Loading credentials from env_file parameter #107
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Use Cases
As a developer, I would like to have a way to ignore assumeRole authentication if I already have the credentials from another custom plugin. Now the behaviour is always run the assumeRole function.
The single responsibility of drone-terraform should be running terraform as a drone plugin not authenticating behind the scenes. I want to pass the credentials somehow to drone-terraform plugin.
Due the limitations on the host machine, I can't store the ~/.aws/credentials file and without the admin keys the drone-terraform will fail. This is a real case with Cloud Drone because we can't store files there, the only way to run the drone-terraform is reading the credentials from a temporary file created by another custom plugin. Without this PR is not possible to run the drone-terraform on Cloud Drone.
Due security reasons, I don't want to pass the Admin AWS tokens for drone plugins, I want to use my custom plugin to generate the session tokens and load the .env file on drone-terraform with the temporary credentials.
Solutions
Actually I needed to change 2 things:
I also introduced a breaking change by changing CLI param env-file to env_file
I did it mainly for 3 reasons:
@jmccann does that make sense to you? I'm happy to discuss and also revert that breaking change if you have a concern.
Core Changes