil {
    59. 

  59. 		// Delete the role if the policy attachment fails
    60. 

  60. 		_, err1 := iam_client.DeleteRole(ctx, &iam.DeleteRoleInput{
    61. 

  61. 			RoleName: aws.String(DIFY_PLUGIN_LAMBDA_EXECUTION_ROLE),
    62. 

  62. 		})
    63. 

  63. 		if err1 != nil {
    64. 

  64. 			return "", errors.Join(err, err1)
    65. 

  65. 		}
    66. 

  66. 

  67. 		return "", err
    68. 

  68. 	}
    69. 

  69. 

  70. 	return *create_role_output.Role.Arn, nil
    71. 

  71. }
    72. 

  72.