From b5b34938c5ff651c4d3df01b0d51cb887e9278e8 Mon Sep 17 00:00:00 2001 From: Joe Walton Date: Wed, 24 Apr 2019 13:31:46 +0100 Subject: [PATCH 1/2] Add Assume Role Option For ECR Pushes --- cmd/drone-ecr/main.go | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/cmd/drone-ecr/main.go b/cmd/drone-ecr/main.go index 0df3fac..0fda28d 100644 --- a/cmd/drone-ecr/main.go +++ b/cmd/drone-ecr/main.go @@ -12,6 +12,7 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/aws/credentials/stscreds" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/ecr" ) @@ -27,6 +28,7 @@ func main() { create = parseBoolOrDefault(false, getenv("PLUGIN_CREATE_REPOSITORY", "ECR_CREATE_REPOSITORY")) lifecyclePolicy = getenv("PLUGIN_LIFECYCLE_POLICY") repositoryPolicy = getenv("PLUGIN_REPOSITORY_POLICY") + assumeRole = getenv("PLUGIN_ASSUME_ROLE") ) // set the region @@ -42,12 +44,12 @@ func main() { } sess, err := session.NewSession(&aws.Config{Region: ®ion}) - + if err != nil { log.Fatal(fmt.Sprintf("error creating aws session: %v", err)) } - svc := ecr.New(sess) + svc := getECRClient(sess, assumeRole) username, password, registry, err := getAuthInfo(svc) if err != nil { log.Fatal(fmt.Sprintf("error getting ECR auth: %v", err)) @@ -178,3 +180,11 @@ func getenv(key ...string) (s string) { } return } + +func getECRClient(sess *session.Session, role string) *ecr.ECR { + if role == "" { + return ecr.New(sess) + } + creds := stscreds.NewCredentials(sess, role) + return ecr.New(sess, &aws.Config{Credentials: creds}) +} From 2184682042dc0e3eab93bb112746a55100e082e2 Mon Sep 17 00:00:00 2001 From: Joe Walton Date: Mon, 14 Oct 2019 10:20:32 +0100 Subject: [PATCH 2/2] Apply suggestions from code review Co-Authored-By: Lauris BH --- cmd/drone-ecr/main.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/drone-ecr/main.go b/cmd/drone-ecr/main.go index 0fda28d..7a66f97 100644 --- a/cmd/drone-ecr/main.go +++ b/cmd/drone-ecr/main.go @@ -44,7 +44,6 @@ func main() { } sess, err := session.NewSession(&aws.Config{Region: ®ion}) - if err != nil { log.Fatal(fmt.Sprintf("error creating aws session: %v", err)) } @@ -185,6 +184,7 @@ func getECRClient(sess *session.Session, role string) *ecr.ECR { if role == "" { return ecr.New(sess) } - creds := stscreds.NewCredentials(sess, role) - return ecr.New(sess, &aws.Config{Credentials: creds}) + return ecr.New(sess, &aws.Config{ + Credentials: stscreds.NewCredentials(sess, role), + }) }