wip

awslabs · May 3, 2024 · 1db0c06 · 1db0c06
1 parent 73a2f61
commit 1db0c06
Show file tree

Hide file tree

Showing 3 changed files with 65 additions and 35 deletions.
diff --git a/include/aws/auth/private/credentials_utils.h b/include/aws/auth/private/credentials_utils.h
@@ -16,6 +16,7 @@ struct aws_http_connection_manager;
 struct aws_http_make_request_options;
 struct aws_http_stream;
 struct aws_json_value;
+struct aws_profile;
 
 /*
  * Internal struct tracking an asynchronous credentials query.
@@ -29,9 +30,9 @@ struct aws_credentials_query {
     void *user_data;
 };
 
-typedef struct aws_http_connection_manager *(aws_http_connection_manager_new_fn)(
-    struct aws_allocator *allocator,
-    const struct aws_http_connection_manager_options *options);
+typedef struct aws_http_connection_manager *(
+    aws_http_connection_manager_new_fn)(struct aws_allocator *allocator,
+                                        const struct aws_http_connection_manager_options *options);
 typedef void(aws_http_connection_manager_release_fn)(struct aws_http_connection_manager *manager);
 typedef void(aws_http_connection_manager_acquire_connection_fn)(
     struct aws_http_connection_manager *manager,
@@ -40,9 +41,9 @@ typedef void(aws_http_connection_manager_acquire_connection_fn)(
 typedef int(aws_http_connection_manager_release_connection_fn)(
     struct aws_http_connection_manager *manager,
     struct aws_http_connection *connection);
-typedef struct aws_http_stream *(aws_http_connection_make_request_fn)(
-    struct aws_http_connection *client_connection,
-    const struct aws_http_make_request_options *options);
+typedef struct aws_http_stream *(
+    aws_http_connection_make_request_fn)(struct aws_http_connection *client_connection,
+                                         const struct aws_http_make_request_options *options);
 typedef int(aws_http_stream_activate_fn)(struct aws_http_stream *stream);
 typedef struct aws_http_connection *(aws_http_stream_get_connection_fn)(const struct aws_http_stream *stream);
 
@@ -171,6 +172,11 @@ int aws_credentials_provider_construct_endpoint(
     const struct aws_string *region,
     const struct aws_string *service_name);
 
+AWS_AUTH_API
+struct aws_string *aws_credentials_provider_resolve_region(
+    struct aws_allocator *allocator,
+    const struct aws_profile *profile);
+
 /*
  * Loads an aws config profile collection
  */

diff --git a/source/credentials_provider_sts_web_identity.c b/source/credentials_provider_sts_web_identity.c
@@ -806,8 +806,6 @@ static void s_on_connection_manager_shutdown(void *user_data) {
     aws_mem_release(provider->allocator, provider);
 }
 
-AWS_STATIC_STRING_FROM_LITERAL(s_region_config, "region");
-AWS_STATIC_STRING_FROM_LITERAL(s_region_env, "AWS_DEFAULT_REGION");
 AWS_STATIC_STRING_FROM_LITERAL(s_role_arn_config, "role_arn");
 AWS_STATIC_STRING_FROM_LITERAL(s_role_arn_env, "AWS_ROLE_ARN");
 AWS_STATIC_STRING_FROM_LITERAL(s_role_session_name_config, "role_session_name");
@@ -955,7 +953,7 @@ static struct sts_web_identity_parameters *s_parameters_new(
     parameters->allocator = allocator;
 
     bool success = false;
-    struct aws_string *region = s_check_or_get_with_env(allocator, s_region_env, options->region);
+    struct aws_string *region = NULL;
     struct aws_string *role_arn = s_check_or_get_with_env(allocator, s_role_arn_env, options->role_arn);
     struct aws_string *role_session_name =
         s_check_or_get_with_env(allocator, s_role_session_name_env, options->role_session_name);
@@ -971,38 +969,38 @@ static struct sts_web_identity_parameters *s_parameters_new(
     struct aws_profile_collection *config_profile = NULL;
     struct aws_string *profile_name = NULL;
     const struct aws_profile *profile = NULL;
-    bool get_all_parameters =
-        (region && region->len && role_arn && role_arn->len && token_file_path && token_file_path->len);
-    if (!get_all_parameters) {
-        if (options->config_profile_collection_cached) {
-            /* Use cached profile collection */
-            config_profile = aws_profile_collection_acquire(options->config_profile_collection_cached);
-        } else {
-            /* Load profile collection from files */
-            config_profile = s_load_profile(allocator);
-            if (!config_profile) {
-                goto on_finish;
-            }
+    if (options->config_profile_collection_cached) {
+        /* Use cached profile collection */
+        config_profile = aws_profile_collection_acquire(options->config_profile_collection_cached);
+    } else {
+        /* Load profile collection from files */
+        config_profile = s_load_profile(allocator);
+        if (!config_profile) {
+            goto on_finish;
         }
+    }
 
