Merge pull request #538 from kayac/assume-role

Add --assume-role-arn option

README.md

@@ -108,6 +108,7 @@ Flags:
       --ext-str=KEY=VALUE;...     external string values for Jsonnet
       --ext-code=KEY=VALUE;...    external code values for Jsonnet
       --config="ecspresso.yml"    config file
+      --assume-role-arn=""        the ARN of the role to assume
       --option=OPTION
 
 Commands:

cli.go

@@ -7,11 +7,12 @@ import (
 )
 
 type CLIOptions struct {
-	Envfile []string          `help:"environment files"`
-	Debug   bool              `help:"enable debug log"`
-	ExtStr  map[string]string `help:"external string values for Jsonnet"`
-	ExtCode map[string]string `help:"external code values for Jsonnet"`
-	Config  string            `help:"config file" default:"ecspresso.yml"`
+	Envfile       []string          `help:"environment files"`
+	Debug         bool              `help:"enable debug log"`
+	ExtStr        map[string]string `help:"external string values for Jsonnet"`
+	ExtCode       map[string]string `help:"external code values for Jsonnet"`
+	Config        string            `help:"config file" default:"ecspresso.yml"`
+	AssumeRoleARN string            `help:"the ARN of the role to assume" default:""`
 
 	Option *Option
 

cli_test.go

@@ -25,6 +25,7 @@ var cliTests = []struct {
 			"--ext-str", "s2=v2",
 			"--ext-code", "c1=123",
 			"--ext-code", "c2=1+2",
+			"--assume-role-arn", "arn:aws:iam::123456789012:role/exampleRole",
 		},
 		sub: "status",
 		option: &ecspresso.Option{
@@ -33,6 +34,7 @@ var cliTests = []struct {
 			ExtStr:         map[string]string{"s1": "v1", "s2": "v2"},
 			ExtCode:        map[string]string{"c1": "123", "c2": "1+2"},
 			InitOption:     nil,
+			AssumeRoleARN:  "arn:aws:iam::123456789012:role/exampleRole",
 		},
 		subOption: &ecspresso.StatusOption{
 			Events: ptr(10),
@@ -57,6 +59,7 @@ var cliTests = []struct {
 			ExtStr:         map[string]string{},
 			ExtCode:        map[string]string{},
 			InitOption:     nil,
+			AssumeRoleARN:  "",
 		},
 		subOption: &ecspresso.StatusOption{
 			Events: ptr(100),

cliv2.go

@@ -35,6 +35,7 @@ func ParseCLIv2(args []string) (string, *CLIOptions, func(), error) {
 		Debug:          opts.Debug,
 		ExtStr:         opts.ExtStr,
 		ExtCode:        opts.ExtCode,
+		AssumeRoleARN:  opts.AssumeRoleARN,
 	}
 	if opts.Option.ExtStr == nil {
 		opts.Option.ExtStr = map[string]string{}

config.go

@@ -10,6 +10,8 @@ import (
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	awsConfig "github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/credentials/stscreds"
+	"github.com/aws/aws-sdk-go-v2/service/sts"
 	"github.com/google/go-jsonnet"
 	goVersion "github.com/hashicorp/go-version"
 	"github.com/kayac/ecspresso/v2/appspec"
@@ -163,6 +165,16 @@ func (c *Config) Restrict(ctx context.Context) error {
 	return nil
 }
 
+func (c *Config) AssumeRole(assumeRoleARN string) {
+	if assumeRoleARN == "" {
+		return
+	}
+	Log("[INFO] assume role: %s", assumeRoleARN)
+	stsClient := sts.NewFromConfig(c.awsv2Config)
+	assumeRoleProvider := stscreds.NewAssumeRoleProvider(stsClient, assumeRoleARN)
+	c.awsv2Config.Credentials = aws.NewCredentialsCache(assumeRoleProvider)
+}
+
 func (c *Config) setupPlugins(ctx context.Context) error {
 	for _, p := range c.Plugins {
 		if err := p.Setup(ctx, c); err != nil {

ecspresso.go

@@ -132,6 +132,7 @@ func New(ctx context.Context, opt *Option) (*App, error) {
 			return nil, fmt.Errorf("failed to load config file %s: %w", opt.ConfigFilePath, err)
 		}
 	}
+	conf.AssumeRole(opt.AssumeRoleARN)
 
 	logger := newLogger()
 	if opt.Debug {
@@ -181,6 +182,7 @@ type Option struct {
 	Debug          bool
 	ExtStr         map[string]string
 	ExtCode        map[string]string
+	AssumeRoleARN  string
 }
 
 func (opt *Option) resolveConfigFilePath() (path string) {