Skip to content

Commit cc1bf6b

Browse files
authored
Enable AWS IAM instance profiles configuration for Storage CLI (#629)
1 parent 2bb5d36 commit cc1bf6b

24 files changed

Lines changed: 240 additions & 64 deletions

jobs/blobstore_benchmark/templates/storage_cli_config_buildpacks.json.erb

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -46,10 +46,14 @@ end
4646

4747
if provider == "AWS"
4848
options["provider"] = provider
49-
options["access_key_id"] = l.p("#{scope}.aws_access_key_id")
50-
options["secret_access_key"] = l.p("#{scope}.aws_secret_access_key")
5149
options["bucket_name"] = l.p("#{scope}.bucket_name")
52-
options["credentials_source"] = "static"
50+
if l.p("#{scope}.use_iam_profile", false)
51+
options["credentials_source"] = "env_or_profile"
52+
else
53+
options["credentials_source"] = "static"
54+
options["access_key_id"] = l.p("#{scope}.aws_access_key_id")
55+
options["secret_access_key"] = l.p("#{scope}.aws_secret_access_key")
56+
end
5357
add_optional(options, "folder_name", l.p("#{scope}.folder_name", nil))
5458
add_optional(options, "host", l.p("#{scope}.host", nil))
5559
add_optional(options, "port", l.p("#{scope}.port", nil))

jobs/blobstore_benchmark/templates/storage_cli_config_droplets.json.erb

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -46,10 +46,14 @@ end
4646

4747
if provider == "AWS"
4848
options["provider"] = provider
49-
options["access_key_id"] = l.p("#{scope}.aws_access_key_id")
50-
options["secret_access_key"] = l.p("#{scope}.aws_secret_access_key")
5149
options["bucket_name"] = l.p("#{scope}.bucket_name")
52-
options["credentials_source"] = "static"
50+
if l.p("#{scope}.use_iam_profile", false)
51+
options["credentials_source"] = "env_or_profile"
52+
else
53+
options["credentials_source"] = "static"
54+
options["access_key_id"] = l.p("#{scope}.aws_access_key_id")
55+
options["secret_access_key"] = l.p("#{scope}.aws_secret_access_key")
56+
end
5357
add_optional(options, "folder_name", l.p("#{scope}.folder_name", nil))
5458
add_optional(options, "host", l.p("#{scope}.host", nil))
5559
add_optional(options, "port", l.p("#{scope}.port", nil))

jobs/blobstore_benchmark/templates/storage_cli_config_packages.json.erb

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -46,10 +46,14 @@ end
4646

4747
if provider == "AWS"
4848
options["provider"] = provider
49-
options["access_key_id"] = l.p("#{scope}.aws_access_key_id")
50-
options["secret_access_key"] = l.p("#{scope}.aws_secret_access_key")
5149
options["bucket_name"] = l.p("#{scope}.bucket_name")
52-
options["credentials_source"] = "static"
50+
if l.p("#{scope}.use_iam_profile", false)
51+
options["credentials_source"] = "env_or_profile"
52+
else
53+
options["credentials_source"] = "static"
54+
options["access_key_id"] = l.p("#{scope}.aws_access_key_id")
55+
options["secret_access_key"] = l.p("#{scope}.aws_secret_access_key")
56+
end
5357
add_optional(options, "folder_name", l.p("#{scope}.folder_name", nil))
5458
add_optional(options, "host", l.p("#{scope}.host", nil))
5559
add_optional(options, "port", l.p("#{scope}.port", nil))

jobs/blobstore_benchmark/templates/storage_cli_config_resource_pool.json.erb

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -46,10 +46,14 @@ end
4646

4747
if provider == "AWS"
4848
options["provider"] = provider
49-
options["access_key_id"] = l.p("#{scope}.aws_access_key_id")
50-
options["secret_access_key"] = l.p("#{scope}.aws_secret_access_key")
5149
options["bucket_name"] = l.p("#{scope}.bucket_name")
52-
options["credentials_source"] = "static"
50+
if l.p("#{scope}.use_iam_profile", false)
51+
options["credentials_source"] = "env_or_profile"
52+
else
53+
options["credentials_source"] = "static"
54+
options["access_key_id"] = l.p("#{scope}.aws_access_key_id")
55+
options["secret_access_key"] = l.p("#{scope}.aws_secret_access_key")
56+
end
5357
add_optional(options, "folder_name", l.p("#{scope}.folder_name", nil))
5458
add_optional(options, "host", l.p("#{scope}.host", nil))
5559
add_optional(options, "port", l.p("#{scope}.port", nil))

jobs/cc_deployment_updater/templates/storage_cli_config_buildpacks.json.erb

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -46,10 +46,14 @@ end
4646

4747
if provider == "AWS"
4848
options["provider"] = provider
49-
options["access_key_id"] = l.p("#{scope}.aws_access_key_id")
50-
options["secret_access_key"] = l.p("#{scope}.aws_secret_access_key")
5149
options["bucket_name"] = l.p("#{scope}.bucket_name")
52-
options["credentials_source"] = "static"
50+
if l.p("#{scope}.use_iam_profile", false)
51+
options["credentials_source"] = "env_or_profile"
52+
else
53+
options["credentials_source"] = "static"
54+
options["access_key_id"] = l.p("#{scope}.aws_access_key_id")
55+
options["secret_access_key"] = l.p("#{scope}.aws_secret_access_key")
56+
end
5357
add_optional(options, "folder_name", l.p("#{scope}.folder_name", nil))
5458
add_optional(options, "host", l.p("#{scope}.host", nil))
5559
add_optional(options, "port", l.p("#{scope}.port", nil))

