deveops load aws creds from session for deploy

2025-06-17 00:17:59 +02:00 · 2019-07-13 23:12:07 -08:00
parent 79e81aa7e8
commit aeeb51fc0f
4 changed files with 35 additions and 7 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,7 +1,4 @@
 .idea
 go.mod
 aws.lee
 aws.*
 .env_docker_compose
 !aws.go
--- a/tools/devops/cmd/deploy/aws.go
+++ b/tools/devops/cmd/deploy/aws.go
@ -3,9 +3,11 @@ package deploy
 import (
 	"encoding/json"
 	"fmt"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"io/ioutil"
 	"path/filepath"
 	"sort"
 	"strconv"
 	"strings"
 	"github.com/aws/aws-sdk-go/aws"
@ -26,6 +28,21 @@ const (
 func GetAwsCredentials(targetEnv string) (awsCredentials, error) {
 	var creds awsCredentials
 	if v := getTargetEnv(targetEnv, "AWS_USE_ROLE"); v != "" {
 		creds.UseRole, _ = strconv.ParseBool(v)
 		sess, err := session.NewSession()
 		if err != nil {
 			return creds, errors.Wrap(err, "failed to load aws credentials from instance")
 		}
 		if  sess.Config != nil && sess.Config.Region != nil {
 			creds.Region = *sess.Config.Region
 		}
 		return creds, nil
 	}
 	creds.AccessKeyID = strings.TrimSpace(getTargetEnv(targetEnv, "AWS_ACCESS_KEY_ID"))
 	creds.SecretAccessKey = strings.TrimSpace(getTargetEnv(targetEnv, "AWS_SECRET_ACCESS_KEY"))
 	creds.Region = strings.TrimSpace(getTargetEnv(targetEnv, "AWS_REGION"))
--- a/tools/devops/cmd/deploy/models.go
+++ b/tools/devops/cmd/deploy/models.go
@ -170,13 +170,22 @@ func (r *serviceDeployRequest) awsSession() *session.Session {
 // AwsCredentials defines AWS credentials used for deployment. Unable to use roles when deploying
 // using gitlab CI/CD pipeline.
 type awsCredentials struct {
-	AccessKeyID     string `validate:"required"`
+	AccessKeyID     string `validate:"required_without=UseRole"`
-	SecretAccessKey string `validate:"required"`
+	SecretAccessKey string `validate:"required_without=UseRole"`
-	Region          string `validate:"required"`
+	Region          string `validate:"required_without=UseRole"`
 	UseRole          bool
 }
 // Session returns a new AWS Session used to access AWS services.
 func (creds awsCredentials) Session() *session.Session {
 	if creds.UseRole {
 		// Get an AWS session from an implicit source if no explicit
 		// configuration is provided. This is useful for taking advantage of
 		// EC2/ECS instance roles.
 		return  session.Must(session.NewSession())
 	}
 	return session.New(
 		&aws.Config{
 			Region:      aws.String(creds.Region),
--- a/tools/devops/cmd/deploy/service_deploy.go
+++ b/tools/devops/cmd/deploy/service_deploy.go
@ -68,7 +68,12 @@ func NewServiceDeployRequest(log *log.Logger, flags ServiceDeployFlags) (*servic
 		if err != nil {
 			return nil, err
 		}
 		if awsCreds.UseRole {
 			log.Printf("\t\t\tUsing role")
 		} else {
 			log.Printf("\t\t\tAccessKeyID: '%s'", awsCreds.AccessKeyID)
 		}
 		log.Printf("\t\t\tRegion: '%s'", awsCreds.Region)
 		log.Printf("\t%s\tAWS credentials valid.", tests.Success)
 	}