Merge pull request #134 from buildkite-plugins/toote_AWS_profile

Support AWS profiles

Author: pzeballos

README.md

@@ -97,9 +97,10 @@ Store things in an S3 bucket. You need to make sure that the `aws` command is av
 **AWS Authentication**: For AWS role assumption, use the [aws-assume-role-with-web-identity](https://github.com/buildkite-plugins/aws-assume-role-with-web-identity-buildkite-plugin) plugin. Alternatively, configure AWS credentials via IAM instance profiles, environment variables, or AWS CLI configuration.
 
 You also need the agent to have access to the following defined environment variables:
-* `BUILDKITE_PLUGIN_S3_CACHE_BUCKET`: the bucket to use (backend will fail if not defined)
+* `BUILDKITE_PLUGIN_S3_CACHE_BUCKET`: the bucket to use (**mandatory**, backend will fail if not defined)
 * `BUILDKITE_PLUGIN_S3_CACHE_PREFIX`: optional prefix to use for the cache within the bucket
 * `BUILDKITE_PLUGIN_S3_CACHE_ENDPOINT`: optional S3 custom endpoint to use
+* `BUILDKITE_PLUGIN_S3_CACHE_PROFILE`: optional profile (that [must exist in the agent's config](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html)) to use for CLI calls
 
 Setting the `BUILDKITE_PLUGIN_S3_CACHE_ONLY_SHOW_ERRORS` environment variable will reduce logging of file operations towards S3.
 
@@ -112,6 +113,7 @@ env:
   BUILDKITE_PLUGIN_S3_CACHE_PREFIX: "buildkite/cache"
   BUILDKITE_PLUGIN_S3_CACHE_ENDPOINT: "https://<your-endpoint>"
   BUILDKITE_PLUGIN_S3_CACHE_ONLY_SHOW_ERRORS: "true"
+  BUILDKITE_PLUGIN_S3_CACHE_PROFILE: cache-role
 
 steps:
   - label: ':nodejs: Install dependencies'

backends/cache_s3

@@ -16,6 +16,10 @@ build_key() {
 aws_cmd() {
   aws_cmd=(aws)
 
+  if [ -n "${BUILDKITE_PLUGIN_S3_CACHE_PROFILE}" ]; then
+    aws_cmd+=(--profile "${BUILDKITE_PLUGIN_S3_CACHE_PROFILE}")
+  fi
+
   if [ -n "${BUILDKITE_PLUGIN_S3_CACHE_ENDPOINT}" ]; then
     aws_cmd+=(--endpoint-url "${BUILDKITE_PLUGIN_S3_CACHE_ENDPOINT}")
   fi

tests/cache_s3.bats

@@ -64,9 +64,7 @@ setup() {
     's3 sync --only-show-errors \* \* : echo ' \
     's3api head-object --bucket \* --key \* : false ' \
     's3 sync --only-show-errors \* \* : echo ' \
-    's3 sync \* \* : echo ' \
-    's3api head-object --bucket \* --key \* : false ' \
-    's3 sync \* \* : echo '
+    's3api list-objects-v2 --bucket \* --prefix \* --max-items 1 --query Contents : echo exists'
 
   run "${PWD}/backends/cache_s3" save from to
 
@@ -78,14 +76,7 @@ setup() {
   assert_success
   assert_output ''
 
-  unset BUILDKITE_PLUGIN_S3_CACHE_ONLY_SHOW_ERRORS
-
-  run "${PWD}/backends/cache_s3" save from to
-
-  assert_success
-  assert_output ''
-
-  run "${PWD}/backends/cache_s3" get from to
+  run "${PWD}/backends/cache_s3" exists to
 
   assert_success
   assert_output ''
@@ -100,11 +91,7 @@ setup() {
     '--endpoint-url https://s3.somewhere.com s3 sync \* \* : echo ' \
     '--endpoint-url https://s3.somewhere.com s3api head-object --bucket \* --key \* : false ' \
     '--endpoint-url https://s3.somewhere.com s3 sync \* \* : echo ' \
-    '--endpoint-url https://s3.somewhere.com s3api list-objects-v2 --bucket \* --prefix \* --max-items 1 --query Contents : echo exists' \
-    's3 sync \* \* : echo ' \
-    's3api head-object --bucket \* --key \* : false ' \
-    's3 sync \* \* : echo ' \
-    's3api list-objects-v2 --bucket \* --prefix \* --max-items 1 --query Contents : echo exists'
+    '--endpoint-url https://s3.somewhere.com s3api list-objects-v2 --bucket \* --prefix \* --max-items 1 --query Contents : echo exists'
 
   run "${PWD}/backends/cache_s3" save from to
 
@@ -120,8 +107,16 @@ setup() {
 
   assert_success
   assert_output ''
+}
+
+@test 'Profile is passed when environment is set' {
+  export BUILDKITE_PLUGIN_S3_CACHE_PROFILE=custom-profile
 
-  unset BUILDKITE_PLUGIN_S3_CACHE_ENDPOINT
+  stub aws \
+    '--profile custom-profile s3 sync \* \* : echo ' \
+    '--profile custom-profile s3api head-object --bucket \* --key \* : false ' \
+    '--profile custom-profile s3 sync \* \* : echo ' \
+    '--profile custom-profile s3api list-objects-v2 --bucket \* --prefix \* --max-items 1 --query Contents : echo exists' \
 
   run "${PWD}/backends/cache_s3" save from to