jobs/cc_deployment_updater/templates/storage_cli_config_droplets.json.erb

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -46,10 +46,14 @@ end
4646

4747
if provider == "AWS"
4848
options["provider"] = provider
49-
options["access_key_id"] = l.p("#{scope}.aws_access_key_id")
50-
options["secret_access_key"] = l.p("#{scope}.aws_secret_access_key")
5149
options["bucket_name"] = l.p("#{scope}.bucket_name")
52-
options["credentials_source"] = "static"
50+
if l.p("#{scope}.use_iam_profile", false)
51+
options["credentials_source"] = "env_or_profile"
52+
else
53+
options["credentials_source"] = "static"
54+
options["access_key_id"] = l.p("#{scope}.aws_access_key_id")
55+
options["secret_access_key"] = l.p("#{scope}.aws_secret_access_key")
56+
end
5357
add_optional(options, "folder_name", l.p("#{scope}.folder_name", nil))
5458
add_optional(options, "host", l.p("#{scope}.host", nil))
5559
add_optional(options, "port", l.p("#{scope}.port", nil))

jobs/cc_deployment_updater/templates/storage_cli_config_packages.json.erb

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -46,10 +46,14 @@ end
4646

4747
if provider == "AWS"
4848
options["provider"] = provider
49-
options["access_key_id"] = l.p("#{scope}.aws_access_key_id")
50-
options["secret_access_key"] = l.p("#{scope}.aws_secret_access_key")
5149
options["bucket_name"] = l.p("#{scope}.bucket_name")
52-
options["credentials_source"] = "static"
50+
if l.p("#{scope}.use_iam_profile", false)
51+
options["credentials_source"] = "env_or_profile"
52+
else
53+
options["credentials_source"] = "static"
54+
options["access_key_id"] = l.p("#{scope}.aws_access_key_id")
55+
options["secret_access_key"] = l.p("#{scope}.aws_secret_access_key")
56+
end
5357
add_optional(options, "folder_name", l.p("#{scope}.folder_name", nil))
5458
add_optional(options, "host", l.p("#{scope}.host", nil))
5559
add_optional(options, "port", l.p("#{scope}.port", nil))

jobs/cc_deployment_updater/templates/storage_cli_config_resource_pool.json.erb

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -46,10 +46,14 @@ end
4646

4747
if provider == "AWS"
4848
options["provider"] = provider
49-
options["access_key_id"] = l.p("#{scope}.aws_access_key_id")
50-
options["secret_access_key"] = l.p("#{scope}.aws_secret_access_key")
5149
options["bucket_name"] = l.p("#{scope}.bucket_name")
52-
options["credentials_source"] = "static"
50+
if l.p("#{scope}.use_iam_profile", false)
51+
options["credentials_source"] = "env_or_profile"
52+
else
53+
options["credentials_source"] = "static"
54+
options["access_key_id"] = l.p("#{scope}.aws_access_key_id")
55+
options["secret_access_key"] = l.p("#{scope}.aws_secret_access_key")
56+
end
5357
add_optional(options, "folder_name", l.p("#{scope}.folder_name", nil))
5458
add_optional(options, "host", l.p("#{scope}.host", nil))
5559
add_optional(options, "port", l.p("#{scope}.port", nil))

jobs/cloud_controller_clock/templates/storage_cli_config_buildpacks.json.erb

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -44,10 +44,14 @@ end
4444

4545
if provider == "AWS"
4646
options["provider"] = provider
47-
options["access_key_id"] = p("#{scope}.aws_access_key_id")
48-
options["secret_access_key"] = p("#{scope}.aws_secret_access_key")
4947
options["bucket_name"] = p("#{scope}.bucket_name")
50-
options["credentials_source"] = "static"
48+
if p("#{scope}.use_iam_profile", false)
49+
options["credentials_source"] = "env_or_profile"
50+
else
51+
options["credentials_source"] = "static"
52+
options["access_key_id"] = p("#{scope}.aws_access_key_id")
53+
options["secret_access_key"] = p("#{scope}.aws_secret_access_key")
54+
end
5155
add_optional(options, "folder_name", p("#{scope}.folder_name", nil))
5256
add_optional(options, "host", p("#{scope}.host", nil))
5357
add_optional(options, "port", p("#{scope}.port", nil))

jobs/cloud_controller_clock/templates/storage_cli_config_droplets.json.erb

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -44,10 +44,14 @@ end
4444

4545
if provider == "AWS"
4646
options["provider"] = provider
47-
options["access_key_id"] = p("#{scope}.aws_access_key_id")
48-
options["secret_access_key"] = p("#{scope}.aws_secret_access_key")
4947
options["bucket_name"] = p("#{scope}.bucket_name")
50-
options["credentials_source"] = "static"
48+
if p("#{scope}.use_iam_profile", false)
49+
options["credentials_source"] = "env_or_profile"
50+
else
51+
options["credentials_source"] = "static"
52+
options["access_key_id"] = p("#{scope}.aws_access_key_id")
53+
options["secret_access_key"] = p("#{scope}.aws_secret_access_key")
54+
end
5155
add_optional(options, "folder_name", p("#{scope}.folder_name", nil))
5256
add_optional(options, "host", p("#{scope}.host", nil))
5357
add_optional(options, "port", p("#{scope}.port", nil))

0 commit comments

Comments
 (0)