fluidattacks_core/git/clone/
codecommit.rs1use anyhow::{Context, Result};
2use std::path::Path;
3use tokio::process::Command;
4
5use super::{build_clone_args, CloneOpts};
6use crate::aws;
7use crate::types::CredentialKind;
8
9pub async fn clone_codecommit(opts: &CloneOpts, dest: &Path) -> Result<()> {
10 let (arn, external_id) = match &opts.credentials.as_ref().map(|c| &c.kind) {
11 Some(CredentialKind::AwsRole { arn, external_id }) => (arn.as_str(), external_id.as_str()),
12 _ => anyhow::bail!("expected AwsRole credentials for CodeCommit clone"),
13 };
14
15 let creds = aws::assume_role(arn, external_id, &opts.repo_url).await?;
16
17 let extra_config = vec!["-c".to_string(), "http.sslVerify=false".to_string()];
18 let args = build_clone_args(opts, &opts.repo_url, dest, &extra_config);
19
20 let status = Command::new("git")
21 .args(&args)
22 .env("AWS_ACCESS_KEY_ID", &creds.access_key)
23 .env("AWS_SECRET_ACCESS_KEY", &creds.secret_key)
24 .env("AWS_SESSION_TOKEN", &creds.session_token)
25 .env("AWS_DEFAULT_REGION", &creds.region)
26 .status()
27 .await
28 .context("running git clone (CodeCommit)")?;
29
30 if !status.success() {
31 anyhow::bail!("git clone (CodeCommit) failed with status {status}");
32 }
33
34 Ok(())
35}