Comments (4)
@joshdholtz, is this issue resolved by PR #86? I will try to test myself, but don't have an environment setup at the moment.
I have doubts as I thought Instance profiles were for EC2. If my understanding is correct, then shouldn't PR #86 have introduced a boolean flag to indicate whether to use InstanceProfile or not. If false and no other s3_* flags are set then the credentials would be resolved from the environment, which is what I am proposing in this ticket / PR #55
from fastlane-plugin-s3.
@timothy-volvo I’ll take a deeper look today! I thought it did but I will make sure.
from fastlane-plugin-s3.
#86 still won't resolve this. As an example, using STS
credentials, you must pass AWS_ACCESS_KEY_ID
, AWS_ACCESS_SECRET_KEY
and AWS_SESSION_TOKEN
. After this PR, roles assumed by STS will still not work because specifying the first two as parameters will result in incomplete credentials and omitting them results in using InstanceProfileCredentials
rather than the default chain.
AWS uses some non-trivial logic to initialize a session, so unless this plugin is doing something special or custom to initialize the session, I would strongly suggest using the default credential provider chain as the default if you don't specify explicit credentials instead of using AWS:: InstanceProfileCredentials
Here's the source to what the credential chain tries to do:
It includes:
static_credentials
static_profile_assume_role_web_identity_credentials
static_profile_assume_role_credentials
static_profile_credentials
static_profile_process_credentials
env_credentials
assume_role_web_identity_credentials
assume_role_credentials
shared_credentials
process_credentials
instance_profile_credentials
from fastlane-plugin-s3.
I wonder if we can simply add a option variable for AWS_SESSION_TOKEN to use STS
credentials
I can use session token with AWS_PROFILE
options, but I have to update .aws/credential
file almost every release
hence, I wish I can use the AWS_SESSION_TOKEN
environmental variable
I touched up the code a little and it looks working fine for my case:
the Aws::Credentials.new()
allows the session token for the third parameter, and the value is null by default
diff --git a/lib/fastlane/plugin/aws_s3/actions/aws_s3_action.rb b/lib/fastlane/plugin/aws_s3/actions/aws_s3_action.rb
index 4a33e54..7f4f434 100644
--- a/lib/fastlane/plugin/aws_s3/actions/aws_s3_action.rb
+++ b/lib/fastlane/plugin/aws_s3/actions/aws_s3_action.rb
@@ -32,6 +32,7 @@ module Fastlane
params[:release_notes] = config[:release_notes]
params[:access_key] = config[:access_key]
params[:secret_access_key] = config[:secret_access_key]
+ params[:aws_session_token] = config[:aws_session_token]
params[:aws_profile] = config[:aws_profile]
params[:bucket] = config[:bucket]
params[:endpoint] = config[:endpoint]
@@ -65,6 +66,7 @@ module Fastlane
s3_region = params[:region]
s3_access_key = params[:access_key]
s3_secret_access_key = params[:secret_access_key]
+ s3_session_token = params[:aws_session_token]
s3_profile = params[:aws_profile]
s3_bucket = params[:bucket]
s3_endpoint = params[:endpoint]
@@ -89,7 +91,7 @@ module Fastlane
client_cfg[:region] = s3_region if s3_region
client_cfg[:endpoint] = s3_endpoint if s3_endpoint
client_cfg[:profile] = s3_profile if s3_profile
- client_cfg[:credentials] = Aws::Credentials.new(s3_access_key, s3_secret_access_key) if s3_access_key && s3_secret_access_key
+ client_cfg[:credentials] = Aws::Credentials.new(s3_access_key, s3_secret_access_key, s3_session_token) if s3_access_key && s3_secret_access_key
s3_client = Aws::S3::Client.new(client_cfg)
@@ -736,6 +738,11 @@ module Fastlane
description: "AWS Secret Access Key ",
optional: true,
default_value: ENV['AWS_SECRET_ACCESS_KEY']),
+ FastlaneCore::ConfigItem.new(key: :aws_session_token,
+ env_name: "S3_SESSION_TOKEN",
+ description: "AWS Session TOKEN ",
+ optional: true,
+ default_value: ENV['AWS_SESSION_TOKEN']),
FastlaneCore::ConfigItem.new(key: :aws_profile,
env_name: "S3_PROFILE",
description: "AWS profile to use for credentials",
from fastlane-plugin-s3.
Related Issues (20)
- Can .aab be supported in addition to apk? HOT 5
- uploading files is inconsistent when using `path`
- Providing empty string to disable dsym upload gives error
- Fastlane match 2.195.0 fails to connect to Amazon S3 on new machine HOT 1
- no implicit conversion of nil into String HOT 3
- acl options should be hyphenated not underscored
- [Feature Request] Support to upload multiple APKs.
- Cant locate dSYM
- error No such file or directory
- Prevent existed files overwriting
- Option to be able to upload .app builds? HOT 1
- Android APK HTML app title showing up as "0x0" HOT 1
- The iOS template script is removing the download link for iPad Air 2 iOS 13. HOT 2
- Fastlane 2.144.0 breaks compatibility HOT 8
- SSL_connect returned=1 errno=0 state=error: certificate verify failed (unspecified certificate verification error) HOT 2
- Issue with `apktools` not supporting ruby-zip 2.0 (PR #26) HOT 1
- Clarification: Can I able to upload the screenshots in s3 using fastlane
- Value of S3_FOLDER_OUTPUT_PATH is sometimes wrong due to url encoding
- Unknown method 'version_file_names' HOT 6
- Wrong number of arguments with v2.0.0 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fastlane-plugin-s3.