particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

upload/aws: add support for session tokens

Browse source 
If a user uses a temporary access key for login, a session token is also
needed.

This commit adds support for it to the internal aws library and also
to the osbuild-upload-aws helper. Note that this doesn't affect the main
osbuild-composer executable nor the worker. Everything here should work
as before and session tokens are not supported. Something for a follow up
if anyone needs it.

Signed-off-by: Ondřej Budai <ondrej@budai.cz>
This commit is contained in:
Ondřej Budai 2021-06-25 16:22:54 +02:00 committed by Alexander Todorov
parent bb2f866470
commit 579a5df698
4 changed files with 10 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

5
cmd/osbuild-upload-aws/main.go
View file

@ -5,12 +5,14 @@ import (
"fmt"
"github.com/aws/aws-sdk-go/aws"
"github.com/osbuild/osbuild-composer/internal/upload/awsupload"
)
func main() {
var accessKeyID string
var secretAccessKey string
var sessionToken string
var region string
var bucketName string
var keyName string
@ -20,6 +22,7 @@ func main() {
var arch string
flag.StringVar(&accessKeyID, "access-key-id", "", "access key ID")
flag.StringVar(&secretAccessKey, "secret-access-key", "", "secret access key")
flag.StringVar(&sessionToken, "session-token", "", "session token")
flag.StringVar(&region, "region", "", "target region")
flag.StringVar(&bucketName, "bucket", "", "target S3 bucket name")
flag.StringVar(&keyName, "key", "", "target S3 key name")
@ -29,7 +32,7 @@ func main() {
flag.StringVar(&arch, "arch", "", "arch (x86_64 or aarch64)")
flag.Parse()
a, err := awsupload.New(region, accessKeyID, secretAccessKey)
a, err := awsupload.New(region, accessKeyID, secretAccessKey, sessionToken)
if err != nil {
println(err.Error())
return

4
cmd/osbuild-worker/jobimpl-osbuild.go
View file

@ -208,7 +208,7 @@ func (impl *OSBuildJobImpl) Run(job worker.Job) error {
osbuildJobResult.Success = true
osbuildJobResult.UploadStatus = "success"
case *target.AWSTargetOptions:
a, err := awsupload.New(options.Region, options.AccessKeyID, options.SecretAccessKey)
a, err := awsupload.New(options.Region, options.AccessKeyID, options.SecretAccessKey, "")
if err != nil {
appendTargetError(osbuildJobResult, err)
return nil
@ -244,7 +244,7 @@ func (impl *OSBuildJobImpl) Run(job worker.Job) error {
osbuildJobResult.Success = true
osbuildJobResult.UploadStatus = "success"
case *target.AWSS3TargetOptions:
a, err := awsupload.New(options.Region, options.AccessKeyID, options.SecretAccessKey)
a, err := awsupload.New(options.Region, options.AccessKeyID, options.SecretAccessKey, "")
if err != nil {
appendTargetError(osbuildJobResult, err)
return nil