From c35097fd52573d1b40a8422159d2d53d517d1bc5 Mon Sep 17 00:00:00 2001 From: Diaa Sami Date: Tue, 24 Aug 2021 17:53:04 +0200 Subject: [PATCH] Support for temporary credentials Handle session token so that temporary credentials are supported --- cmd/osbuild-worker/jobimpl-osbuild.go | 4 +- docs/news/unreleased/temp-aws-creds.md | 3 + internal/boot/aws.go | 3 +- internal/cloudapi/openapi.gen.go | 116 +++++++++++++------------ internal/cloudapi/openapi.yml | 6 ++ internal/cloudapi/server.go | 10 +++ internal/target/aws_target.go | 2 + internal/weldr/upload.go | 2 + 8 files changed, 88 insertions(+), 58 deletions(-) create mode 100644 docs/news/unreleased/temp-aws-creds.md diff --git a/cmd/osbuild-worker/jobimpl-osbuild.go b/cmd/osbuild-worker/jobimpl-osbuild.go index fb5e79058..a53dcef63 100644 --- a/cmd/osbuild-worker/jobimpl-osbuild.go +++ b/cmd/osbuild-worker/jobimpl-osbuild.go @@ -206,7 +206,7 @@ func (impl *OSBuildJobImpl) Run(job worker.Job) error { osbuildJobResult.Success = true osbuildJobResult.UploadStatus = "success" case *target.AWSTargetOptions: - a, err := awsupload.New(options.Region, options.AccessKeyID, options.SecretAccessKey, "") + a, err := awsupload.New(options.Region, options.AccessKeyID, options.SecretAccessKey, options.SessionToken) if err != nil { appendTargetError(osbuildJobResult, err) return nil @@ -242,7 +242,7 @@ func (impl *OSBuildJobImpl) Run(job worker.Job) error { osbuildJobResult.Success = true osbuildJobResult.UploadStatus = "success" case *target.AWSS3TargetOptions: - a, err := awsupload.New(options.Region, options.AccessKeyID, options.SecretAccessKey, "") + a, err := awsupload.New(options.Region, options.AccessKeyID, options.SecretAccessKey, options.SessionToken) if err != nil { appendTargetError(osbuildJobResult, err) return nil diff --git a/docs/news/unreleased/temp-aws-creds.md b/docs/news/unreleased/temp-aws-creds.md new file mode 100644 index 000000000..dc355a1d8 --- /dev/null +++ b/docs/news/unreleased/temp-aws-creds.md @@ -0,0 +1,3 @@ +# Support AWS temporary credentials + +When using AWS and AWS S3 targets, it is possible to use temporary AWS credentials by specifying a `SessionToken` in addition to the usual `AccessKeyId` and `SecretAccessKey` diff --git a/internal/boot/aws.go