Support ElasticBeanstalk optional session token

It's used in some authentication scenarios like Amazon AWS-Educate
travis-ci · Oct 4, 2020 · 548e740 · 548e740
1 parent 598b6f5
commit 548e740
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 2 deletions.
diff --git a/lib/dpl/providers/elasticbeanstalk.rb b/lib/dpl/providers/elasticbeanstalk.rb
@@ -28,6 +28,7 @@ class Elasticbeanstalk < Provider
 
  opt '--access_key_id ID', 'AWS Access Key ID', required: true, secret: true
  opt '--secret_access_key KEY', 'AWS Secret Key', required: true, secret: true
+ opt '--session_token TOKEN', 'AWS Session Token', required: false, secret: true
  opt '--region REGION', 'AWS Region the Elastic Beanstalk app is running in', default: 'us-east-1'
  opt '--app NAME', 'Elastic Beanstalk application name', default: :repo_name
  opt '--env NAME', 'Elastic Beanstalk environment name to be updated.'
@@ -41,14 +42,15 @@ class Elasticbeanstalk < Provider
  opt '--debug', internal: true
 
  msgs login: 'Using Access Key: %{access_key_id}',
+ login_token: 'Using Access Key: %{access_key_id}, Session Token: %{session_token}',
  zip_add: 'Adding %s'
 
  msgs clean_description: 'Removed non-printable characters from the version description'
 
  attr_reader :started, :object, :version
 
  def login
- info :login
+ info(session_token ? :login_token : :login)
  end
 
  def setup
@@ -171,7 +173,7 @@ def environment
  end
 
  def credentials
- Aws::Credentials.new(access_key_id, secret_access_key)
+ Aws::Credentials.new(access_key_id, secret_access_key, session_token)
  end
 
  def s3

diff --git a/spec/dpl/providers/elasticbeanstalk_spec.rb b/spec/dpl/providers/elasticbeanstalk_spec.rb
@@ -118,6 +118,20 @@
  it { should have_run '[info] Using Access Key: ac******************' }
  end
 
+ describe 'with ~/.aws/credentials', run: false do
+ let(:args) { |e| %w(--env env --bucket_name bucket) }
+
+ file '~/.aws/credentials', <<-str.sub(/^\s*/, '')
+ [default]
+ aws_access_key_id=access_key_id
+ aws_secret_access_key=secret_access_key
+ aws_session_token=token
+ str
+
+ before { subject.run }
+ it { should have_run '[info] Using Access Key: ac******************, Session Token: t*******************' }
+ end
+
  describe 'with ~/.aws/config', run: false do
  let(:args) { |e| %w(--access_key_id id --secret_access_key secret) }