Browse Source

verifying the credentials before assumeRole fn

pull/119/head
Neemias Junior 5 years ago
committed by Jacob McCann
parent
commit
8d8f5c4d78
No known key found for this signature in database GPG Key ID: B5A476DE32B9AE72
  1. 9
      plugin.go

9
plugin.go

@ -77,7 +77,7 @@ func (p Plugin) Exec() error {
}
}
if p.Config.RoleARN != "" {
if p.Config.RoleARN != "" && !credsSet() {
assumeRole(p.Config.RoleARN)
}
@ -169,14 +169,17 @@ func CopyTfEnv() {
}
}
func assumeRole(roleArn string) bool {
func credsSet() bool {
awsTokens := []string{"AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"}
for _, token := range awsTokens {
if os.Getenv(token) != "" {
return true
}
}
return false
}
func assumeRole(roleArn string) {
client := sts.New(session.New())
duration := time.Hour * 1
stsProvider := &stscreds.AssumeRoleProvider{
@ -195,8 +198,6 @@ func assumeRole(roleArn string) bool {
os.Setenv("AWS_ACCESS_KEY_ID", value.AccessKeyID)
os.Setenv("AWS_SECRET_ACCESS_KEY", value.SecretAccessKey)
os.Setenv("AWS_SESSION_TOKEN", value.SessionToken)
return true
}
func deleteCache(terraformDataDir string) *exec.Cmd {

Loading…
Cancel
Save