Browse Source
verifying the credentials before assumeRole fn
pull/119/head
Neemias Junior
5 years ago
committed by
Jacob McCann
No known key found for this signature in database
GPG Key ID: B5A476DE32B9AE72
1 changed files with
5 additions and
4 deletions
-
plugin.go
|
|
@ -77,7 +77,7 @@ func (p Plugin) Exec() error { |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
if p.Config.RoleARN != "" { |
|
|
|
if p.Config.RoleARN != "" && !credsSet() { |
|
|
|
assumeRole(p.Config.RoleARN) |
|
|
|
} |
|
|
|
|
|
|
@ -169,14 +169,17 @@ func CopyTfEnv() { |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
func assumeRole(roleArn string) bool { |
|
|
|
func credsSet() bool { |
|
|
|
awsTokens := []string{"AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"} |
|
|
|
for _, token := range awsTokens { |
|
|
|
if os.Getenv(token) != "" { |
|
|
|
return true |
|
|
|
} |
|
|
|
} |
|
|
|
return false |
|
|
|
} |
|
|
|
|
|
|
|
func assumeRole(roleArn string) { |
|
|
|
client := sts.New(session.New()) |
|
|
|
duration := time.Hour * 1 |
|
|
|
stsProvider := &stscreds.AssumeRoleProvider{ |
|
|
@ -195,8 +198,6 @@ func assumeRole(roleArn string) bool { |
|
|
|
os.Setenv("AWS_ACCESS_KEY_ID", value.AccessKeyID) |
|
|
|
os.Setenv("AWS_SECRET_ACCESS_KEY", value.SecretAccessKey) |
|
|
|
os.Setenv("AWS_SESSION_TOKEN", value.SessionToken) |
|
|
|
|
|
|
|
return true |
|
|
|
} |
|
|
|
|
|
|
|
func deleteCache(terraformDataDir string) *exec.Cmd { |
|
|
|