Merge pull request ManageIQ#630 from alauddinulaganathan/assume_role_support_for_aws_eks_credentials

Assume role support for aws eks credentials

(cherry picked from commit 9f95df3)

Author: agrare

Diff for: README.md

@@ -313,10 +313,14 @@ require 'aws-sdk-core'
 credentials = Aws::Credentials.new(access_key, secret_key)
 # Or a profile
 credentials = Aws::SharedCredentials.new(profile_name: 'default').credentials
+# Or for an STS Assumed Role Credentials or any other credential Provider other than Static Credentials
+credentials = Aws::AssumeRoleCredentials.new({ client: sts_client, role_arn: role_arn, role_session_name: session_name })
 
+# Kubeclient Auth Options
 auth_options = {
   bearer_token: Kubeclient::AmazonEksCredentials.token(credentials, eks_cluster_name)
 }
+
 client = Kubeclient::Client.new(
   eks_cluster_https_endpoint, 'v1', auth_options: auth_options
 )

Diff for: lib/kubeclient/aws_eks_credentials.rb

@@ -20,11 +20,21 @@ def token(credentials, eks_cluster, region: 'us-east-1')
         end
         # https://github.com/aws/aws-sdk-ruby/pull/1848
         # Get a signer
-        signer = Aws::Sigv4::Signer.new(
-          service: 'sts',
-          region: region,
-          credentials: credentials
-        )
+        signer = if credentials.respond_to?(:credentials)
+                   Aws::Sigv4::Signer.new(
+                     service: 'sts',
+                     region: region,
+                     credentials_provider: credentials
+                   )
+                 else
+                   Aws::Sigv4::Signer.new(
+                     service: 'sts',
+                     region: region,
+                     credentials: credentials
+                   )
+                 end
+
+        credentials = credentials.credentials if credentials.respond_to?(:credentials)
 
         # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Sigv4/Signer.html#presign_url-instance_method
         presigned_url_string = signer.presign_url(