Read all AWS env vars

For both programmatic access, and for pre configuration, we must read in all the appropriate env vars. Fixes #252
pulumi · Feb 12, 2020 · 2df7aa1 · 2df7aa1
1 parent d1b5c8a
commit 2df7aa1
Showing 1 changed file with 35 additions and 7 deletions.
diff --git a/resources.go b/resources.go
@@ -18,6 +18,7 @@ import (
 	"errors"
 	"fmt"
 	"math/rand"
+	"os"
 	"strings"
 	"unicode"
 
@@ -201,11 +202,17 @@ func boolRef(b bool) *bool {
 }
 
 // stringValue gets a string value from a property map if present, else ""
-func stringValue(vars resource.PropertyMap, prop resource.PropertyKey) string {
+func stringValue(vars resource.PropertyMap, prop resource.PropertyKey, envs []string) string {
 	val, ok := vars[prop]
 	if ok && val.IsString() {
 		return val.StringValue()
 	}
+	for _, env := range envs {
+		val, ok := os.LookupEnv(env)
+		if ok {
+			return val
+		}
+	}
 	return ""
 }
 
@@ -214,14 +221,15 @@ func stringValue(vars resource.PropertyMap, prop resource.PropertyKey) string {
 // before passing control to the TF provider to ensure we can report actionable errors.
 func preConfigureCallback(vars resource.PropertyMap, c *terraform.ResourceConfig) error {
 	config := &awsbase.Config{
-		AccessKey: stringValue(vars, "accessKey"),
-		SecretKey: stringValue(vars, "secretKey"),
-		Profile:   stringValue(vars, "profile"),
-		Token:     stringValue(vars, "token"),
-		Region:    stringValue(vars, "region"),
+		AccessKey: stringValue(vars, "accessKey", []string{"AWS_ACCESS_KEY_ID"}),
+		SecretKey: stringValue(vars, "secretKey", []string{"AWS_SECRET_ACCESS_KEY"}),
+		Profile:   stringValue(vars, "profile", []string{"AWS_PROFILE"}),
+		Token:     stringValue(vars, "token", []string{"AWS_SESSION_TOKEN"}),
+		Region:    stringValue(vars, "region", []string{"AWS_REGION", "AWS_DEFAULT_REGION"}),
 	}
 
-	credsPath, err := homedir.Expand(stringValue(vars, "sharedCredentialsFile"))
+	sharedCredentialsFile := stringValue(vars, "sharedCredentialsFile", []string{"AWS_SHARED_CREDENTIALS_FILE"})
+	credsPath, err := homedir.Expand(sharedCredentialsFile)
 	if err != nil {
 		return err
 	}
@@ -251,6 +259,16 @@ func Provider() tfbridge.ProviderInfo {
 		Repository:  "https://github.com/pulumi/pulumi-aws",
 		Version:     version.Version,
 		Config: map[string]*tfbridge.SchemaInfo{
+			"access_key": {
+				Default: &tfbridge.DefaultInfo{
+					EnvVars: []string{"AWS_ACCESS_KEY_ID"},
+				},
+			},
+			"secret_key": {
+				Default: &tfbridge.DefaultInfo{
+					EnvVars: []string{"AWS_SECRET_ACCESS_KEY"},
+				},
+			},
 			"region": {
 				Type: awsTypeNoFile("region", "Region"),
 				Default: &tfbridge.DefaultInfo{
@@ -262,6 +280,16 @@ func Provider() tfbridge.ProviderInfo {
 					EnvVars: []string{"AWS_PROFILE"},
 				},
 			},
+			"token": {
+				Default: &tfbridge.DefaultInfo{
+					EnvVars: []string{"AWS_SESSION_TOKEN"},
+				},
+			},
+			"shared_credentials_file": {
+				Default: &tfbridge.DefaultInfo{
+					EnvVars: []string{"AWS_SHARED_CREDENTIALS_FILE"},
+				},
+			},
 		},
 		PreConfigureCallback: preConfigureCallback,
 		Resources: map[string]*tfbridge.ResourceInfo{