Fixes manheim#444 - Add duration parameter to WithAwsPlugin.withRole()

jantman · Jan 4, 2023 · 00e876e · 00e876e
1 parent 48af506
commit 00e876e
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 29 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,7 @@
 - [Issue #432](https://github.com/manheim/terraform-pipeline/issues/432) pass TagPlugin through `-var-file={env}-tags.tfvars`
 - [Issue #417](https://github.com/manheim/terraform-pipeline/issues/417) DestroyPlugin & PassPlanFilePlugin - Terraform Destroy can't be called with a plan file
 - [Issue #436](https://github.com/manheim/terraform-pipeline/issues/436) Bug Fix: Omit variables and variable files from apply command if a plan file is specified
+- [Issue #444](https://github.com/manheim/terraform-pipeline/issues/444) Expose optional duration parameter on WithAwsPlugin's `withRole()`
 
 # v5.19
 

diff --git a/docs/WithAwsPlugin.md b/docs/WithAwsPlugin.md
@@ -60,3 +60,9 @@ validate.then(deployQa)
         .then(deployProd)
         .build()
 ```
+
+If you want to specify a role session duration other than the default of 1 hour (3600 seconds), you can do so by providing an integer `duration` parameter to the `withRole()` call, like:
+
+```
+WithAwsPlugin.withRole(duration: 43200).init()
+```
diff --git a/src/WithAwsPlugin.groovy b/src/WithAwsPlugin.groovy
@@ -2,6 +2,7 @@ import static TerraformEnvironmentStage.ALL
 
 class WithAwsPlugin implements TerraformEnvironmentStagePlugin, Resettable {
     private static role
+    private static duration
 
     public static void init() {
         WithAwsPlugin plugin = new WithAwsPlugin()
@@ -19,9 +20,10 @@ class WithAwsPlugin implements TerraformEnvironmentStagePlugin, Resettable {
     public Closure addWithAwsRole(String environment) {
         return { closure ->
             String iamRole = getRole(environment)
+            Integer sessionDuration = getDuration()
 
             if (iamRole != null) {
-                withAWS(role: iamRole) {
+                withAWS(role: iamRole, duration: sessionDuration) {
                     sh "echo Running AWS commands under the role: ${iamRole}"
                     closure()
                 }
@@ -32,8 +34,9 @@ class WithAwsPlugin implements TerraformEnvironmentStagePlugin, Resettable {
         }
     }
 
-    public static withRole(String role = null) {
+    public static withRole(String role = null, Integer duration = 3600) {
         this.role = role
+        this.duration = duration
 
         return this
     }
@@ -56,7 +59,12 @@ class WithAwsPlugin implements TerraformEnvironmentStagePlugin, Resettable {
         return tempRole
     }
 
+    public Integer getDuration() {
+        return this.duration
+    }
+
     public static void reset() {
         this.role = null
+        this.duration = 3600
     }
 }
diff --git a/test/WithAwsPluginTest.groovy b/test/WithAwsPluginTest.groovy
@@ -85,44 +85,32 @@ class WithAwsPluginTest {
     }
 
     @Nested
-    public class WithExplicitRole {
+    public class WithDefaultDuration {
         @Test
-        void returnsProvidedRole() {
-            def expectedRole = "myRole"
-            def plugin = new WithAwsPlugin()
-
-            plugin.withRole(expectedRole)
-
-            def actualRole = plugin.getRole()
-
-            assertThat(actualRole, is(expectedRole))
-        }
-
-        @Test
-        void prefersProvidedRoleOverGenericRole() {
-            def expectedRole = "correctRole"
+        void returnsDefaultDuration() {
+            def expectedDuration = 3600
             def plugin = new WithAwsPlugin()
-            MockJenkinsfile.withEnv(AWS_ROLE_ARN: 'incorrectRole')
+            MockJenkinsfile.withEnv(AWS_ROLE_ARN: 'foo')
 
-            plugin.withRole(expectedRole)
-
-            def actualRole = plugin.getRole()
+            plugin.withRole()
 
-            assertThat(actualRole, is(expectedRole))
+            def actualDuration = plugin.getDuration()
+            assertThat(actualDuration, is(expectedDuration))
         }
+    }
 
+    @Nested
+    public class WithExplicitDuration {
         @Test
-        void prefersProvidedRoleOverEnvironmntSpecificRole() {
-            def expectedRole = "correctRole"
+        void returnsExplicitDuration() {
+            def expectedDuration = 43200
             def plugin = new WithAwsPlugin()
-            MockJenkinsfile.withEnv(QA_AWS_ROLE_ARN: 'incorrectRole')
 
-            plugin.withRole(expectedRole)
+            plugin.withRole(duration: expectedDuration)
 
-            def actualRole = plugin.getRole('qa')
+            def actualDuration = plugin.getDuration()
 
-            assertThat(actualRole, is(expectedRole))
+            assertThat(actualDuration, is(expectedDuration))
         }
     }
 }
-