Skip to content

Commit

Permalink
merge: #3036
Browse files Browse the repository at this point in the history
3036: feat(veritech): Support aws_session_token in veritech r=stack72 a=stack72

- Update CONTRIBUTORS.md
- Support aws_session_token in veritech
- fix(veritech): Ensure we check the correct environment variable for AWS_SESSION_TOKEN


Co-authored-by: Octogonapus <[email protected]>
Co-authored-by: stack72 <[email protected]>
  • Loading branch information
3 people authored Dec 8, 2023
2 parents 9e62996 + 04b2f8b commit a99e184
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 4 deletions.
1 change: 1 addition & 0 deletions CONTRIBUTORS.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,3 +29,4 @@ We contributors to System Initiative:
* Luca Palmieri (@LukeMathWalker)
* Sakshi Umredkar (@saakshii12)
* Justin Carter (@bodymindarts)
* Ryan Benasutti (@Octogonapus)
1 change: 1 addition & 0 deletions bin/veritech/docker-entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ write_aws_credentials() {
aws_access_key_id = ${AWS_ACCESS_KEY_ID:-}
aws_secret_access_key = ${AWS_SECRET_ACCESS_KEY:-}
EOF
if [ -n "${AWS_SESSION_TOKEN:-}" ]; then echo "aws_session_token = ${AWS_SESSION_TOKEN:-}" >>"$HOME/.aws/credentials"; fi
chmod 0600 "$HOME/.aws/credentials"

# Remove environment variables from veritech's environment
Expand Down
14 changes: 14 additions & 0 deletions lib/si-cli/src/cmd/configure.rs
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ async fn invoke(_is_preview: bool, reconfigure: bool) -> CliResult<()> {
println!("System Initiative needs some credentials in order to be able to interact with AWS and Docker.");
println!("The credentials are never sent back to System Initiative and can be inspected at the location:");
println!("{}\n", creds_path.display());
println!("After changing these credentials, restart System Initiative.");

if prompt_everything || raw_creds.aws_access_key_id.is_empty() {
let aws_access_key = Password::new("AWS Access Key ID")
Expand Down Expand Up @@ -69,6 +70,19 @@ async fn invoke(_is_preview: bool, reconfigure: bool) -> CliResult<()> {
}
}

if prompt_everything {
let session_token = Text::new("Set an AWS Session Token").prompt();

match session_token {
Ok(token) => {
raw_creds.aws_session_token = Some(token);
requires_rewrite = true;
}
Err(inquire::InquireError::OperationInterrupted) => return Err(SiCliError::CtrlC),
Err(_) => println!("Not setting an AWS Session Token"),
}
}

if prompt_everything {
let endpoint_url = Text::new("Set a Custom AWS Endpoint (e.g. Localstack)").prompt();

Expand Down
11 changes: 7 additions & 4 deletions lib/si-cli/src/key_management.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ use std::{fs, io};
pub struct Credentials {
pub aws_access_key_id: String,
pub aws_secret_access_key: String,
pub aws_session_token: Option<String>,
pub aws_endpoint_url: Option<String>,
pub docker_hub_user_name: Option<String>,
pub docker_hub_credential: Option<String>,
Expand Down Expand Up @@ -117,10 +118,12 @@ pub async fn format_credentials_for_veritech() -> CliResult<Vec<String>> {
raw_creds.aws_secret_access_key
));

if raw_creds.aws_endpoint_url.is_some() {
if let Some(url) = raw_creds.aws_endpoint_url {
creds.push(format!("AWS_ENDPOINT_URL={}", url));
}
if let Some(url) = raw_creds.aws_endpoint_url {
creds.push(format!("AWS_ENDPOINT_URL={}", url));
}

if let Some(token) = raw_creds.aws_session_token {
creds.push(format!("AWS_SESSION_TOKEN={}", token))
}

if raw_creds.docker_hub_user_name.is_some() && raw_creds.docker_hub_credential.is_some() {
Expand Down

0 comments on commit a99e184

Please sign in to comment.