Update plugin.go

Ompragash · web-flow · commit cfbaf3e7311d · 2024-09-14T23:20:56.000+05:30
diff --git a/plugin.go b/plugin.go
@@ -441,33 +441,65 @@ func (p *Plugin) createS3Client() *s3.S3 {
         S3ForcePathStyle: aws.Bool(p.PathStyle),
     }
 
-    sess, err := session.NewSession(conf)
-    if err != nil {
-        log.Fatalf("failed to create AWS session: %v", err)
-    }
-
+    // Set credentials before creating the session
     if p.Key != "" && p.Secret != "" {
         conf.Credentials = credentials.NewStaticCredentials(p.Key, p.Secret, "")
     } else if p.IdToken != "" && p.AssumeRole != "" {
-        creds, err := assumeRoleWithWebIdentity(sess, p.AssumeRole, p.AssumeRoleSessionName, p.IdToken)
+        // Create a temporary session for assuming the role
+        tempSess, err := session.NewSession(conf)
+        if err != nil {
+            log.Fatalf("failed to create temporary AWS session: %v", err)
+        }
+
+        creds, err := assumeRoleWithWebIdentity(tempSess, p.AssumeRole, p.AssumeRoleSessionName, p.IdToken)
         if err != nil {
             log.Fatalf("failed to assume role with web identity: %v", err)
         }
+
+        // Update the credentials in the config
         conf.Credentials = creds
     } else if p.AssumeRole != "" {
-        conf.Credentials = assumeRole(p.AssumeRole, p.AssumeRoleSessionName, p.ExternalID)
+        // Create a temporary session for assuming the role
+        tempSess, err := session.NewSession(conf)
+        if err != nil {
+            log.Fatalf("failed to create temporary AWS session: %v", err)
+        }
+
+        creds := assumeRole(p.AssumeRole, p.AssumeRoleSessionName, p.ExternalID)
+
+        // Update the credentials in the config
+        conf.Credentials = creds
     } else {
-        log.Warn("AWS Key and/or Secret not provided (falling back to ec2 instance profile)")
+        log.Warn("AWS Key and/or Secret not provided (falling back to EC2 instance profile or environment variables)")
+    }
+
+    // Now create the session with the credentials
+    sess, err := session.NewSession(conf)
+    if err != nil {
+        log.Fatalf("failed to create AWS session: %v", err)
     }
 
-    client := s3.New(sess, conf)
+    // Create the S3 client using the session
+    client := s3.New(sess)
 
+    // Optionally assume another role if UserRoleArn is provided
     if len(p.UserRoleArn) > 0 {
-        confRoleArn := aws.Config{
+        log.WithFields(log.Fields{
+            "UserRoleArn": p.UserRoleArn,
+        }).Info("Assuming user role ARN")
+
+        creds := stscreds.NewCredentials(sess, p.UserRoleArn)
+        // Create a new session with the new credentials
+        confWithUserRole := &aws.Config{
             Region:      aws.String(p.Region),
-            Credentials: stscreds.NewCredentials(sess, p.UserRoleArn),
+            Credentials: creds,
+        }
+        sessWithUserRole, err := session.NewSession(confWithUserRole)
+        if err != nil {
+            log.Fatalf("failed to create AWS session with user role: %v", err)
         }
-        client = s3.New(sess, &confRoleArn)
+
+        client = s3.New(sessWithUserRole)
     }
 
     return client
@@ -485,4 +517,4 @@ func assumeRoleWithWebIdentity(sess *session.Session, roleArn, roleSessionName,
         log.Fatalf("failed to assume role with web identity: %v", err)
     }
     return credentials.NewStaticCredentials(*result.Credentials.AccessKeyId, *result.Credentials.SecretAccessKey, *result.Credentials.SessionToken), nil
-}
+}
