+def ensure_minio_credentials():
+ global minio_credentials
+
+ if minio_credentials is None:
+ minio_credentials = {}
+
+ params = {'Action': 'AssumeRoleWithWebIdentity',
+ 'Version': '2011-06-15',
+ 'RoleArn': 'arn:aws:iam::123456789012:role/FederatedWebIdentityRole',
+ 'RoleSessionName': '%s:%s' % (os.environ['CI_PROJECT_PATH'], os.environ['CI_JOB_ID']),
+ 'DurationSeconds': 900,
+ 'WebIdentityToken': os.environ['CI_JOB_JWT']}
+ r = requests.post('https://%s' % (MINIO_HOST), params=params)
+ if r.status_code >= 400:
+ print(r.text)
+ r.raise_for_status()
+
+ root = ET.fromstring(r.text)
+ for attr in root.iter():
+ if attr.tag == '{https://sts.amazonaws.com/doc/2011-06-15/}AccessKeyId':
+ minio_credentials['AccessKeyId'] = attr.text
+ elif attr.tag == '{https://sts.amazonaws.com/doc/2011-06-15/}SecretAccessKey':
+ minio_credentials['SecretAccessKey'] = attr.text
+ elif attr.tag == '{https://sts.amazonaws.com/doc/2011-06-15/}SessionToken':
+ minio_credentials['SessionToken'] = attr.text
+