Merge pull request #445 from jantman/issues/444

Fixes #444 - Add duration parameter to WithAwsPlugin.withRole()

Author: vincentclee

CHANGELOG.md

@@ -8,6 +8,7 @@
 - [Issue #432](https://github.com/manheim/terraform-pipeline/issues/432) pass TagPlugin through `-var-file={env}-tags.tfvars`
 - [Issue #417](https://github.com/manheim/terraform-pipeline/issues/417) DestroyPlugin & PassPlanFilePlugin - Terraform Destroy can't be called with a plan file
 - [Issue #436](https://github.com/manheim/terraform-pipeline/issues/436) Bug Fix: Omit variables and variable files from apply command if a plan file is specified
+- [Issue #444](https://github.com/manheim/terraform-pipeline/issues/444) Expose optional duration parameter on WithAwsPlugin's `withRole()`
 
 # v5.19
 

docs/WithAwsPlugin.md

@@ -60,3 +60,15 @@ validate.then(deployQa)
         .then(deployProd)
         .build()
 ```
+
+If you want to specify a role session duration other than the default of 1 hour (3600 seconds), you can do so by providing an integer duration to `withDuration()`:
+
+```
+WithAwsPlugin.withDuration(43200).init()
+```
+
+or, with a specific role ARN
+
+```
+WithAwsPlugin.withRole('MY_ROLE_ARN').withDuration(43200).init()
+```

src/WithAwsPlugin.groovy

@@ -2,6 +2,7 @@ import static TerraformEnvironmentStage.ALL
 
 class WithAwsPlugin implements TerraformEnvironmentStagePlugin, Resettable {
     private static role
+    private static duration
 
     public static void init() {
         WithAwsPlugin plugin = new WithAwsPlugin()
@@ -19,9 +20,10 @@ class WithAwsPlugin implements TerraformEnvironmentStagePlugin, Resettable {
     public Closure addWithAwsRole(String environment) {
         return { closure ->
             String iamRole = getRole(environment)
+            Integer sessionDuration = getDuration()
 
             if (iamRole != null) {
-                withAWS(role: iamRole) {
+                withAWS(role: iamRole, duration: sessionDuration) {
                     sh "echo Running AWS commands under the role: ${iamRole}"
                     closure()
                 }
@@ -38,6 +40,12 @@ class WithAwsPlugin implements TerraformEnvironmentStagePlugin, Resettable {
         return this
     }
 
+    public static withDuration(Integer duration = 3600) {
+        this.duration = duration
+
+        return this
+    }
+
     public String getRole(String environment) {
         def tempRole = this.role
 
@@ -56,7 +64,18 @@ class WithAwsPlugin implements TerraformEnvironmentStagePlugin, Resettable {
         return tempRole
     }
 
+    public Integer getDuration() {
+        def tempDuration = this.@duration
+
+        if (tempDuration == null) {
+            tempDuration = 3600
+        }
+
+        return tempDuration
+    }
+
     public static void reset() {
         this.role = null
+        this.duration = 3600
     }
 }

test/WithAwsPluginTest.groovy

@@ -85,44 +85,30 @@ class WithAwsPluginTest {
     }
 
     @Nested
-    public class WithExplicitRole {
+    public class WithDefaultDuration {
         @Test
-        void returnsProvidedRole() {
-            def expectedRole = "myRole"
+        void returnsDefaultDuration() {
+            def expectedDuration = 3600
             def plugin = new WithAwsPlugin()
+            MockJenkinsfile.withEnv(AWS_ROLE_ARN: 'foo')
 
-            plugin.withRole(expectedRole)
-
-            def actualRole = plugin.getRole()
-
-            assertThat(actualRole, is(expectedRole))
-        }
-
-        @Test
-        void prefersProvidedRoleOverGenericRole() {
-            def expectedRole = "correctRole"
-            def plugin = new WithAwsPlugin()
-            MockJenkinsfile.withEnv(AWS_ROLE_ARN: 'incorrectRole')
-
-            plugin.withRole(expectedRole)
-
-            def actualRole = plugin.getRole()
-
-            assertThat(actualRole, is(expectedRole))
+            def actualDuration = plugin.getDuration()
+            assertThat(actualDuration, is(expectedDuration))
         }
+    }
 
+    @Nested
+    public class WithExplicitDuration {
         @Test
-        void prefersProvidedRoleOverEnvironmntSpecificRole() {
-            def expectedRole = "correctRole"
+        void returnsExplicitDuration() {
+            def expectedDuration = 43200
             def plugin = new WithAwsPlugin()
-            MockJenkinsfile.withEnv(QA_AWS_ROLE_ARN: 'incorrectRole')
 
-            plugin.withRole(expectedRole)
+            plugin.withDuration(expectedDuration)
 
-            def actualRole = plugin.getRole('qa')
+            def actualDuration = plugin.getDuration()
 
-            assertThat(actualRole, is(expectedRole))
+            assertThat(actualDuration, is(expectedDuration))
         }
     }
 }
-