Merge pull request #142 from lnguyen/master

Adding support for assume role arn
concourse · May 16, 2023 · 4022f1a · 4022f1a
2 parents 2e4cdf9 + afb521c
commit 4022f1a
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -58,6 +58,8 @@ bucket.
 * `secret_access_key`: *Required.* The AWS secret key to use when accessing
 the bucket.
 
+* `assume_role_arn`: *Optional.* The AWS role to assume when using access keys.
+
 * `session_token`: *Optional.* The AWS session token to use when accessing
 the bucket.
 

diff --git a/driver/driver.go b/driver/driver.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/s3"
 	"github.com/blang/semver"
@@ -72,7 +73,17 @@ func FromSource(source models.Source) (Driver, error) {
 			awsConfig.Endpoint = aws.String(source.Endpoint)
 		}
 
-		svc := s3.New(session.New(awsConfig))
+		s3Session := session.New(awsConfig)
+
+		var s3Client *s3.S3
+		if source.AssumeRoleArn != "" {
+			creds := stscreds.NewCredentials(s3Session, source.AssumeRoleArn)
+			s3Client = s3.New(s3Session, &aws.Config{Credentials: creds})
+		} else {
+			s3Client = s3.New(s3Session)
+		}
+
+		svc := s3Client
 
 		if source.UseV2Signing {
 			setv2Handlers(svc)
@@ -91,15 +102,15 @@ func FromSource(source models.Source) (Driver, error) {
 		return &GitDriver{
 			InitialVersion: initialVersion,
 
-			URI:                    source.URI,
-			Branch:                 source.Branch,
-			PrivateKey:             source.PrivateKey,
-			Username:               source.Username,
-			Password:               source.Password,
-			File:                   source.File,
-			GitUser:                source.GitUser,
-			CommitMessage:          source.CommitMessage,
-			SkipSSLVerification:    source.SkipSSLVerification,
+			URI:                 source.URI,
+			Branch:              source.Branch,
+			PrivateKey:          source.PrivateKey,
+			Username:            source.Username,
+			Password:            source.Password,
+			File:                source.File,
+			GitUser:             source.GitUser,
+			CommitMessage:       source.CommitMessage,
+			SkipSSLVerification: source.SkipSSLVerification,
 		}, nil
 
 	case models.DriverSwift:

diff --git a/models/models.go b/models/models.go
@@ -62,6 +62,7 @@ type Source struct {
 	Key                  string `json:"key"`
 	AccessKeyID          string `json:"access_key_id"`
 	SecretAccessKey      string `json:"secret_access_key"`
+	AssumeRoleArn        string `json:"assume_role_arn"`
 	SessionToken         string `json:"session_token"`
 	RegionName           string `json:"region_name"`
 	Endpoint             string `json:"endpoint"`