upload/aws: add support for session tokens

If a user uses a temporary access key for login, a session token is also
needed.

This commit adds support for it to the internal aws library and also
to the osbuild-upload-aws helper. Note that this doesn't affect the main
osbuild-composer executable nor the worker. Everything here should work
as before and session tokens are not supported. Something for a follow up
if anyone needs it.

Signed-off-by: Ondřej Budai <ondrej@budai.cz>

internal/boot/aws.go

@@ -13,6 +13,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/ec2"
+
 	"github.com/osbuild/osbuild-composer/internal/common"
 	"github.com/osbuild/osbuild-composer/internal/upload/awsupload"
 )
@@ -89,7 +90,7 @@ func wrapErrorf(innerError error, format string, a ...interface{}) error {
 // The s3 key is never returned - the same thing is done in osbuild-composer,
 // the user has no way of getting the s3 key.
 func UploadImageToAWS(c *awsCredentials, imagePath string, imageName string) error {
-	uploader, err := awsupload.New(c.Region, c.AccessKeyId, c.SecretAccessKey)
+	uploader, err := awsupload.New(c.Region, c.AccessKeyId, c.SecretAccessKey, "")
 	if err != nil {
 		return fmt.Errorf("cannot create aws uploader: %v", err)
 	}

internal/upload/awsupload/awsupload.go

@@ -21,9 +21,9 @@ type AWS struct {
 	s3       *s3.S3
 }
 
-func New(region, accessKeyID, accessKey string) (*AWS, error) {
+func New(region, accessKeyID, accessKey, sessionToken string) (*AWS, error) {
 	// Session credentials
-	creds := credentials.NewStaticCredentials(accessKeyID, accessKey, "")
+	creds := credentials.NewStaticCredentials(accessKeyID, accessKey, sessionToken)
 
 	// Create a Session with a custom region
 	sess, err := session.NewSession(&aws.Config{