Skip to content

Commit

Permalink
fix(cli): missing ROLE env vars support on the cli
Browse files Browse the repository at this point in the history 
relate to aws/aws-cli#5639
  • Loading branch information
@tchiotludo
tchiotludo committed Dec 12, 2024
1 parent 415ac38 commit d997c52
Showing 1 changed file with 45 additions and 3 deletions.
48 changes: 45 additions & 3 deletions src/main/java/io/kestra/plugin/aws/cli/AwsCLI.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@
import io.kestra.core.runners.RunContext;
import io.kestra.plugin.aws.AbstractConnection;
import io.kestra.plugin.scripts.exec.scripts.models.DockerOptions;
import io.kestra.plugin.scripts.exec.scripts.models.RunnerType;
import io.kestra.plugin.scripts.exec.scripts.models.ScriptOutput;
import io.kestra.plugin.scripts.exec.scripts.runners.CommandsWrapper;
import io.kestra.plugin.scripts.runner.docker.Docker;
Expand All @@ -21,6 +20,7 @@
import lombok.*;
import lombok.experimental.SuperBuilder;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
Expand Down Expand Up @@ -140,8 +140,33 @@ public class AwsCLI extends AbstractConnection implements RunnableTask<ScriptOut

private List<String> outputFiles;

private CredentialSource stsCredentialSource;

@Override
public ScriptOutput run(RunContext runContext) throws Exception {
List<String> allCommands = new ArrayList<>(this.commands);

// hack for missing env vars supports: https://github.com/aws/aws-cli/issues/5639
if (this.stsRoleArn != null) {
allCommands.add("aws configure set role_arn " + runContext.render(this.stsRoleArn));
}

if (this.stsRoleSessionName != null) {
allCommands.add("aws configure set role_session_name " + runContext.render(this.stsRoleSessionName));
}

if (this.stsRoleExternalId != null) {
allCommands.add("aws configure set external_id " + runContext.render(this.stsRoleExternalId));
}

if (this.stsRoleSessionDuration != null) {
allCommands.add("aws configure set duration_seconds " + stsRoleSessionDuration.getSeconds());
}

if (this.stsCredentialSource != null) {
allCommands.add("aws configure set credential_source " + this.stsCredentialSource.value);
}

CommandsWrapper commands = new CommandsWrapper(runContext)
.withWarningOnStdErr(true)
.withDockerOptions(injectDefaults(getDocker()))
Expand All @@ -151,7 +176,7 @@ public ScriptOutput run(RunContext runContext) throws Exception {
ScriptService.scriptCommands(
List.of("/bin/sh", "-c"),
null,
this.commands)
allCommands)
)
.withEnv(this.getEnv(runContext))
.withNamespaceFiles(namespaceFiles)
Expand All @@ -165,7 +190,7 @@ private DockerOptions injectDefaults(DockerOptions original) {
if (original == null) {
return null;
}

var builder = original.toBuilder();
if (original.getImage() == null) {
builder.image(DEFAULT_IMAGE);
Expand All @@ -179,18 +204,23 @@ private DockerOptions injectDefaults(DockerOptions original) {

private Map<String, String> getEnv(RunContext runContext) throws IllegalVariableEvaluationException {
Map<String, String> envs = new HashMap<>();

if (this.accessKeyId != null) {
envs.put("AWS_ACCESS_KEY_ID", runContext.render(this.accessKeyId));
}

if (this.secretKeyId != null) {
envs.put("AWS_SECRET_ACCESS_KEY", runContext.render(this.secretKeyId));
}

if (this.region != null) {
envs.put("AWS_DEFAULT_REGION", this.region.as(runContext, String.class));
}

if (this.sessionToken != null) {
envs.put("AWS_SESSION_TOKEN", runContext.render(this.sessionToken));
}

if (this.endpointOverride != null) {
envs.put("AWS_ENDPOINT_URL", runContext.render(this.endpointOverride));
}
Expand All @@ -204,6 +234,18 @@ private Map<String, String> getEnv(RunContext runContext) throws IllegalVariable
return envs;
}

public enum CredentialSource {
ENVIRONMENT("Environment"),
EC2_INSTANCE_METADATA("Ec2InstanceMetadata"),
ECS_CONTAINER("EcsContainer");

private final String value;

CredentialSource(String value) {
this.value = value;
}
}

public enum OutputFormat {
JSON,
TEXT,
Expand Down

0 comments on commit d997c52

Please sign in to comment.