Add support for profile selection in clusterawsadm bootstrap credentials encode-as-profile

Viktor Vergunov · Viktor Vergunov · commit 77f5c5671680 · 2025-05-14T18:28:30.000+02:00
diff --git a/cmd/clusterawsadm/cmd/bootstrap/credentials/credentials.go b/cmd/clusterawsadm/cmd/bootstrap/credentials/credentials.go
@@ -131,7 +131,13 @@ func generateAWSDefaultProfileWithChain() *cobra.Command {
 				region = backupAWSRegion
 			}
 
-			awsCreds, err := creds.NewAWSCredentialFromDefaultChain(region)
+			profile := flags.GetProfile(c)
+			if profile == "" {
+				fmt.Fprintf(os.Stderr, "Could not resolve AWS profile, defaulting to default.\n\n")
+				profile = "default"
+			}
+
+			awsCreds, err := creds.NewAWSCredentialFromDefaultChain(region, profile)
 			if err != nil {
 				return flags.ResolveAWSError(err)
 			}
@@ -156,5 +162,6 @@ func generateAWSDefaultProfileWithChain() *cobra.Command {
 
 	newCmd.Flags().String("output", string(base64SharedConfig), "Output for credential configuration (rawSharedConfig, base64SharedConfig)")
 	flags.AddRegionFlag(newCmd)
+	flags.AddProfileFlag(newCmd)
 	return newCmd
 }
diff --git a/cmd/clusterawsadm/cmd/flags/common.go b/cmd/clusterawsadm/cmd/flags/common.go
@@ -67,3 +67,13 @@ func MarkAlphaDeprecated(c *cobra.Command) {
 func CredentialWarning(c *cobra.Command) {
 	fmt.Fprintf(os.Stderr, "\nWARNING: `%s` should only be used for bootstrapping.\n\n", c.Name())
 }
+
+// AddProfileFlag will add a profile flag to the cli.
+func AddProfileFlag(c *cobra.Command) {
+	c.Flags().String("profile", "", "The AWS profile to use for authentication")
+}
+
+// GetProfile will return the AWS profile to use.
+func GetProfile(c *cobra.Command) string {
+	return c.Flags().Lookup("profile").Value.String()
+}
diff --git a/cmd/clusterawsadm/credentials/credentials.go b/cmd/clusterawsadm/credentials/credentials.go
@@ -58,12 +58,13 @@ type AWSCredentials struct {
 
 // NewAWSCredentialFromDefaultChain will create a new credential provider chain from the
 // default chain.
-func NewAWSCredentialFromDefaultChain(region string) (*AWSCredentials, error) {
+func NewAWSCredentialFromDefaultChain(region, profile string) (*AWSCredentials, error) {
 	creds := AWSCredentials{}
 	conf := aws.NewConfig()
 	conf.CredentialsChainVerboseErrors = aws.Bool(true)
 	sess, err := session.NewSessionWithOptions(session.Options{
 		SharedConfigState: session.SharedConfigEnable,
+		Profile:           profile,
 		Config:            *conf,
 	})
 	if err != nil {

Original file line number	Diff line number	Diff line change
`@@ -131,7 +131,13 @@ func generateAWSDefaultProfileWithChain() *cobra.Command {`
`131`	`131`	`region = backupAWSRegion`
`132`	`132`	`}`
`133`	`133`
`134`		`- awsCreds, err := creds.NewAWSCredentialFromDefaultChain(region)`
	`134`	`+ profile := flags.GetProfile(c)`
	`135`	`+ if profile == "" {`
	`136`	`+ fmt.Fprintf(os.Stderr, "Could not resolve AWS profile, defaulting to default.\n\n")`
	`137`	`+ profile = "default"`
	`138`	`+ }`
	`139`	`+`
	`140`	`+ awsCreds, err := creds.NewAWSCredentialFromDefaultChain(region, profile)`
`135`	`141`	`if err != nil {`
`136`	`142`	`return flags.ResolveAWSError(err)`
`137`	`143`	`}`
`@@ -156,5 +162,6 @@ func generateAWSDefaultProfileWithChain() *cobra.Command {`
`156`	`162`
`157`	`163`	`newCmd.Flags().String("output", string(base64SharedConfig), "Output for credential configuration (rawSharedConfig, base64SharedConfig)")`
`158`	`164`	`flags.AddRegionFlag(newCmd)`
	`165`	`+ flags.AddProfileFlag(newCmd)`
`159`	`166`	`return newCmd`
`160`	`167`	`}`