Support ElasticBeanstalk optional session token

It's used in some authentication scenarios like Amazon AWS-Educate
travis-ci · Oct 4, 2020 · ea63c33 · ea63c33
1 parent 598b6f5
commit ea63c33
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 2 deletions.
diff --git a/lib/dpl/providers/elasticbeanstalk.rb b/lib/dpl/providers/elasticbeanstalk.rb
@@ -28,6 +28,7 @@ class Elasticbeanstalk < Provider
 
       opt '--access_key_id ID', 'AWS Access Key ID', required: true, secret: true
       opt '--secret_access_key KEY', 'AWS Secret Key', required: true, secret: true
+      opt '--session_token TOKEN', 'AWS Session Token', required: false, secret: true
       opt '--region REGION', 'AWS Region the Elastic Beanstalk app is running in', default: 'us-east-1'
       opt '--app NAME', 'Elastic Beanstalk application name', default: :repo_name
       opt '--env NAME', 'Elastic Beanstalk environment name to be updated.'
@@ -40,7 +41,7 @@ class Elasticbeanstalk < Provider
       opt '--wait_until_deployed_timeout SEC', 'How many seconds to wait for Elastic Beanstalk deployment update.', type: :integer, default: 600
       opt '--debug', internal: true
 
-      msgs login:   'Using Access Key: %{access_key_id}',
+      msgs login:   'Using Access Key: %{access_key_id}%{session_token ? ", Session Token: "+session_token : ""}',
            zip_add: 'Adding %s'
 
       msgs clean_description: 'Removed non-printable characters from the version description'
@@ -171,7 +172,7 @@ def environment
       end
 
       def credentials
-        Aws::Credentials.new(access_key_id, secret_access_key)
+        Aws::Credentials.new(access_key_id, secret_access_key, session_token)
       end
 
       def s3

diff --git a/spec/dpl/providers/elasticbeanstalk_spec.rb b/spec/dpl/providers/elasticbeanstalk_spec.rb
@@ -118,6 +118,20 @@
     it { should have_run '[info] Using Access Key: ac******************' }
   end
 
+  describe 'with ~/.aws/credentials', run: false do
+    let(:args) { |e| %w(--env env --bucket_name bucket) }
+
+    file '~/.aws/credentials', <<-str.sub(/^\s*/, '')
+      [default]
+      aws_access_key_id=access_key_id
+      aws_secret_access_key=secret_access_key
+      aws_session_token=session_token
+    str
+
+    before { subject.run }
+    it { should have_run '[info] Using Access Key: ac******************, Session Token: ac******************' }
+  end
+
   describe 'with ~/.aws/config', run: false do
     let(:args) { |e| %w(--access_key_id id --secret_access_key secret) }