diff --git a/commands/check.go b/commands/check.go index fa93368..72512d1 100644 --- a/commands/check.go +++ b/commands/check.go @@ -49,7 +49,7 @@ func (c *Check) Execute() error { return fmt.Errorf("invalid payload: %s", err) } - if req.Source.AwsAccessKeyId != "" && req.Source.AwsSecretAccessKey != "" && req.Source.AwsRegion != "" { + if req.Source.AwsRegion != "" { if !req.Source.AuthenticateToECR() { return fmt.Errorf("cannot authenticate with ECR") } diff --git a/commands/in.go b/commands/in.go index 3fc63d7..94d19d4 100644 --- a/commands/in.go +++ b/commands/in.go @@ -65,7 +65,7 @@ func (i *In) Execute() error { dest := i.args[1] - if req.Source.AwsAccessKeyId != "" && req.Source.AwsSecretAccessKey != "" && req.Source.AwsRegion != "" { + if req.Source.AwsRegion != "" { if !req.Source.AuthenticateToECR() { return fmt.Errorf("cannot authenticate with ECR") } diff --git a/commands/out.go b/commands/out.go index 04ce108..a2cb6a9 100644 --- a/commands/out.go +++ b/commands/out.go @@ -63,7 +63,7 @@ func (o *Out) Execute() error { src := o.args[1] - if req.Source.AwsAccessKeyId != "" && req.Source.AwsSecretAccessKey != "" && req.Source.AwsRegion != "" { + if req.Source.AwsRegion != "" { if !req.Source.AuthenticateToECR() { return fmt.Errorf("cannot authenticate with ECR") } diff --git a/types.go b/types.go index eaac9e2..01e2655 100644 --- a/types.go +++ b/types.go @@ -14,7 +14,6 @@ import ( "strings" "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/credentials/stscreds" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/ecr" @@ -55,13 +54,10 @@ type OutResponse struct { } type AwsCredentials struct { - AwsAccessKeyId string `json:"aws_access_key_id,omitempty"` - AwsSecretAccessKey string `json:"aws_secret_access_key,omitempty"` - AwsSessionToken string `json:"aws_session_token,omitempty"` - AwsRegion string `json:"aws_region,omitempty"` - AWSECRRegistryId string `json:"aws_ecr_registry_id,omitempty"` - AwsRoleArn string `json:"aws_role_arn,omitempty"` - AwsRoleArns []string `json:"aws_role_arns,omitempty"` + AwsRegion string `json:"aws_region,omitempty"` + AWSECRRegistryId string `json:"aws_ecr_registry_id,omitempty"` + AwsRoleArn string `json:"aws_role_arn,omitempty"` + AwsRoleArns []string `json:"aws_role_arns,omitempty"` } type BasicCredentials struct { @@ -307,10 +303,13 @@ func (source *Source) AuthenticateToECR() bool { return false } - mySession := session.Must(session.NewSession(&aws.Config{ - Region: aws.String(source.AwsRegion), - Credentials: credentials.NewStaticCredentials(source.AwsAccessKeyId, source.AwsSecretAccessKey, source.AwsSessionToken), - })) + mySession, err := session.NewSession(&aws.Config{ + Region: aws.String(source.AwsRegion), + }) + if err != nil { + logrus.Errorf("failed to authenticate with AWS: %s", err) + return false + } // Note: This implementation gives precedence to `aws_role_arn` since it // assumes that we've errored if both `aws_role_arn` and `aws_role_arns` diff --git a/types_test.go b/types_test.go index bb0c1c3..a7fab66 100644 --- a/types_test.go +++ b/types_test.go @@ -53,9 +53,7 @@ var _ = Describe("Source", func() { source := resource.Source{ Repository: "foo", AwsCredentials: resource.AwsCredentials{ - AwsAccessKeyId: "foo", - AwsSecretAccessKey: "bar", - AwsRegion: "us-east-1", + AwsRegion: "us-east-1", }, } @@ -69,10 +67,8 @@ var _ = Describe("Source", func() { source := resource.Source{ Repository: "foo", AwsCredentials: resource.AwsCredentials{ - AwsAccessKeyId: "foo", - AwsSecretAccessKey: "bar", - AwsRegion: "us-east-1", - AWSECRRegistryId: "012345678901", + AwsRegion: "us-east-1", + AWSECRRegistryId: "012345678901", }, }