Add support for aws credentials (#71)

stijndehaes · superbrothers · commit 3abd7bbf3668 · 2019-05-08T14:48:08.000+09:00
diff --git a/AUTHORS b/AUTHORS
@@ -11,3 +11,4 @@ Werner Buck
 Lucas de Haas
 Daniel Jensen
 Jens Herrmann
+Stijn De Haes
diff --git a/README.md b/README.md
@@ -45,6 +45,9 @@ The version of this resource corresponds to the version of kubectl. We recommend
 - `use_aws_iam_authenticator`: *Optional.* If true, the aws_iam_authenticator, required for connecting with EKS, is used. Requires `aws_eks_cluster_name`. Defaults to `false`.
 - `aws_eks_cluster_name`: *Optional.* the AWS EKS cluster name, required when `use_aws_iam_authenticator` is true.
 - `aws_eks_assume_role`: *Optional.* the AWS IAM role ARN to assume.
+- `aws_access_key_id`: *Optional.* AWS access key to use for iam authenticator.
+- `aws_secret_access_key`: *Optional.* AWS secret key to use for iam authenticator.
+- `aws_session_token`: *Optional.* AWS session token (assumed role) to use for iam authenticator.
 
 ## Behavior
 
diff --git a/assets/out b/assets/out
@@ -28,6 +28,13 @@ cd "$source_dir"
 payload=$(mktemp "$TMPDIR/kubernetes-resource-request.XXXXXX")
 cat > "$payload" <&0
 
+AWS_ACCESS_KEY_ID=$(jq -r '.source.aws_access_key_id // ""' < "$payload")
+export AWS_ACCESS_KEY_ID
+AWS_SECRET_ACCESS_KEY=$(jq -r '.source.aws_secret_access_key // ""' < "$payload")
+export AWS_SECRET_ACCESS_KEY
+AWS_SESSION_TOKEN=$(jq -r '.source.aws_session_token // ""' < "$payload")
+export AWS_SESSION_TOKEN
+
 setup_kubectl "$payload"
 
 # Required. Specify the operation that you want to perform on one or more
diff --git a/test/suite.bats b/test/suite.bats
@@ -46,6 +46,13 @@ teardown() {
   assert_not_match 'did not find expected key' "$output"
 }
 
+@test "with outputs.aws_access_credentials" {
+  run assets/out <<< "$(jq -n '{"source": {"use_aws_iam_authenticator": true, "aws_eks_cluster_name": "eks-cluster01", "aws_access_key_id": "KEY", "aws_secret_access_key": "SECRET", "aws_session_token": "Session", "server": $server, "token": $token}, "params": {"kubectl": "get po"}}' \
+    --arg server "$server" \
+    --arg token "$token")"
+  assert_not_match 'did not find expected key' "$output"
+}
+
 @test "with source.kubeconfig" {
   run assets/out <<< "$(jq -n '{"source": {"kubeconfig": $kubeconfig}, "params": {"kubectl": $kubectl, "wait_until_ready": 60}}' \
     --arg kubeconfig "$(cat "$kubeconfig_file")" \
