Skip to content

Commit fceb5fe

Browse files
OmpragashOmpragash
authored
Update plugin.go
1 parent 179e1fe commit fceb5fe

File tree

1 file changed

+12
-5
lines changed

1 file changed

+12
-5
lines changed

plugin.go

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -440,18 +440,22 @@ func (p *Plugin) createS3Client() *s3.S3 {
440440
S3ForcePathStyle: aws.Bool(p.PathStyle),
441441
}
442442

443+
var creds *credentials.Credentials
444+
var err error
445+
443446
// Set credentials before creating the session
444447
if p.Key != "" && p.Secret != "" {
445448
// Use static credentials
446-
conf.Credentials = credentials.NewStaticCredentials(p.Key, p.Secret, "")
449+
creds = credentials.NewStaticCredentials(p.Key, p.Secret, "")
450+
conf.Credentials = creds
447451
} else if p.IdToken != "" && p.AssumeRole != "" {
448452
// Assume role with web identity
449453
tempSess, err := session.NewSession(conf)
450454
if err != nil {
451455
log.Fatalf("failed to create temporary AWS session: %v", err)
452456
}
453457

454-
creds, err := assumeRoleWithWebIdentity(tempSess, p.AssumeRole, p.AssumeRoleSessionName, p.IdToken)
458+
creds, err = assumeRoleWithWebIdentity(tempSess, p.AssumeRole, p.AssumeRoleSessionName, p.IdToken)
455459
if err != nil {
456460
log.Fatalf("failed to assume role with web identity: %v", err)
457461
}
@@ -465,7 +469,7 @@ func (p *Plugin) createS3Client() *s3.S3 {
465469
log.Fatalf("failed to create temporary AWS session: %v", err)
466470
}
467471

468-
creds := assumeRole(tempSess, p.AssumeRole, p.AssumeRoleSessionName, p.ExternalID)
472+
creds = assumeRole(tempSess, p.AssumeRole, p.AssumeRoleSessionName, p.ExternalID)
469473

470474
// Update the credentials in the config
471475
conf.Credentials = creds
@@ -482,18 +486,21 @@ func (p *Plugin) createS3Client() *s3.S3 {
482486
// Create the S3 client using the session
483487
client := s3.New(sess)
484488

485-
// Optionally assume another role if UserRoleArn is provided
489+
// Only attempt to assume UserRoleArn if it's provided
486490
if len(p.UserRoleArn) > 0 {
487491
log.WithFields(log.Fields{
488492
"UserRoleArn": p.UserRoleArn,
489493
}).Info("Assuming user role ARN")
490494

491-
creds := stscreds.NewCredentials(sess, p.UserRoleArn)
495+
// Create new credentials by assuming the UserRoleArn
496+
creds = stscreds.NewCredentials(sess, p.UserRoleArn)
497+
492498
// Create a new session with the new credentials
493499
confWithUserRole := &aws.Config{
494500
Region: aws.String(p.Region),
495501
Credentials: creds,
496502
}
503+
497504
sessWithUserRole, err := session.NewSession(confWithUserRole)
498505
if err != nil {
499506
log.Fatalf("failed to create AWS session with user role: %v", err)

0 commit comments

Comments
 (0)