b/internal/boot/aws.go index c685fefae..976379398 100644 --- a/internal/boot/aws.go +++ b/internal/boot/aws.go @@ -21,6 +21,7 @@ import ( type awsCredentials struct { AccessKeyId string SecretAccessKey string + sessionToken string Region string Bucket string } @@ -90,7 +91,7 @@ func wrapErrorf(innerError error, format string, a ...interface{}) error { // The s3 key is never returned - the same thing is done in osbuild-composer, // the user has no way of getting the s3 key. func UploadImageToAWS(c *awsCredentials, imagePath string, imageName string) error { - uploader, err := awsupload.New(c.Region, c.AccessKeyId, c.SecretAccessKey, "") + uploader, err := awsupload.New(c.Region, c.AccessKeyId, c.SecretAccessKey, c.sessionToken) if err != nil { return fmt.Errorf("cannot create aws uploader: %v", err) } diff --git a/internal/cloudapi/openapi.gen.go b/internal/cloudapi/openapi.gen.go index b7cfd3a5a..450943356 100644 --- a/internal/cloudapi/openapi.gen.go +++ b/internal/cloudapi/openapi.gen.go @@ -42,15 +42,17 @@ type AWSUploadRequestOptions struct { type AWSUploadRequestOptionsEc2 struct { AccessKeyId string `json:"access_key_id"` SecretAccessKey string `json:"secret_access_key"` + SessionToken *string `json:"session_token,omitempty"` ShareWithAccounts *[]string `json:"share_with_accounts,omitempty"` SnapshotName *string `json:"snapshot_name,omitempty"` } // AWSUploadRequestOptionsS3 defines model for AWSUploadRequestOptionsS3. type AWSUploadRequestOptionsS3 struct { - AccessKeyId string `json:"access_key_id"` - Bucket string `json:"bucket"` - SecretAccessKey string `json:"secret_access_key"` + AccessKeyId string `json:"access_key_id"` + Bucket string `json:"bucket"` + SecretAccessKey string `json:"secret_access_key"` + SessionToken *string `json:"session_token,omitempty"` } // AWSUploadStatus defines model for AWSUploadStatus. @@ -1055,58 +1057,62 @@ func RegisterHandlers(router EchoRouter, si ServerInterface) { // Base64 encoded, gzipped, json marshaled Swagger object var swaggerSpec = []string{ - "H4sIAAAAAAAC/+xa+28bt5P/V4jtAW4B7UqW5JeAonUdN3Db2EHkpC0iw6CWIy2bXXJLci27gf73A1+r", - "fcmScynucPj+ZEt8zMxnhjMfDvU5iHmWcwZMyWDyOZBxAhk2/57/Pp2O3ucpx+Qd/F2AVDe5opyZwVzw", - "HISiYD4JWFLO9H/wiLM8hWASQBGuQKrwMOgF6inXX0klKFsG614gR3ryfwlYBJPgm/5Gh75ToH/++7RL", - "9nQUrNe9QMDfBRVAgslHL9xselfK4vO/IFZaVsWOqcKq6NC/EKn+01CzIUdP2rL/fihBPPxCqy/jYWC0", - "+T8Cc8/Y8gIwLq3pdTxwHIOU95/g6Z6SulXnv16dX91Mf755dX19cvnH+Zu3v112GgixAHW/2am+zeoX", - "nIo/3iv28+Wbq/6vJ29eXV6/7s/fPr5b0Is/3b6/Xv4Z9IIFFxlWwSTIsZQrLkinuAQLuF9RlWiRvHCH", - "phT4MTgcjsZHxyenZ4NDAxBVkMmO2Co3x0LgJ7M3w7lMuLpnOIO6GdlT6EfbWjXcVAe1C6EXuG06+le8", - "Ni/iT6BaNrqv/7fd/GJAS4OeRXZb7sEZrVuDMxoO4tPR4ORsdHJydHR2RMbzLlRemA6admU0KPfo1Pyf", - "QsB+mY1meAll4BKQsaBmbjAJrnEGiC+QSgAVZjcgyCyI0JVCWSEVmgMqGP27AESZmbikD8CQAMkLEQNa", - "Cl7k0YxdLZAWgqhEPKNKAUELwTOzRFgdewgjgRnhGeIM0BxLIIgzhNH791evEJUztgQGAisg0Uzns1oM", - "GsW6wE55jJWDu27gb24ErRIQYHQxuyCZ8CIlxjhvN2YEacilAgEkQrcJlSil7BOCxzzFlM1YwldIcZRS", - "qRBOU+QFy8mMJUrlctLvEx7LKKOx4JIvVBTzrA8sLGQ/Tmkfa7/1XX764YHC6nvzVRinNEyxAqm+wf/4", - "BHavBd2XQg4akOhggkI7uzsCrYPujYOe933dmXuA1fTOLS9izN65bV4biV25opiXKrgMVVfq6pVWqTrt", - "C5QZwxE5nQ/jEM+H43A8PhyFZ4P4KDw+HI4Gx3A6OINhl3YKGGbqGb20EnbSPlq1A0iihK9mTHG0oIwg", - "qvyRMscZveVC4XSfUPJhpOgDhIQKiBUXT/1FwQjOgCmcytZomPBVqHioRYfWigZuR/EJLI7mx+FhPFqE", - "Y4IHIT4eDsPBfHA8GI7OyAk52Zm6NiC23d0KysrR3ZHltmXoenbbJ1009K1s0KXChaZlEt6AwgQr3FaA", - "SyUA7mOeZVR1Bs63CZbJdz5+5gVNFXLTO4Iwx/EnvLR717d6a0ds9qEsTgtC2RJdX354dx5U2MxzlNLt", - "UZrT4jrr7Ri4QtOGIC6k4hn9B5cV6DkVLuqz172AUG3+vFCtiikSSMPTLpis21xdsZGwj/1Xepk3pMv4", - "amjU9GqJvHsOKVmkHUA1OdnhcASakYZwejYPD4dkFOLx0XE4Hh4fHx2Nx4PBYFDlRUVBd3MiSoK7jSrP", - "nxtZju4EzW3UfXzcPkZuKxjqgqvxXeHmOZdqKUC+kJdXEswuK6bVueteUEgQ+wfOewliv9Py+uLtfsRs", - "w7S7CzNmCB6pVPqQT2/Pr1+dv3uFpooLnQTiFEuJfjJbRE2i5D48Q9qfI4W3CVgmpzgqJKAFF67Q5Vwo", - "R5TMbYsgHWWFAnTJlpS5WhjN2G1ZF81GDR6p72iu8L2+eItywTV2PbRKaJxo/lhIIDPm5d5M3V62shrx", - "VpcIadLJFZI5xHRBtW6OYM7YQWxPgAhxTsNZMRiMYn2AzH9wgCwYXhzCslLNtdYvIaAbtt+GUptoxyuk", - "obRpRdNUQ1OCq3gVX82gHZ4POC02UGL9mRKzu6+hEZoCIE8e4pQXJFpyvkzBUAdpQ8ewin5JKh1zr4LY", - "MypmRapo6DT301GccglSaTX1JFvNZ+xbxx99eNrALJd9p2GOEy6BIVwonmFFY5ymT02QoXjB1b5B9XVZ", - "5AuPi7Eb+elaX7NLPZK7wteEZzRjlzhOfJAY1GPOFKb6tuKREr6oOzFIax6hD0YDm7UlwgImM4ZQiA50", - "ypl8hgzTlJL1wQSdM2Q+IUyIAKlDECskIBcgdfrZyIr1FqhhVoR+5gI59HroAKc0hh/dZ+3zg8hJliAe", - "aAzndt0LdbCi3RbbZGdPIVeJOW35jzjPZc5VtHSL/JqqSoYBvhQNZ7+/c2q9GhCQjDLZiQHhGaZs8tn+", - "1QLN8UTTgipA9lv0bS5ohsXTd23haWoFmsuyLh7W+1i5tU1ENkfvAHGBDho6dZ+650OTSrvGJgcdqAiz", - "pxnz+NZP00dT4yatqDCNklo87Ou8oBdYt7VhDnqBA7j65QuqeYNYPNO2KSvs17sU9AJXhVp9MyxjYAQz", - "Fc4FpiQcDUZHh6OdLKyyXW/XHaNGSts9KBEnVEGsCtEw5/H0+P54vL28268b7auu6fYOs4sC3Uxv9Sxj", - "aM4lVVx4vPdhUO/8oqcuJmdru2fXO9lYlWC1u2dVxGpgNFRvib3z3tgWWS8mzB901a4YuN8GtfBumlch", - "2y1B2tusyMy0wnRB9f0B09RCkQPTd0bTFaWp+9dqZv/3/S/96a4jUlwMdDwyLRqEXl/d+qd9G6N9IEvo", - "3HDr607rlDSvrp0HpTPPQM63jPgU0UHoUsCye0zSZUaOtg0x7A/qlnzXMfAAQjr+uKO5YoPYqL1ZtlG3", - "Z0EoddQxUjl37SsIluA8sEkSJYEkLBJAEmw7T5r+AFN9fSvua++ebtyr9+Gyz2W/dl0VaVe2yUDhlLJP", - "3VIzKgQXMloA4QK7NBpxsez7dT/oM/y9HQ9HQ83nh8fa7u/LhLhTBSMkpVK9WIlyZV2N0ZeoIRKZVZw+", - "5zwFzNqve3paV+GYNq6/zccgRR8M/Q5brzLZU2jfSkL7SLLXC5v2ctgZLu1o2cN6yiRdJo1XOiUK6LUA", - "6QVcLDFzXYXaguFgPBgNx+UayhQs7V1d8xcQbY2rXYNIg1tRfGdhrynSa4JcE1pBrGJtlyPr9azdY9y0", - "EDiDm0Uw+fhFL8fBurdz3ZafFexaua3rsVPi1oes9V0lZe4ulrdPOchtCdMDuB37bQX/y6H31Xt/yPdc", - "0aS/L4DYr9DQbpjIfoxBFIxtowX/Uzc5XXotf5X+sesqyuKVno9XMjK/eVjGuf6oTe3U0PTvWt41l5k6", - "hd2kCTPY+dONJnltpde8mKc0RlImyGaFrcxjs0bf1Xa/DG+9RHzYcIi6jXuTCz/xbr022XnB202WqWsC", - "KG4eMlwzjkmF09TeUWUU9AJ942SWPllDg/McxwmgYTQIHOkri+1qtYqwGTYV1q2V/d+uLi6vp5fhMBpE", - "icpSgzxVBqyb6U9GvOtyC2S6XQjntMKLJsGhKR05MD0wCUbRINIQ51glBpu+6xEa1LjsaMZeCMAKEEYM", - "VsjN7qGcaypEcZo+oZgz6bq0fIEkPIDAHgsDj2tbAo4T1zajAhHQS1wLzkQ8CPPpimipTi3rIJDqJ05M", - "iDkSZsp7nqfUttf6f0nrYHvWdr7A1N9z1vVA0BXYPh/nXPtB7zYcHH596eaNxAhvQG4noARLJBUWCoiJ", - "VVlkGdYs1jvFO08Pek/2P1OyNke7q7X+GpRtW5p8Y5rsyOU1xIXZMAUFxG/t3nDtYxtItEpAJSD0XMYV", - "ogqZnAkESM/4GqeSI01UkT4/mv9QzhCe80L5h/YiVVsdPvV5MMcCZ6DMC8XH7sdop6K3RXG0NL1+ygyN", - "U4m/KEwC9/Ra9XCv4q2v/iB11wqfwdcOn/Ju3AqfOi46AYxb4hU8qr55kq8LbhrS2vyK2fayF0KJFTD+", - "WgLes0+Mr1hNQC32bxvhu/UQmPuSvyk/exr8RLvhgjIqk/oZAASPOFa1oBagCsGAIAKaJEjEWfW3Pv6H", - "RLYnvi3gy9v8f0J+Z8hvHu3bYXNbdaN/OLM/1PJu/H93Elrhq+3GFXv1iXDFP/KIu4NQD8bXoG7svF+k", - "66e0XVnXzka/RErXB8LjItP21hVcOgWdDkjrUL7n+Aukwksd8KYroqlXL+hXGFvnufX7+heZTR+oZdaH", - "SovoX4pOL6LDhbilYjdA7Vnr9X8HAAD//+PGA9v9LgAA", + "H4sIAAAAAAAC/+xaeU8jNxv/Ktb0lWjVTCbk4IhUteFYmj0IJcDudkHImXmScZmxZ20PgV3x3V/5mGSu", + "kLDvVqpe9S9IbD/38fPjfHV8FieMApXC6X91hB9CjPW/g/fjcecyiRgOzuFzCkKOEkkY1YsJZwlwSUB/", + "4jAjjKr/4AHHSQRO34HUnYOQ7rbTcORjor4SkhM6c54ajuiozf/hMHX6zg/eUgbPCuAN3o/reI87ztNT", + "w+HwOSUcAqf/KWOuid4seLHJX+BLxSunx1himdbIn/JI/SmJWeKjNq2gv5mVwG9/o9bHftvR0vxDzNzQ", + "urzAGMdG9aI9sO+DELd38HhLgqJWgzfDwXA0fjU6Oj3dPf4weHf29rhWQfA5yNslpSKZ+Wsc8Q+Xkr46", + "fjf03uy+Ozo+PfEmZw/nU3L40dJ9c/zRaThTxmMsnb6TYCHmjAf17IQgjN5KdgclPwz+YJbe713MBr+3", + "ZqeHg7PH1w9fugfR4atXD+9Pj7dHZxezu96FDC9+fnU//0zfzM/90XDKz8OO7729YDuXR8Hj6/lodH98", + "dXb/9sMh5/xSBpSSQ0vcG95fbgcfL2ft86vB6wNM35LfJ93h7DxOzq86X/hd+v71aPaH2Bv++Sce3rcP", + "Pgxx+7w7imZ3B6f7k7vLo9PD1+QAJt7gQ/Tl4OCO7U62e9O/+IFo/+xf/CGTPzuHH9+/+nCyd9j78vmh", + "szuno+PufnweeT+P5N3wzclodzqod0aIOdzOiQyVQ1hqS8rCRp+c7Xan29vZ3dtvbevwIRJiUZN5C+KY", + "c/yoaVOciJDJW4pjKFo+fnSz1apUpSAuhlxd/LwgqMedvyWmJ6l/B7Kio/363yT4JyfBi8Nt4e5n425V", + "38IxKToAx8Rt+Xud1u5+Z3e319vvBd1JnRNf2ErKesXEWdColfxLymGzrkhiPINFWgcgfE70XqfvnOIY", + "EJsiGQJKNTUIkD7QREOJ4lRINAGUUvI5BUSo3jgj90ARB8FS7gOacZYmzWs6nCLFBBGBWEykhABNOYv1", + "EW5kbCCMOKYBixGjgCZYQIAYRRhdXg6PEBHXdAYUOJYQNK9VLyxkqBasztgR87G05i4q+NauoHkIHLQs", + "mgoSIUujQCuX6Y1pgJTJhQQOQRNdhESgiNA7BA9JhAm9piGbI8lQRIREOIpQxlj0r2koZSL6nhcwXzRj", + "4nMm2FQ2fRZ7QN1UeH5EPKz85tnq/es9gfkv+ivXj4gbYQlC/oC/ZOX9VjG6XTDZKplEBROkytn1EWgc", + "dKsd9Lzvi87cwFhl71yw1Mf03JI50RzrSls6WYhg63dRqOGREim/7RuE6UIv2Ju0fRdP2l23293uuPst", + "v+fubLc7rR3Ya+1Du046CRRT+YxcSgizaROpqgEkUMjm11QyNCU0QERmKaXTGZ0xLnG0SShlYSTJPbgB", + "4eBLxh+9aUoDHAOVOBKVVTdkc1cyV7F2jRYlu/X8XZj2Jjvutt+Zut0At1y80267rUlrp9Xu7Ae7we7a", + "0rU0YtXdlaDMpe6aKreqQher2ybloiRvjkCdCIcK0gt4BxIHWOKqAExIDnDrszgmsjZwfgyxCH/K4meS", + "kkgiu70mCBPs3+GZoV0kdWZWTPUh1I/SgNAZOj2+Oh84Oaz33HXE0lioU0GCT6ttYBtN1QR+KiSLyRe8", + "6EDPiXBY3P3UcAKi1J+kstIxeQiRu1dnJuM221dMJGyi/1AdyxSpUz4fGgW5KixvnrOUSKMaQ5UR63a7", + "Awqvu7C3P3G320HHxd3ejttt7+z0et1uq9Vq5VFjmpJgfUAHzs1SlOfzRixW1xrNEqpPH0tH860EQ5Fx", + "Pr5zN5eECTnjIF54a8kVmHVajPN7nxpOKoBvHjiXAvhm2XJyeLYZMFveQ+obM6YIHoiQKsnHF4PTo8H5", + "ERpLxlUR8CMsBDrQJJploGQ/PHOleQ4UXoRgkJxkKBWApozbRpcwLi1Q0nfRAKkoSyWgYzoj1PbC5jW9", + "WPRFTaiEI9UN1ja+k8MzlHCmbNdA85D4ocKPqYDgmmZ8R2NLy3RWzd7I0kQKdDKJRAI+mRIlmwWY13TL", + "NxnAXZwQ9zpttTq+SiD9H2whY4yMHcIi182V1C8BoEu0XzWlUtGs50DDQqc5iSJlmoVxJcvbVyFoa897", + "HKVLU2L1mQSaetZDm2gMgDLw4EcsDZozxmYRaOggTOhoVOEtQKVF7nkjNrSIcRpJ4lrJs+3Ij5gAIZWY", + "apPp5tf0R4sfs/A0gbk49pMysx8yARThVLIYS+LjKHosGxnSFww+SlBftUU2zeyi9UbZdiWvplKM5Lrw", + "1eHZvKbH2A+zINFW9xmVmKjbSmYpnjV1ywYpyZvoSktgqrZAmEP/miLkoi1VcvpfIcYkIsHTVh8NKNKf", + "EA4CDkKFIJaIQ8JBqPKz5OUrEqikVhO9YhxZ6zXQFo6ID7/Zz8rnW03LWQC/Jz4MzLkXymBYWxKreMeP", + "LpOhzrbkN5wkImGyObOHsjN5kTQCfKk1rP7ZnVPJVTJBEBMqam0QsBgT2v9q/iqGOj3ROCUSkPkW/Zhw", + "EmP++FOVeRQZhvqyrJqH8T6W9mzZIsvU20KMo62STPVZ93xoEmHOmOKgAhVh+nhNM/sWs+mT7nH9SlTo", + "QUkhHjZ1ntNwjNuqZnYajjVw/ssXdPMSsHhmbLPosN/vUtBwbBeqTBWx8IEGmEp3wjEJ3E6r09vurEVh", + "OXKNdXeMAiitzqC4HxIJvkx5SZ2HvZ3bne7q9m6+Lo2v6rabO8w6CDQaX6hdWtGECSIZz+y9CYI6zw49", + "1iE509szdL0WjeUBVnV6lrdYwRgl0StsbzJvrIqsFwPmK9W1cwpuRqAQ3mX1cmC7wkh5m6ax3pbqKai6", + "P2ASGVMkQNWdUU9FSWT/NZKZ/7P5l/p0UxMpNgZqHiinJUCvrm7enmdi1INgBrUEV74MVrKkfHWtTZTa", + "OgMJW7GSlYgaQBcBFvVrgszioLdqieIsUVfUu5qFe+DC4sc1wxUTxFrs5bGluA1jhIWMKkZyeVe9gmAB", + "1gPLIrEAkAFtcghCbCZPCv4AlZ66FXvKu3tL9yo6THhMeIXrKo/qqk0MEkeE3tVzjQnnjIvmFALGsS2j", + "TcZnXnbuV5XDv5h1t9NWeL69o/T+ZVEQ14qgmUREyBcLsThZFKPzLWLwUMQ5p08YiwDT6suw2lbXOMal", + "62/5qUySew2/3cqbVfzomrcS1zySbPQwpbzs1oZLNVo20J5QQWZh6Q1T8hQaFYM0HMZnmNqpQuFAu9Vt", + "ddrdxRlCJczMXV3hF+BVifNTg6Yybk7wtY29IEijbOQC05zFctrWObLYz6ozxuUIgVEYTZ3+p2/61YHz", + "1Fh7bsVPUtadXDX1WMtx5UPW002uZK5vlhePCYhVBTMz4Grbr2r43276rHtvbvINT5Th7wtMnJ1Qpl0i", + "kc0QA08pXQUL/lc3WVkaFX8t/GPO5YTFc7Ufz0VT/15m5ifqo1K1VkI9v6t4V19mihB2WSb0Yu3Pfsrg", + "tVJek3QSER8JESJTFVYij+UZdVdb/zK88hJxtcQQRR03BhfZxpunJ12dp6w6ZBnbIYBk+iHDDuOokDiK", + "zB1VNJ2Go26c1MAno6gzSLAfAmo3W44FfYtmO5/Pm1gv6w5rzwrv7fDw+HR87LabrWYo40hbnkhtrNH4", + "QLO3U26O9LQL4YTkcFHf2datIwGqFvpOp9lqKhMnWIbaNp6dEWqrMVEzjD3kgCUgjCjMkd3dQAlTUIjg", + "KHpEPqPCTmnZFAm4B44zW2jz2LElYD+0YzPCUQDqiB3B6YgHrj8NA8XVimUcBEIesECHmAVhur0nSUTM", + "eM37SxgHm1xb+wJTfM95KgaC6sDm+Thhyg+KWru1/f256zcSzbxkcrMBhVggITGXEOhYFWkcY4ViM6dk", + "zlOLmSe9ryR40qldN1o/AWnGlrre6CE7snUNMa4JRiAhyEjbN1zz2AYCzUOQIXC1lzKJiES6ZkIAQUP7", + "GkeCIQVUkcofhX8IowhPWCqzh/Y0kisdPs7qYII5jkHqF4pP9Y/RVsRMF8nQTM/6CdUwTobZRaHv2KfX", + "vIcbOW999wepm0r4tL53+CzuxpXwKdpFFYBuhb2EB+npJ/ki47IiFeJDasbLGRMSGAbd78Xgkt5RNqcF", + "BoXYvyiF78ok0Pel7Kb8bDZkGw3BKaFEhMUcAAQP2JeFoOYgU04hQAEokCAQo/nf+mQ/JDIz8VUBv7jN", + "/xvya0N++WhfDZuLvBuzhzPzQ63Mjf93mVAJX6U3zumrMsI2/2ZmcZsIxWA8ATky+14LO0+purIonYl+", + "gaTqDwHz01jpWxRwZgW0MiAlw+I9J7tASjxTAa+nIgp6NRwvh9hq8zajm73ILOdAFbWuciOivyk6MxY1", + "LsQVEesNVN319PTfAAAA//+aWSukOTEAAA==", } // GetSwagger returns the Swagger specification corresponding to the generated code diff --git