diff --git a/internal/runner/options.go b/internal/runner/options.go index 2872b96a7a..397dce824f 100644 --- a/internal/runner/options.go +++ b/internal/runner/options.go @@ -229,15 +229,21 @@ func validateMissingS3Options(options *types.Options) []string { if options.AwsBucketName == "" { missing = append(missing, "AWS_TEMPLATE_BUCKET") } - if options.AwsAccessKey == "" { - missing = append(missing, "AWS_ACCESS_KEY") - } - if options.AwsSecretKey == "" { - missing = append(missing, "AWS_SECRET_KEY") + if options.AwsProfile == "" { + if options.AwsAccessKey == "" { + missing = append(missing, "AWS_ACCESS_KEY") + } + if options.AwsSecretKey == "" { + missing = append(missing, "AWS_SECRET_KEY") + } + if options.AwsRegion == "" { + missing = append(missing, "AWS_REGION") + } } - if options.AwsRegion == "" { - missing = append(missing, "AWS_REGION") + if (options.AwsAccessKey == "" || options.AwsSecretKey == "" || options.AwsRegion == "") && options.AwsProfile == "" { + missing = append(missing, "AWS_PROFILE") } + return missing } @@ -428,6 +434,7 @@ func readEnvInputVars(options *types.Options) { options.AwsSecretKey = os.Getenv("AWS_SECRET_KEY") options.AwsBucketName = os.Getenv("AWS_TEMPLATE_BUCKET") options.AwsRegion = os.Getenv("AWS_REGION") + options.AwsProfile = os.Getenv("AWS_PROFILE") // Azure options for downloading templates from an Azure Blob Storage container options.AzureContainerName = os.Getenv("AZURE_CONTAINER_NAME") diff --git a/pkg/external/customtemplates/s3.go b/pkg/external/customtemplates/s3.go index 74f1d0f8d4..1b14206e38 100644 --- a/pkg/external/customtemplates/s3.go +++ b/pkg/external/customtemplates/s3.go @@ -62,7 +62,7 @@ func (bk *customTemplateS3Bucket) Update(ctx context.Context) { func NewS3Providers(options *types.Options) ([]*customTemplateS3Bucket, error) { providers := []*customTemplateS3Bucket{} if options.AwsBucketName != "" && !options.AwsTemplateDisableDownload { - s3c, err := getS3Client(context.TODO(), options.AwsAccessKey, options.AwsSecretKey, options.AwsRegion) + s3c, err := getS3Client(context.TODO(), options.AwsAccessKey, options.AwsSecretKey, options.AwsRegion, options.AwsProfile) if err != nil { return nil, errorutil.NewWithErr(err).Msgf("error downloading s3 bucket %s", options.AwsBucketName) } @@ -104,10 +104,24 @@ func downloadToFile(downloader *manager.Downloader, targetDirectory, bucket, key return err } -func getS3Client(ctx context.Context, accessKey string, secretKey string, region string) (*s3.Client, error) { - cfg, err := config.LoadDefaultConfig(ctx, config.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(accessKey, secretKey, "")), config.WithRegion(region)) - if err != nil { - return nil, err +func getS3Client(ctx context.Context, accessKey string, secretKey string, region string, profile string) (*s3.Client, error) { + var cfg aws.Config + var err error + if profile != "" { + cfg, err = config.LoadDefaultConfig(ctx, config.WithSharedConfigProfile(profile)) + if err != nil { + return nil, err + } + } else if accessKey != "" && secretKey != "" { + cfg, err = config.LoadDefaultConfig(ctx, config.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(accessKey, secretKey, "")), config.WithRegion(region)) + if err != nil { + return nil, err + } + } else { + cfg, err = config.LoadDefaultConfig(ctx) + if err != nil { + return nil, err + } } return s3.NewFromConfig(cfg), nil } diff --git a/pkg/types/types.go b/pkg/types/types.go index 9cc88f49ff..65125816d2 100644 --- a/pkg/types/types.go +++ b/pkg/types/types.go @@ -335,6 +335,8 @@ type Options struct { GitLabTemplateRepositoryIDs []int // GitLabTemplateDisableDownload disables downloading templates from custom GitLab repositories GitLabTemplateDisableDownload bool + // AWS access profile from ~/.aws/credentials file for downloading templates from S3 bucket + AwsProfile string // AWS access key for downloading templates from S3 bucket AwsAccessKey string // AWS secret key for downloading templates from S3 bucket