From d98cd41a5a87c4495106032332b1f2f32dcacf85 Mon Sep 17 00:00:00 2001 From: Igor Zibarev Date: Mon, 16 Oct 2017 14:51:51 +0300 Subject: [PATCH 1/2] Add AWS_PROFILE support --- pkg/awsutil/config.go | 14 +++++++++----- pkg/dotaws/config.go | 10 ++++++++-- pkg/dotaws/credentials.go | 9 +++++++-- 3 files changed, 24 insertions(+), 9 deletions(-) diff --git a/pkg/awsutil/config.go b/pkg/awsutil/config.go index a55ea10c..f0460f76 100644 --- a/pkg/awsutil/config.go +++ b/pkg/awsutil/config.go @@ -13,7 +13,9 @@ import ( const ( envAwsAccessKeyID = "AWS_ACCESS_KEY_ID" envAwsSecretAccessKey = "AWS_SECRET_ACCESS_KEY" - envAWsDefaultRegion = "AWS_DEFAULT_REGION" + envAwsDefaultRegion = "AWS_DEFAULT_REGION" + + envAwsProfile = "AWS_PROFILE" ) var ( @@ -27,14 +29,16 @@ var ( // Config returns AWS config with credentials and parameters taken from // environment and/or from ~/.aws/* files. func Config() (*aws.Config, error) { + profile := os.Getenv(envAwsProfile) + if os.Getenv(envAwsAccessKeyID) == "" && os.Getenv(envAwsSecretAccessKey) == "" { - if err := dotaws.ParseCredentials(); err != nil { + if err := dotaws.ParseCredentials(profile); err != nil { return nil, errors.Wrap(err, "failed to parse aws credentials file") } } - if os.Getenv(envAWsDefaultRegion) == "" { - if err := dotaws.ParseConfig(); err != nil { + if os.Getenv(envAwsDefaultRegion) == "" { + if err := dotaws.ParseConfig(profile); err != nil { return nil, errors.Wrap(err, "failed to parse aws config file") } } @@ -47,7 +51,7 @@ func Config() (*aws.Config, error) { ), DisableSSL: aws.Bool(awsDisableSSL == "true"), Endpoint: aws.String(awsEndpoint), - Region: aws.String(os.Getenv(envAWsDefaultRegion)), + Region: aws.String(os.Getenv(envAwsDefaultRegion)), S3ForcePathStyle: aws.Bool(true), }, nil } diff --git a/pkg/dotaws/config.go b/pkg/dotaws/config.go index 2272f640..f4db6d78 100644 --- a/pkg/dotaws/config.go +++ b/pkg/dotaws/config.go @@ -1,6 +1,7 @@ package dotaws import ( + "fmt" "os" "github.com/go-ini/ini" @@ -13,7 +14,7 @@ const ( envAWsDefaultRegion = "AWS_DEFAULT_REGION" ) -func ParseConfig() error { +func ParseConfig(profile string) error { f, err := os.Open(os.ExpandEnv(configFile)) if err != nil { if err == os.ErrNotExist { @@ -27,7 +28,12 @@ func ParseConfig() error { return errors.Wrapf(err, "failed to load file %s as ini", configFile) } - sec, err := il.GetSection("default") + sectionName := "default" + if profile != "" { + sectionName = fmt.Sprintf("profile %s", profile) + } + + sec, err := il.GetSection(sectionName) if err != nil { return errors.Wrap(err, `aws config file has no "default" section`) } diff --git a/pkg/dotaws/credentials.go b/pkg/dotaws/credentials.go index 5ccb2c2a..800716e1 100644 --- a/pkg/dotaws/credentials.go +++ b/pkg/dotaws/credentials.go @@ -14,7 +14,7 @@ const ( envAwsSecretAccessKey = "AWS_SECRET_ACCESS_KEY" ) -func ParseCredentials() error { +func ParseCredentials(profile string) error { f, err := os.Open(os.ExpandEnv(credentialsFile)) if err != nil { if err == os.ErrNotExist { @@ -28,7 +28,12 @@ func ParseCredentials() error { return errors.Wrapf(err, "failed to load file %s as ini", credentialsFile) } - sec, err := il.GetSection("default") + sectionName := "default" + if profile != "" { + sectionName = profile + } + + sec, err := il.GetSection(sectionName) if err != nil { return errors.Wrap(err, `aws credentials file has no "default" section`) } From 8e2ea70d60ec33072d65b045437ad7545d953ecf Mon Sep 17 00:00:00 2001 From: Igor Zibarev Date: Mon, 16 Oct 2017 14:57:03 +0300 Subject: [PATCH 2/2] Document AWS_PROFILE support --- README.md | 7 ++++++- plugin.yaml | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a4efd3c9..94a86ed0 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,12 @@ Two options are available: 1) The plugin is able to read AWS default environment variables: `$AWS_ACCESS_KEY_ID`, `$AWS_SECRET_ACCESS_KEY` and `$AWS_DEFAULT_REGION`. 2) If you already using `aws-cli`, you may already have files `$HOME/.aws/credentials` and `$HOME/.aws/config`. -If so, you are good to go - the plugin can read your credentials from those files. +If so, you are good to go - the plugin can read your credentials from those files. +In case of multiple profiles, the plugin also understands `AWS_PROFILE` environment variable. +Use it to let plugin select specific profile, or leave it to use **default** profile. Example: + + $ export AWS_PROFILE=app-dev + $ helm repo add myrepo s3://app-dev-bucket/charts To minimize security issues, remember to configure your IAM user policies properly - the plugin requires only S3 Read access on specific bucket. diff --git a/plugin.yaml b/plugin.yaml index 303892db..774f3662 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -1,5 +1,5 @@ name: "s3" -version: "0.4.0" +version: "0.4.1" usage: "The plugin allows to use s3 protocol to upload, fetch charts and to work with repositories." description: |- Provides AWS S3 protocol support.