From e0169548fc0263aa1b18dee7b65854eb44c07a37 Mon Sep 17 00:00:00 2001 From: Mohamed Habib Date: Wed, 3 Jan 2024 14:28:08 +0000 Subject: [PATCH] only fetch oidc keys once both apply and plan phases (#992) * retrieve keys only once --- libs/orchestrator/aws.go | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/libs/orchestrator/aws.go b/libs/orchestrator/aws.go index a72dfe541..6a3c69d6a 100644 --- a/libs/orchestrator/aws.go +++ b/libs/orchestrator/aws.go @@ -15,8 +15,9 @@ import ( "os" ) -func populateBackendConfig(args []string, provider stscreds.WebIdentityRoleProvider) ([]string, error) { +func populateretrieveBackendConfigArgs(provider stscreds.WebIdentityRoleProvider) ([]string, error) { creds, err := provider.Retrieve() + var args []string if err != nil { return args, fmt.Errorf("populateKeys: Could not retrieve keys from provider %v", err) } @@ -43,17 +44,19 @@ func (job *Job) PopulateAwsCredentialsEnvVarsForJob() error { if job.StateEnvProvider != nil { log.Printf("Project-level AWS role detected, Assuming role: %v for project run: %v", job.ProjectName) var err error - if job.PlanStage != nil { - // TODO: check that the first step is infact the terraform "init" step - job.PlanStage.Steps[0].ExtraArgs, err = populateBackendConfig(job.PlanStage.Steps[0].ExtraArgs, *job.StateEnvProvider) - } + backendConfigArgs, err := populateretrieveBackendConfigArgs(*job.StateEnvProvider) if err != nil { log.Printf("Failed to get keys from role: %v", err) return fmt.Errorf("Failed to get (state) keys from role: %v", err) } + + if job.PlanStage != nil { + // TODO: check that the first step is infact the terraform "init" step + job.PlanStage.Steps[0].ExtraArgs = append(job.PlanStage.Steps[0].ExtraArgs, backendConfigArgs...) + } if job.ApplyStage != nil { // TODO: check that the first step is infact the terraform "init" step - job.ApplyStage.Steps[0].ExtraArgs, err = populateBackendConfig(job.ApplyStage.Steps[0].ExtraArgs, *job.StateEnvProvider) + job.ApplyStage.Steps[0].ExtraArgs = append(job.ApplyStage.Steps[0].ExtraArgs, backendConfigArgs...) } if err != nil { log.Printf("Failed to get keys from role: %v", err)