a/internal/cloudapi/openapi.yml b/internal/cloudapi/openapi.yml index d62fd6077..5c5b52a1f 100644 --- a/internal/cloudapi/openapi.yml +++ b/internal/cloudapi/openapi.yml @@ -318,6 +318,9 @@ components: type: string format: password example: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY' + session_token: + type: string + example: 'AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4OlgkBN9bkUDNCJiBeb/AXlzBBko7b15fjrBs2+cTQtpZ3CYWFXG8C5zqx37wnOE49mRl/+OtkIKGO7fAE' bucket: type: string example: 'my-bucket' @@ -334,6 +337,9 @@ components: type: string format: password example: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY' + session_token: + type: string + example: 'AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4OlgkBN9bkUDNCJiBeb/AXlzBBko7b15fjrBs2+cTQtpZ3CYWFXG8C5zqx37wnOE49mRl/+OtkIKGO7fAE' snapshot_name: type: string example: 'my-snapshot' diff --git a/internal/cloudapi/server.go b/internal/cloudapi/server.go index 23c7e1381..645aab5ba 100644 --- a/internal/cloudapi/server.go +++ b/internal/cloudapi/server.go @@ -285,6 +285,7 @@ func (h *apiHandlers) Compose(ctx echo.Context) error { uploadRequest := ir.UploadRequest /* oneOf is not supported by the openapi generator so marshal and unmarshal the uploadrequest based on the type */ if uploadRequest.Type == UploadTypes_aws { + var sessionToken string var awsUploadOptions AWSUploadRequestOptions jsonUploadOptions, err := json.Marshal(uploadRequest.Options) if err != nil { @@ -300,11 +301,15 @@ func (h *apiHandlers) Compose(ctx echo.Context) error { share = *awsUploadOptions.Ec2.ShareWithAccounts } key := fmt.Sprintf("composer-api-%s", uuid.New().String()) + if awsUploadOptions.S3.SessionToken != nil { + sessionToken = *awsUploadOptions.S3.SessionToken + } t := target.NewAWSTarget(&target.AWSTargetOptions{ Filename: imageType.Filename(), Region: awsUploadOptions.Region, AccessKeyID: awsUploadOptions.S3.AccessKeyId, SecretAccessKey: awsUploadOptions.S3.SecretAccessKey, + SessionToken: sessionToken, Bucket: awsUploadOptions.S3.Bucket, Key: key, ShareWithAccounts: share, @@ -318,6 +323,7 @@ func (h *apiHandlers) Compose(ctx echo.Context) error { targets = append(targets, t) } else if uploadRequest.Type == UploadTypes_aws_s3 { var awsS3UploadOptions AWSS3UploadRequestOptions + var sessionToken string jsonUploadOptions, err := json.Marshal(uploadRequest.Options) if err != nil { return echo.NewHTTPError(http.StatusInternalServerError, "Unable to unmarshal aws upload request") @@ -328,11 +334,15 @@ func (h *apiHandlers) Compose(ctx echo.Context) error { } key := fmt.Sprintf("composer-api-%s", uuid.New().String()) + if awsS3UploadOptions.S3.SessionToken != nil { + sessionToken = *awsS3UploadOptions.S3.SessionToken + } t := target.NewAWSS3Target(&target.AWSS3TargetOptions{ Filename: imageType.Filename(), Region: awsS3UploadOptions.Region, AccessKeyID: awsS3UploadOptions.S3.AccessKeyId, SecretAccessKey: awsS3UploadOptions.S3.SecretAccessKey, + SessionToken: sessionToken, Bucket: awsS3UploadOptions.S3.Bucket, Key: key, }) diff --git a/internal/target/aws_target.go b/internal/target/aws_target.go index 095a31f78..72973882e 100644 --- a/internal/target/aws_target.go +++ b/internal/target/aws_target.go @@ -5,6 +5,7 @@ type AWSTargetOptions struct { Region string `json:"region"` AccessKeyID string `json:"accessKeyID"` SecretAccessKey string `json:"secretAccessKey"` + SessionToken string `json:"sessionToken"` Bucket string `json:"bucket"` Key string `json:"key"` ShareWithAccounts []string `json:"shareWithAccounts"` @@ -32,6 +33,7 @@ type AWSS3TargetOptions struct { Region string `json:"region"` AccessKeyID string `json:"accessKeyID"` SecretAccessKey string `json:"secretAccessKey"` + SessionToken string `json:"sessionToken"` Bucket string `json:"bucket"` Key string `json:"key"` } diff --git a/internal/weldr/upload.go b/internal/weldr/upload.go index eefb79e6c..099b07ad1 100644 --- a/internal/weldr/upload.go +++ b/internal/weldr/upload.go @@ -29,6 +29,7 @@ type awsUploadSettings struct { Region string `json:"region"` AccessKeyID string `json:"accessKeyID,omitempty"` SecretAccessKey string `json:"secretAccessKey,omitempty"` + SessionToken string `json:"sessionToken,omitempty"` Bucket string `json:"bucket"` Key string `json:"key"` } @@ -173,6 +174,7 @@ func uploadRequestToTarget(u uploadRequest, imageType distro.ImageType) *target. Region: options.Region, AccessKeyID: options.AccessKeyID, SecretAccessKey: options.SecretAccessKey, + SessionToken: options.SessionToken, Bucket: options.Bucket, Key: options.Key, }