Merge pull request #5680 from alban-stourbe-wmx/feature/add-aws-profile-from-aws-credentials

Add loadConfig S3 based on AWS_PROFILE ~/.aws/credentials

Author: dogancanbakir

internal/runner/options.go

@@ -235,15 +235,25 @@ func validateMissingS3Options(options *types.Options) []string {
 	if options.AwsBucketName == "" {
 		missing = append(missing, "AWS_TEMPLATE_BUCKET")
 	}
-	if options.AwsAccessKey == "" {
-		missing = append(missing, "AWS_ACCESS_KEY")
-	}
-	if options.AwsSecretKey == "" {
-		missing = append(missing, "AWS_SECRET_KEY")
-	}
-	if options.AwsRegion == "" {
-		missing = append(missing, "AWS_REGION")
+	if options.AwsProfile == "" {
+		var missingCreds []string
+		if options.AwsAccessKey == "" {
+			missingCreds = append(missingCreds, "AWS_ACCESS_KEY")
+		}
+		if options.AwsSecretKey == "" {
+			missingCreds = append(missingCreds, "AWS_SECRET_KEY")
+		}
+		if options.AwsRegion == "" {
+			missingCreds = append(missingCreds, "AWS_REGION")
+		}
+
+		missing = append(missing, missingCreds...)
+
+		if len(missingCreds) > 0 {
+			missing = append(missing, "AWS_PROFILE")
+		}
 	}
+
 	return missing
 }
 
@@ -449,6 +459,7 @@ func readEnvInputVars(options *types.Options) {
 	options.AwsSecretKey = os.Getenv("AWS_SECRET_KEY")
 	options.AwsBucketName = os.Getenv("AWS_TEMPLATE_BUCKET")
 	options.AwsRegion = os.Getenv("AWS_REGION")
+	options.AwsProfile = os.Getenv("AWS_PROFILE")
 
 	// Azure options for downloading templates from an Azure Blob Storage container
 	options.AzureContainerName = os.Getenv("AZURE_CONTAINER_NAME")

pkg/external/customtemplates/s3.go

@@ -62,7 +62,7 @@ func (bk *customTemplateS3Bucket) Update(ctx context.Context) {
 func NewS3Providers(options *types.Options) ([]*customTemplateS3Bucket, error) {
 	providers := []*customTemplateS3Bucket{}
 	if options.AwsBucketName != "" && !options.AwsTemplateDisableDownload {
-		s3c, err := getS3Client(context.TODO(), options.AwsAccessKey, options.AwsSecretKey, options.AwsRegion)
+		s3c, err := getS3Client(context.TODO(), options.AwsAccessKey, options.AwsSecretKey, options.AwsRegion, options.AwsProfile)
 		if err != nil {
 			return nil, errorutil.NewWithErr(err).Msgf("error downloading s3 bucket %s", options.AwsBucketName)
 		}
@@ -104,10 +104,24 @@ func downloadToFile(downloader *manager.Downloader, targetDirectory, bucket, key
 	return err
 }
 
-func getS3Client(ctx context.Context, accessKey string, secretKey string, region string) (*s3.Client, error) {
-	cfg, err := config.LoadDefaultConfig(ctx, config.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(accessKey, secretKey, "")), config.WithRegion(region))
-	if err != nil {
-		return nil, err
+func getS3Client(ctx context.Context, accessKey string, secretKey string, region string, profile string) (*s3.Client, error) {
+	var cfg aws.Config
+	var err error
+	if profile != "" {
+		cfg, err = config.LoadDefaultConfig(ctx, config.WithSharedConfigProfile(profile))
+		if err != nil {
+			return nil, err
+		}
+	} else if accessKey != "" && secretKey != "" {
+		cfg, err = config.LoadDefaultConfig(ctx, config.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(accessKey, secretKey, "")), config.WithRegion(region))
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		cfg, err = config.LoadDefaultConfig(ctx)
+		if err != nil {
+			return nil, err
+		}
 	}
 	return s3.NewFromConfig(cfg), nil
 }

pkg/types/types.go

@@ -345,6 +345,8 @@ type Options struct {
 	GitLabTemplateRepositoryIDs []int
 	// GitLabTemplateDisableDownload disables downloading templates from custom GitLab repositories
 	GitLabTemplateDisableDownload bool
+	// AWS access profile from ~/.aws/credentials file for downloading templates from S3 bucket
+	AwsProfile string
 	// AWS access key for downloading templates from S3 bucket
 	AwsAccessKey string
 	// AWS secret key for downloading templates from S3 bucket