Skip to content

Commit 4d8f3bd

Browse files
committed
Add option to configure credential_source
1 parent d9d6a93 commit 4d8f3bd

File tree

2 files changed

+25
-12
lines changed

2 files changed

+25
-12
lines changed

manifests/profile.pp

Lines changed: 22 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,11 @@
3232
# [$source_profile]
3333
# The profile to use for credentials to assume the specified role
3434
#
35+
# [credential_source]
36+
# Used within EC2 instances or EC2 containers to specify where the AWS CLI can find credentials
37+
# to use to assume the role you specified with the role_arn parameter.
38+
# You cannot specify both source_profile and credential_source in the same profile.
39+
#
3540
# [$role_session_name]
3641
# An identifier for the assumed role session
3742
#
@@ -62,18 +67,19 @@
6267
# }
6368
#
6469
define awscli::profile(
65-
$ensure = 'present',
66-
$user = 'root',
67-
$group = undef,
68-
$homedir = undef,
69-
$aws_access_key_id = undef,
70-
$aws_secret_access_key = undef,
71-
$role_arn = undef,
72-
$source_profile = undef,
73-
$role_session_name = undef,
74-
$aws_region = 'us-east-1',
75-
$profile_name = 'default',
76-
$output = 'json',
70+
$ensure = 'present',
71+
$user = 'root',
72+
$group = undef,
73+
$homedir = undef,
74+
$aws_access_key_id = undef,
75+
$aws_secret_access_key = undef,
76+
$role_arn = undef,
77+
$source_profile = undef,
78+
Optional[Enum['Environment', 'Ec2InstanceMetadata', 'EcsContainer']] $credential_source = undef,
79+
$role_session_name = undef,
80+
$aws_region = 'us-east-1',
81+
$profile_name = 'default',
82+
$output = 'json',
7783
) {
7884
if $aws_access_key_id == undef and $aws_secret_access_key == undef {
7985
info ('AWS keys for awscli::profile. Your will need IAM roles configured.')
@@ -108,6 +114,10 @@
108114
$group_real = $group
109115
}
110116

117+
if ($source_profile != undef and $credential_source != undef) {
118+
fail('aws cli profile cannot contain both source_profile and credential_source config option')
119+
}
120+
111121
# ensure $homedir/.aws is available
112122
if !defined(File["${homedir_real}/.aws"]) {
113123
file { "${homedir_real}/.aws":

templates/config_concat.erb

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,9 @@ role_arn=<%= @role_arn %>
1111
<% if @source_profile -%>
1212
source_profile=<%= @source_profile %>
1313
<% end -%>
14+
<% if @credential_source -%>
15+
credential_source=<%= @credential_source %>
16+
<% end -%>
1417
<% if @role_session_name -%>
1518
role_session_name=<%= @role_session_name %>
1619
<% end -%>

0 commit comments

Comments
 (0)