-        profile_name = aws_get_profile_name(allocator, &options->profile_name_override);
-        profile = aws_profile_collection_get_profile(config_profile, profile_name);
+    profile_name = aws_get_profile_name(allocator, &options->profile_name_override);
+    profile = aws_profile_collection_get_profile(config_profile, profile_name);
 
-        if (!profile) {
-            AWS_LOGF_ERROR(
-                AWS_LS_AUTH_CREDENTIALS_PROVIDER,
-                "Failed to resolve either region, role arn or token file path during sts web identity provider "
-                "initialization.");
-            goto on_finish;
+    if (!profile) {
+        AWS_LOGF_ERROR(
+            AWS_LS_AUTH_CREDENTIALS_PROVIDER,
+            "Failed to resolve either region, role arn or token file path during sts web identity provider "
+            "initialization.");
+        goto on_finish;
+    }
 
-        } else {
-            s_check_or_get_with_profile_config(allocator, profile, &region, s_region_config);
-            s_check_or_get_with_profile_config(allocator, profile, &role_arn, s_role_arn_config);
-            s_check_or_get_with_profile_config(allocator, profile, &role_session_name, s_role_session_name_config);
-            s_check_or_get_with_profile_config(allocator, profile, &token_file_path, s_token_file_path_config);
-        }
+    if (options->region.len > 0) {
+        region = aws_string_new_from_cursor(allocator, &options->region);
+    } else {
+        region = aws_credentials_provider_resolve_region(allocator, profile);
     }
 
+    s_check_or_get_with_profile_config(allocator, profile, &role_arn, s_role_arn_config);
+    s_check_or_get_with_profile_config(allocator, profile, &role_session_name, s_role_session_name_config);
+    s_check_or_get_with_profile_config(allocator, profile, &token_file_path, s_token_file_path_config);
+
     /* determin endpoint */
     if (aws_credentials_provider_construct_endpoint(allocator, &parameters->endpoint, region, s_sts_service_name)) {
         AWS_LOGF_ERROR(

diff --git a/source/credentials_utils.c b/source/credentials_utils.c
@@ -10,6 +10,7 @@
 #include <aws/common/json.h>
 #include <aws/common/string.h>
 #include <aws/common/uuid.h>
+#include <aws/common/environment.h>
 #include <aws/http/connection.h>
 #include <aws/http/request_response.h>
 #include <aws/http/status_code.h>
@@ -406,3 +407,28 @@ int aws_credentials_provider_construct_endpoint(
     aws_byte_buf_clean_up(out_endpoint);
     return AWS_OP_ERR;
 }
+
+AWS_STATIC_STRING_FROM_LITERAL(s_region_config, "region");
+AWS_STATIC_STRING_FROM_LITERAL(s_region_env, "AWS_DEFAULT_REGION");
+
+struct aws_string *aws_credentials_provider_resolve_region(
+    struct aws_allocator *allocator,
+    const struct aws_profile *profile) {
+    AWS_PRECONDITION(allocator);
+    AWS_PRECONDITION(profile);
+
+    /* check environment variable */
+    struct aws_string *region = NULL;
+    aws_get_environment_value(allocator, s_region_env, &region);
+
+    if (region != NULL && region->len > 0) {
+        return region;
+    }
+
+    /* check the config file */
+    const struct aws_profile_property *property = aws_profile_get_property(profile, s_region_config);
+    if (property) {
+        region = aws_string_new_from_string(allocator, aws_profile_property_get_value(property));
+    }
+    return region;
+}