Manage aws credentials within setup command

Signed-off-by: Guillaume Lours <guillaume.lours@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

ecs/cmd/commands/setup.go

@@ -1,14 +1,23 @@
 package commands
 
 import (
+	"fmt"
+	"os"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/docker/cli/cli-plugins/plugin"
 	contextStore "github.com/docker/ecs-plugin/pkg/docker"
 	"github.com/spf13/cobra"
+	"gopkg.in/ini.v1"
 )
 
 func SetupCommand() *cobra.Command {
 	var opts contextStore.AwsContext
 	var name string
+	var accessKeyID string
+	var secretAccessKey string
+
 	cmd := &cobra.Command{
 		Use:   "setup",
 		Short: "",
@@ -18,6 +27,11 @@ func SetupCommand() *cobra.Command {
 			return plugin.PersistentPreRunE(cmd, args)
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
+			if accessKeyID != "" && secretAccessKey != "" {
+				if err := saveCredentials(opts.Profile, accessKeyID, secretAccessKey); err != nil {
+					return err
+				}
+			}
 			return contextStore.NewContext(name, &opts)
 		},
 	}
@@ -25,9 +39,40 @@ func SetupCommand() *cobra.Command {
 	cmd.Flags().StringVarP(&opts.Profile, "profile", "p", "", "AWS Profile")
 	cmd.Flags().StringVarP(&opts.Cluster, "cluster", "c", "", "ECS cluster")
 	cmd.Flags().StringVarP(&opts.Region, "region", "r", "", "AWS region")
+	cmd.Flags().StringVarP(&accessKeyID, "aws-key-id", "k", "", "AWS Access Key ID")
+	cmd.Flags().StringVarP(&secretAccessKey, "aws-secret-key", "s", "", "AWS Secret Access Key")
 
 	cmd.MarkFlagRequired("profile")
 	cmd.MarkFlagRequired("cluster")
 	cmd.MarkFlagRequired("region")
 	return cmd
 }
+
+func saveCredentials(profile string, accessKeyID string, secretAccessKey string) error {
+	p := credentials.SharedCredentialsProvider{Profile: profile}
+	_, err := p.Retrieve()
+	if err == nil {
+		fmt.Println("credentials already exists!")
+		return nil
+	}
+	if err.(awserr.Error).Code() == "SharedCredsLoad" {
+		os.Create(p.Filename)
+	}
+
+	credIni, err := ini.Load(p.Filename)
+	if err != nil {
+		return err
+	}
+	section := credIni.Section(profile)
+	section.Key("aws_access_key_id").SetValue(accessKeyID)
+	section.Key("aws_secret_access_key").SetValue(secretAccessKey)
+
+	credFile, err := os.OpenFile(p.Filename, os.O_WRONLY, 0600)
+	if err != nil {
+		return err
+	}
+	if _, err = credIni.WriteTo(credFile); err != nil {
+		return err
+	}
+	return credFile.Close()
+}

ecs/go.mod

@@ -50,6 +50,7 @@ require (
 	gopkg.in/dancannon/gorethink.v3 v3.0.5 // indirect
 	gopkg.in/fatih/pool.v2 v2.0.0 // indirect
 	gopkg.in/gorethink/gorethink.v3 v3.0.5 // indirect
+	gopkg.in/ini.v1 v1.55.0
 	gotest.tools v2.2.0+incompatible
 	gotest.tools/v3 v3.0.2
 	vbom.ml/util v0.0.0-20180919145318-efcd4e0f9787 // indirect

ecs/go.sum

@@ -412,6 +412,8 @@ gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMy
 gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
 gopkg.in/gorethink/gorethink.v3 v3.0.5 h1:e2Uc/Xe+hpcVQFsj6MuHlYog3r0JYpnTzwDj/y2O4MU=
 gopkg.in/gorethink/gorethink.v3 v3.0.5/go.mod h1:+3yIIHJUGMBK+wyPH+iN5TP+88ikFDfZdqTlK3Y9q8I=
+gopkg.in/ini.v1 v1.55.0 h1:E8yzL5unfpW3M6fz/eB7Cb5MQAYSZ7GKo4Qth+N2sgQ=
+gopkg.in/ini.v1 v1.55.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=