From 6abc5ce799a5a04c1f7c681e6f308fefa5c73f7a Mon Sep 17 00:00:00 2001
From: Eoin McAfee <eoin_mcafee@hotmail.co.uk>
Date: Tue, 29 Aug 2023 11:31:06 +0100
Subject: [PATCH 1/2] adds externalID mapping for assume role

---
 main.go   |  5 +++++
 plugin.go | 17 ++++++++++++-----
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/main.go b/main.go
index cc2c333..c906fe5 100644
--- a/main.go
+++ b/main.go
@@ -132,6 +132,11 @@ func main() {
 			Name:  "env-file",
 			Usage: "source env file",
 		},
+		cli.StringFlag{
+			Name:   "externalID",
+			Usage:  "external ID to use when assuming role",
+			EnvVar: "PLUGIN_EXTERNAL_ID",
+		},
 	}
 
 	if err := app.Run(os.Args); err != nil {
diff --git a/plugin.go b/plugin.go
index b4757e4..09540d1 100644
--- a/plugin.go
+++ b/plugin.go
@@ -90,6 +90,9 @@ type Plugin struct {
 	PathStyle bool
 	// Dry run without uploading/
 	DryRun bool
+
+	// set externalID for assume role
+	ExternalID string
 }
 
 // Exec runs the plugin
@@ -108,7 +111,7 @@ func (p *Plugin) Exec() error {
 	if p.Key != "" && p.Secret != "" {
 		conf.Credentials = credentials.NewStaticCredentials(p.Key, p.Secret, "")
 	} else if p.AssumeRole != "" {
-		conf.Credentials = assumeRole(p.AssumeRole, p.AssumeRoleSessionName)
+		conf.Credentials = assumeRole(p.AssumeRole, p.AssumeRoleSessionName, p.ExternalID)
 	} else {
 		log.Warn("AWS Key and/or Secret not provided (falling back to ec2 instance profile)")
 	}
@@ -287,7 +290,7 @@ func matchExtension(match string, stringMap map[string]string) string {
 	return ""
 }
 
-func assumeRole(roleArn, roleSessionName string) *credentials.Credentials {
+func assumeRole(roleArn, roleSessionName, externalID string) *credentials.Credentials {
 	sess, _ := session.NewSession()
 	client := sts.New(sess)
 	duration := time.Hour * 1
@@ -298,6 +301,10 @@ func assumeRole(roleArn, roleSessionName string) *credentials.Credentials {
 		RoleSessionName: roleSessionName,
 	}
 
+	if externalID != "" {
+		stsProvider.ExternalID = &externalID
+	}
+
 	return credentials.NewCredentials(stsProvider)
 }
 
@@ -318,17 +325,17 @@ func isDir(source string, matches []string) bool {
 	if err != nil {
 		return true // should never happen
 	}
-	if (stat.IsDir()) {
+	if stat.IsDir() {
 		count := 0
 		for _, match := range matches {
 			if strings.HasPrefix(match, source) {
-				count++;
+				count++
 			}
 		}
 		if count <= 1 {
 			log.Warnf("Skipping '%s' since it is a directory. Please use correct glob expression if this is unexpected.", source)
 		}
-		return true;
+		return true
 	}
 	return false
 }

From e3d840784fd8fe8c98317896f69c4965492f4151 Mon Sep 17 00:00:00 2001
From: Eoin McAfee <eoin_mcafee@hotmail.co.uk>
Date: Tue, 29 Aug 2023 13:23:03 +0100
Subject: [PATCH 2/2] forgot mappings

---
 main.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/main.go b/main.go
index c906fe5..80cd028 100644
--- a/main.go
+++ b/main.go
@@ -133,7 +133,7 @@ func main() {
 			Usage: "source env file",
 		},
 		cli.StringFlag{
-			Name:   "externalID",
+			Name:   "external-id",
 			Usage:  "external ID to use when assuming role",
 			EnvVar: "PLUGIN_EXTERNAL_ID",
 		},
@@ -170,6 +170,7 @@ func run(c *cli.Context) error {
 		StorageClass:          c.String("storage-class"),
 		PathStyle:             c.Bool("path-style"),
 		DryRun:                c.Bool("dry-run"),
+		ExternalID:            c.String("external-id"),
 	}
 
 	return plugin.Exec()