blob: 29442208c625033ee92c6afdab9d86fca7a39ede (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
# frozen_string_literal: true
module Clusters
module Aws
class FetchCredentialsService
attr_reader :provider
MissingRoleError = Class.new(StandardError)
def initialize(provider)
@provider = provider
end
def execute
raise MissingRoleError.new('AWS provisioning role not configured') unless provision_role.present?
::Aws::AssumeRoleCredentials.new(
client: client,
role_arn: provision_role.role_arn,
role_session_name: session_name,
external_id: provision_role.role_external_id
).credentials
end
private
def provision_role
provider.created_by_user.aws_role
end
def client
::Aws::STS::Client.new(credentials: gitlab_credentials, region: provider.region)
end
def gitlab_credentials
::Aws::Credentials.new(access_key_id, secret_access_key)
end
def access_key_id
Gitlab::CurrentSettings.eks_access_key_id
end
def secret_access_key
Gitlab::CurrentSettings.eks_secret_access_key
end
def session_name
"gitlab-eks-cluster-#{provider.cluster_id}-user-#{provider.created_by_user_id}"
end
end
end
end
|
