From 705e4d905504eaa5bdb4c8497b00706a2bde018f Mon Sep 17 00:00:00 2001 From: Long Nguyen Date: Wed, 19 Apr 2023 09:01:25 -0400 Subject: [PATCH 1/2] Adding support for assume role arn Signed-off-by: Long Nguyen --- driver/driver.go | 13 ++++++++++++- models/models.go | 1 + 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/driver/driver.go b/driver/driver.go index 8f10d83a..9eeeb771 100644 --- a/driver/driver.go +++ b/driver/driver.go @@ -7,6 +7,7 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/credentials" + "github.com/aws/aws-sdk-go/aws/credentials/stscreds" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/s3" "github.com/blang/semver" @@ -72,7 +73,17 @@ func FromSource(source models.Source) (Driver, error) { awsConfig.Endpoint = aws.String(source.Endpoint) } - svc := s3.New(session.New(awsConfig)) + s3Session := session.New(awsConfig) + + var s3Client *s3.S3 + if source.RoleArn != "" { + creds := stscreds.NewCredentials(s3Session, source.RoleArn) + s3Client = s3.New(s3Session, &aws.Config{Credentials: creds}) + } else { + s3Client = s3.New(s3Session) + } + + svc := s3Client if source.UseV2Signing { setv2Handlers(svc) diff --git a/models/models.go b/models/models.go index 51e42ec6..390fef14 100644 --- a/models/models.go +++ b/models/models.go @@ -62,6 +62,7 @@ type Source struct { Key string `json:"key"` AccessKeyID string `json:"access_key_id"` SecretAccessKey string `json:"secret_access_key"` + RoleArn string `json:"role_arn"` SessionToken string `json:"session_token"` RegionName string `json:"region_name"` Endpoint string `json:"endpoint"` From afb521cb15d986a22a3f41695e98f37a384fdd23 Mon Sep 17 00:00:00 2001 From: Long Nguyen Date: Mon, 24 Apr 2023 09:44:39 -0400 Subject: [PATCH 2/2] Renaming to assume_role_arn, it's more descriptive and added to readme Signed-off-by: Long Nguyen --- README.md | 2 ++ driver/driver.go | 22 +++++++++++----------- models/models.go | 2 +- 3 files changed, 14 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index a2277aa5..854d9084 100644 --- a/README.md +++ b/README.md @@ -58,6 +58,8 @@ bucket. * `secret_access_key`: *Required.* The AWS secret key to use when accessing the bucket. +* `assume_role_arn`: *Optional.* The AWS role to assume when using access keys. + * `session_token`: *Optional.* The AWS session token to use when accessing the bucket. diff --git a/driver/driver.go b/driver/driver.go index 9eeeb771..9566a704 100644 --- a/driver/driver.go +++ b/driver/driver.go @@ -76,8 +76,8 @@ func FromSource(source models.Source) (Driver, error) { s3Session := session.New(awsConfig) var s3Client *s3.S3 - if source.RoleArn != "" { - creds := stscreds.NewCredentials(s3Session, source.RoleArn) + if source.AssumeRoleArn != "" { + creds := stscreds.NewCredentials(s3Session, source.AssumeRoleArn) s3Client = s3.New(s3Session, &aws.Config{Credentials: creds}) } else { s3Client = s3.New(s3Session) @@ -102,15 +102,15 @@ func FromSource(source models.Source) (Driver, error) { return &GitDriver{ InitialVersion: initialVersion, - URI: source.URI, - Branch: source.Branch, - PrivateKey: source.PrivateKey, - Username: source.Username, - Password: source.Password, - File: source.File, - GitUser: source.GitUser, - CommitMessage: source.CommitMessage, - SkipSSLVerification: source.SkipSSLVerification, + URI: source.URI, + Branch: source.Branch, + PrivateKey: source.PrivateKey, + Username: source.Username, + Password: source.Password, + File: source.File, + GitUser: source.GitUser, + CommitMessage: source.CommitMessage, + SkipSSLVerification: source.SkipSSLVerification, }, nil case models.DriverSwift: diff --git a/models/models.go b/models/models.go index 390fef14..b130fe25 100644 --- a/models/models.go +++ b/models/models.go @@ -62,7 +62,7 @@ type Source struct { Key string `json:"key"` AccessKeyID string `json:"access_key_id"` SecretAccessKey string `json:"secret_access_key"` - RoleArn string `json:"role_arn"` + AssumeRoleArn string `json:"assume_role_arn"` SessionToken string `json:"session_token"` RegionName string `json:"region_name"` Endpoint string `json:"endpoint"`