third/plugin-drone-docker
1
0
Fork 0
mirror of https://github.com/drone-plugins/drone-docker.git synced 2026-06-04 18:24:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

Added PLUGIN_OIDC_TOKEN_ID support

Browse Source
This commit is contained in:
OP (oppenheimer)
2024-04-23 22:34:44 +05:30
committed by GitHub
parent a807dc91eb
commit 12cc40aa62
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cmd/drone-ecr/main.go
+8 -3
View File
@@ -42,6 +42,7 @@ func main() {
assumeRole = getenv("PLUGIN_ASSUME_ROLE")
externalId = getenv("PLUGIN_EXTERNAL_ID")
scanOnPush = parseBoolOrDefault(false, getenv("PLUGIN_SCAN_ON_PUSH"))
idToken = os.Getenv("PLUGIN_OIDC_TOKEN_ID")
)
// set the region
@@ -61,7 +62,7 @@ func main() {
log.Fatal(fmt.Sprintf("error creating aws session: %v", err))
}
svc := getECRClient(sess, assumeRole, externalId)
svc := getECRClient(sess, assumeRole, externalId, idToken)
username, password, defaultRegistry, err := getAuthInfo(svc)
if registry == "" {
@@ -213,11 +214,15 @@ func getenv(key ...string) (s string) {
return
}
func getECRClient(sess *session.Session, role string, externalId string) *ecr.ECR {
func getECRClient(sess *session.Session, role string, externalId string, idToken string) *ecr.ECR {
if role == "" {
return ecr.New(sess)
}
if externalId != "" {
// Use STS AssumeRoleWithWebIdentity when idToken is provided
if idToken != "" {
creds := stscreds.NewWebIdentityCredentials(sess, role, "", idToken)
return ecr.New(sess, &aws.Config{Credentials: creds})
} else if externalId != "" {
return ecr.New(sess, &aws.Config{
Credentials: stscreds.NewCredentials(sess, role, func(p *stscreds.AssumeRoleProvider) {
p.ExternalID = &externalId