Loading credentials from env_file parameter

2024-06-03 04:49:42 +02:00 · 2019-11-25 16:28:33 +01:00 · 2019-11-25 16:28:33 +01:00 · 22f9a710f1
commit 22f9a710f1
parent 5ce27e882f
2 changed files with 20 additions and 8 deletions
--- a/main.go
+++ b/main.go
@ -5,7 +5,6 @@ import (
 	"os"

 	"github.com/Sirupsen/logrus"
-	"github.com/joho/godotenv"
 	"github.com/urfave/cli"
 )

@ -35,8 +34,9 @@ func main() {
 			EnvVar: "PLUGIN_CA_CERT",
 		},
 		cli.StringFlag{
-			Name:  "env-file",
-			Usage: "source env file",
+			Name:   "env_file",
+			Usage:  "pass filename to source it and load variables into current shell",
+			EnvVar: "PLUGIN_ENV_FILE",
 		},
 		cli.StringFlag{
 			Name:   "init_options",
@ -125,10 +125,6 @@ func run(c *cli.Context) error {
 		"Revision": revision,
 	}).Info("Drone Terraform Plugin Version")

-	if c.String("env-file") != "" {
-		_ = godotenv.Load(c.String("env-file"))
-	}
-
 	var vars map[string]string
 	if c.String("vars") != "" {
 		if err := json.Unmarshal([]byte(c.String("vars")), &vars); err != nil {
@ -161,6 +157,7 @@ func run(c *cli.Context) error {
 			Parallelism:      c.Int("parallelism"),
 			Targets:          c.StringSlice("targets"),
 			VarFiles:         c.StringSlice("var_files"),
+			EnvFile:          c.String("env_file"),
 			TerraformDataDir: c.String("tf_data_dir"),
 		},
 		Netrc: Netrc{
--- a/plugin.go
+++ b/plugin.go
@ -16,6 +16,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/sts"
+	"github.com/joho/godotenv"
 )

 type (
@ -33,6 +34,7 @@ type (
 		Parallelism      int
 		Targets          []string
 		VarFiles         []string
+		EnvFile          string
 		TerraformDataDir string
 	}

@ -77,6 +79,10 @@ func (p Plugin) Exec() error {
 		}
 	}

+	if p.Config.EnvFile != "" {
+		_ = godotenv.Load(p.Config.EnvFile)
+	}
+
 	if p.Config.RoleARN != "" {
 		assumeRole(p.Config.RoleARN)
 	}
@ -169,7 +175,14 @@ func CopyTfEnv() {
 	}
 }

-func assumeRole(roleArn string) {
+func assumeRole(roleArn string) bool {
+	awsTokens := []string{"AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"}
+	for _, token := range awsTokens {
+		if os.Getenv(token) != "" {
+			return true
+		}
+	}
+
 	client := sts.New(session.New())
 	duration := time.Hour * 1
 	stsProvider := &stscreds.AssumeRoleProvider{
@ -188,6 +201,8 @@ func assumeRole(roleArn string) {
 	os.Setenv("AWS_ACCESS_KEY_ID", value.AccessKeyID)
 	os.Setenv("AWS_SECRET_ACCESS_KEY", value.SecretAccessKey)
 	os.Setenv("AWS_SESSION_TOKEN", value.SessionToken)
+
+	return true
 }

 func deleteCache(terraformDataDir string) *exec.Cmd {