From 548e7408c5a50cf54a7924463b04e49f7b953eae Mon Sep 17 00:00:00 2001
From: Ivan Pozdeev <vano@mail.mipt.ru>
Date: Sun, 4 Oct 2020 23:45:44 +0300
Subject: [PATCH] Support ElasticBeanstalk optional session token

It's used in some authentication scenarios like Amazon AWS-Educate
---
 lib/dpl/providers/elasticbeanstalk.rb       |  6 ++++--
 spec/dpl/providers/elasticbeanstalk_spec.rb | 14 ++++++++++++++
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/lib/dpl/providers/elasticbeanstalk.rb b/lib/dpl/providers/elasticbeanstalk.rb
index 076838010..0a5d36e8c 100644
--- a/lib/dpl/providers/elasticbeanstalk.rb
+++ b/lib/dpl/providers/elasticbeanstalk.rb
@@ -28,6 +28,7 @@ class Elasticbeanstalk < Provider
 
       opt '--access_key_id ID', 'AWS Access Key ID', required: true, secret: true
       opt '--secret_access_key KEY', 'AWS Secret Key', required: true, secret: true
+      opt '--session_token TOKEN', 'AWS Session Token', required: false, secret: true
       opt '--region REGION', 'AWS Region the Elastic Beanstalk app is running in', default: 'us-east-1'
       opt '--app NAME', 'Elastic Beanstalk application name', default: :repo_name
       opt '--env NAME', 'Elastic Beanstalk environment name to be updated.'
@@ -41,6 +42,7 @@ class Elasticbeanstalk < Provider
       opt '--debug', internal: true
 
       msgs login:   'Using Access Key: %{access_key_id}',
+           login_token: 'Using Access Key: %{access_key_id}, Session Token: %{session_token}',
            zip_add: 'Adding %s'
 
       msgs clean_description: 'Removed non-printable characters from the version description'
@@ -48,7 +50,7 @@ class Elasticbeanstalk < Provider
       attr_reader :started, :object, :version
 
       def login
-        info :login
+        info(session_token ? :login_token : :login)
       end
 
       def setup
@@ -171,7 +173,7 @@ def environment
       end
 
       def credentials
-        Aws::Credentials.new(access_key_id, secret_access_key)
+        Aws::Credentials.new(access_key_id, secret_access_key, session_token)
       end
 
       def s3
diff --git a/spec/dpl/providers/elasticbeanstalk_spec.rb b/spec/dpl/providers/elasticbeanstalk_spec.rb
index b11ced2a8..386bae46d 100644
--- a/spec/dpl/providers/elasticbeanstalk_spec.rb
+++ b/spec/dpl/providers/elasticbeanstalk_spec.rb
@@ -118,6 +118,20 @@
     it { should have_run '[info] Using Access Key: ac******************' }
   end
 
+  describe 'with ~/.aws/credentials', run: false do
+    let(:args) { |e| %w(--env env --bucket_name bucket) }
+
+    file '~/.aws/credentials', <<-str.sub(/^\s*/, '')
+      [default]
+      aws_access_key_id=access_key_id
+      aws_secret_access_key=secret_access_key
+      aws_session_token=token
+    str
+
+    before { subject.run }
+    it { should have_run '[info] Using Access Key: ac******************, Session Token: t*******************' }
+  end
+
   describe 'with ~/.aws/config', run: false do
     let(:args) { |e| %w(--access_key_id id --secret_access_key secret) }