From 2aaf91a1b11359ae54ddd1821eb82f69ab63ff9c Mon Sep 17 00:00:00 2001 From: Alper Rifat Ulucinar Date: Wed, 13 Oct 2021 15:57:43 +0300 Subject: [PATCH] Pass AWS credentials as environment variables Signed-off-by: Alper Rifat Ulucinar --- go.mod | 2 +- go.sum | 4 ++-- internal/clients/aws.go | 19 ++++++++++++++++--- 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 285a118d0..8167bef40 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.16 require ( github.com/aws/aws-sdk-go-v2 v0.23.0 - github.com/crossplane-contrib/terrajet v0.1.0 + github.com/crossplane-contrib/terrajet v0.1.1-0.20211013144440-cea951a7b6a0 github.com/crossplane/crossplane-runtime v0.15.1-0.20211004150827-579c1833b513 github.com/crossplane/crossplane-tools v0.0.0-20210916125540-071de511ae8e github.com/crossplane/provider-aws v0.19.0 diff --git a/go.sum b/go.sum index c6651038a..672ca58e0 100644 --- a/go.sum +++ b/go.sum @@ -176,8 +176,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsr github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/crossplane-contrib/terrajet v0.1.0 h1:V1NAIzneLEGBsO8xoPhksTAu1T6dYmvEZ2no/c9lE+A= -github.com/crossplane-contrib/terrajet v0.1.0/go.mod h1:qqmEllC3g+ZYm5uMXu3Hc/mzmWftlujtn+BeO3Ez108= +github.com/crossplane-contrib/terrajet v0.1.1-0.20211013144440-cea951a7b6a0 h1:Vj+OJt+JHK6XhvxjMKdCS0gqoI84aCQV/gOonU4wFoM= +github.com/crossplane-contrib/terrajet v0.1.1-0.20211013144440-cea951a7b6a0/go.mod h1:qqmEllC3g+ZYm5uMXu3Hc/mzmWftlujtn+BeO3Ez108= github.com/crossplane/crossplane-runtime v0.14.0/go.mod h1:Bc54/KBvV9ld/tvervcnhcSzk13FYguTqmYt72Mybps= github.com/crossplane/crossplane-runtime v0.15.1-0.20211004150827-579c1833b513 h1:Sk3QurYYpy8x3c0DvTh9iGYFSv8WgdhnjCalNqNqlRI= github.com/crossplane/crossplane-runtime v0.15.1-0.20211004150827-579c1833b513/go.mod h1:gKix9Gq5kRzVe/4XOpwlFgG7OurzrYayviJxWZakhw0= diff --git a/internal/clients/aws.go b/internal/clients/aws.go index 993ca097f..40cab3707 100644 --- a/internal/clients/aws.go +++ b/internal/clients/aws.go @@ -2,6 +2,7 @@ package clients import ( "context" + "fmt" "github.com/aws/aws-sdk-go-v2/aws" "github.com/crossplane-contrib/terrajet/pkg/terraform" @@ -17,6 +18,15 @@ import ( "github.com/crossplane-contrib/provider-tf-aws/apis/v1alpha1" ) +const ( + // AWS credentials environment variable names + envSessionToken = "AWS_SESSION_TOKEN" + envAccessKeyID = "AWS_ACCESS_KEY_ID" + envSecretAccessKey = "AWS_SECRET_ACCESS_KEY" + + fmtEnvVar = "%s=%s" +) + // TerraformSetupBuilder returns Terraform setup with provider specific // configuration like provider credentials used to connect to cloud APIs in the // expected form of a Terraform provider. @@ -73,11 +83,14 @@ func TerraformSetupBuilder(version, providerSource, providerVersion string) terr // e.g. what about setting an assume_role section: https://registry.terraform.io/providers/hashicorp/aws/latest/docs#argument-reference tfCfg := map[string]interface{}{} tfCfg["region"] = awsConf.Region - tfCfg["access_key"] = creds.AccessKeyID - tfCfg["secret_key"] = creds.SecretAccessKey - tfCfg["token"] = creds.SessionToken ps.Configuration = tfCfg + // set credentials environment + ps.Env = []string{ + fmt.Sprintf(fmtEnvVar, envAccessKeyID, creds.AccessKeyID), + fmt.Sprintf(fmtEnvVar, envSecretAccessKey, creds.SecretAccessKey), + fmt.Sprintf(fmtEnvVar, envSessionToken, creds.SessionToken), + } return ps, err }