Skip to content

Commit

Permalink
Use ECR when only aws_region is set
Browse files Browse the repository at this point in the history
This allows ECR to be used if a role is already assumed. Fixes concourse#94

Signed-off-by: Will Tran <[email protected]>
  • Loading branch information
Will Tran authored and rymir committed Aug 26, 2021
1 parent 63e5d52 commit 0c242a4
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 7 deletions.
2 changes: 1 addition & 1 deletion commands/check.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ func (c *Check) Execute() error {
return fmt.Errorf("invalid payload: %s", err)
}

if req.Source.AwsAccessKeyId != "" && req.Source.AwsSecretAccessKey != "" && req.Source.AwsRegion != "" {
if req.Source.AwsRegion != "" {
if !req.Source.AuthenticateToECR() {
return fmt.Errorf("cannot authenticate with ECR")
}
Expand Down
2 changes: 1 addition & 1 deletion commands/in.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ func (i *In) Execute() error {

dest := i.args[1]

if req.Source.AwsAccessKeyId != "" && req.Source.AwsSecretAccessKey != "" && req.Source.AwsRegion != "" {
if req.Source.AwsRegion != "" {
if !req.Source.AuthenticateToECR() {
return fmt.Errorf("cannot authenticate with ECR")
}
Expand Down
2 changes: 1 addition & 1 deletion commands/out.go
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ func (o *Out) Execute() error {

src := o.args[1]

if req.Source.AwsAccessKeyId != "" && req.Source.AwsSecretAccessKey != "" && req.Source.AwsRegion != "" {
if req.Source.AwsRegion != "" {
if !req.Source.AuthenticateToECR() {
return fmt.Errorf("cannot authenticate with ECR")
}
Expand Down
16 changes: 12 additions & 4 deletions types.go
Original file line number Diff line number Diff line change
Expand Up @@ -285,10 +285,18 @@ func (source *Source) AuthenticateToECR() bool {
return false
}

mySession := session.Must(session.NewSession(&aws.Config{
Region: aws.String(source.AwsRegion),
Credentials: credentials.NewStaticCredentials(source.AwsAccessKeyId, source.AwsSecretAccessKey, source.AwsSessionToken),
}))
var sessionConfig aws.Config
if source.AwsAccessKeyId != "" && source.AwsSecretAccessKey != "" {
sessionConfig = aws.Config{
Region: aws.String(source.AwsRegion),
Credentials: credentials.NewStaticCredentials(source.AwsAccessKeyId, source.AwsSecretAccessKey, ""),
}
} else {
sessionConfig = aws.Config{
Region: aws.String(source.AwsRegion),
}
}
mySession := session.Must(session.NewSession(&sessionConfig))

// Note: This implementation gives precedence to `aws_role_arn` since it
// assumes that we've errored if both `aws_role_arn` and `aws_role_arns`
Expand Down

0 comments on commit 0c242a4

Please sign in to comment.