diff --git a/include/aws/auth/private/credentials_utils.h b/include/aws/auth/private/credentials_utils.h index 5c5b18e1..e61117a8 100644 --- a/include/aws/auth/private/credentials_utils.h +++ b/include/aws/auth/private/credentials_utils.h @@ -16,6 +16,7 @@ struct aws_http_connection_manager; struct aws_http_make_request_options; struct aws_http_stream; struct aws_json_value; +struct aws_profile; /* * Internal struct tracking an asynchronous credentials query. @@ -29,9 +30,9 @@ struct aws_credentials_query { void *user_data; }; -typedef struct aws_http_connection_manager *(aws_http_connection_manager_new_fn)( - struct aws_allocator *allocator, - const struct aws_http_connection_manager_options *options); +typedef struct aws_http_connection_manager *( + aws_http_connection_manager_new_fn)(struct aws_allocator *allocator, + const struct aws_http_connection_manager_options *options); typedef void(aws_http_connection_manager_release_fn)(struct aws_http_connection_manager *manager); typedef void(aws_http_connection_manager_acquire_connection_fn)( struct aws_http_connection_manager *manager, @@ -40,9 +41,9 @@ typedef void(aws_http_connection_manager_acquire_connection_fn)( typedef int(aws_http_connection_manager_release_connection_fn)( struct aws_http_connection_manager *manager, struct aws_http_connection *connection); -typedef struct aws_http_stream *(aws_http_connection_make_request_fn)( - struct aws_http_connection *client_connection, - const struct aws_http_make_request_options *options); +typedef struct aws_http_stream *( + aws_http_connection_make_request_fn)(struct aws_http_connection *client_connection, + const struct aws_http_make_request_options *options); typedef int(aws_http_stream_activate_fn)(struct aws_http_stream *stream); typedef struct aws_http_connection *(aws_http_stream_get_connection_fn)(const struct aws_http_stream *stream); @@ -171,6 +172,11 @@ int aws_credentials_provider_construct_endpoint( const struct aws_string *region, const struct aws_string *service_name); +AWS_AUTH_API +struct aws_string *aws_credentials_provider_resolve_region( + struct aws_allocator *allocator, + const struct aws_profile *profile); + /* * Loads an aws config profile collection */ diff --git a/source/credentials_provider_sts_web_identity.c b/source/credentials_provider_sts_web_identity.c index d4f6d88f..d7f8ce6d 100644 --- a/source/credentials_provider_sts_web_identity.c +++ b/source/credentials_provider_sts_web_identity.c @@ -806,8 +806,6 @@ static void s_on_connection_manager_shutdown(void *user_data) { aws_mem_release(provider->allocator, provider); } -AWS_STATIC_STRING_FROM_LITERAL(s_region_config, "region"); -AWS_STATIC_STRING_FROM_LITERAL(s_region_env, "AWS_DEFAULT_REGION"); AWS_STATIC_STRING_FROM_LITERAL(s_role_arn_config, "role_arn"); AWS_STATIC_STRING_FROM_LITERAL(s_role_arn_env, "AWS_ROLE_ARN"); AWS_STATIC_STRING_FROM_LITERAL(s_role_session_name_config, "role_session_name"); @@ -955,7 +953,7 @@ static struct sts_web_identity_parameters *s_parameters_new( parameters->allocator = allocator; bool success = false; - struct aws_string *region = s_check_or_get_with_env(allocator, s_region_env, options->region); + struct aws_string *region = NULL; struct aws_string *role_arn = s_check_or_get_with_env(allocator, s_role_arn_env, options->role_arn); struct aws_string *role_session_name = s_check_or_get_with_env(allocator, s_role_session_name_env, options->role_session_name); @@ -971,38 +969,38 @@ static struct sts_web_identity_parameters *s_parameters_new( struct aws_profile_collection *config_profile = NULL; struct aws_string *profile_name = NULL; const struct aws_profile *profile = NULL; - bool get_all_parameters = - (region && region->len && role_arn && role_arn->len && token_file_path && token_file_path->len); - if (!get_all_parameters) { - if (options->config_profile_collection_cached) { - /* Use cached profile collection */ - config_profile = aws_profile_collection_acquire(options->config_profile_collection_cached); - } else { - /* Load profile collection from files */ - config_profile = s_load_profile(allocator); - if (!config_profile) { - goto on_finish; - } + if (options->config_profile_collection_cached) { + /* Use cached profile collection */ + config_profile = aws_profile_collection_acquire(options->config_profile_collection_cached); + } else { + /* Load profile collection from files */ + config_profile = s_load_profile(allocator); + if (!config_profile) { + goto on_finish; } + } - profile_name = aws_get_profile_name(allocator, &options->profile_name_override); - profile = aws_profile_collection_get_profile(config_profile, profile_name); + profile_name = aws_get_profile_name(allocator, &options->profile_name_override); + profile = aws_profile_collection_get_profile(config_profile, profile_name); - if (!profile) { - AWS_LOGF_ERROR( - AWS_LS_AUTH_CREDENTIALS_PROVIDER, - "Failed to resolve either region, role arn or token file path during sts web identity provider " - "initialization."); - goto on_finish; + if (!profile) { + AWS_LOGF_ERROR( + AWS_LS_AUTH_CREDENTIALS_PROVIDER, + "Failed to resolve either region, role arn or token file path during sts web identity provider " + "initialization."); + goto on_finish; + } - } else { - s_check_or_get_with_profile_config(allocator, profile, ®ion, s_region_config); - s_check_or_get_with_profile_config(allocator, profile, &role_arn, s_role_arn_config); - s_check_or_get_with_profile_config(allocator, profile, &role_session_name, s_role_session_name_config); - s_check_or_get_with_profile_config(allocator, profile, &token_file_path, s_token_file_path_config); - } + if (options->region.len > 0) { + region = aws_string_new_from_cursor(allocator, &options->region); + } else { + region = aws_credentials_provider_resolve_region(allocator, profile); } + s_check_or_get_with_profile_config(allocator, profile, &role_arn, s_role_arn_config); + s_check_or_get_with_profile_config(allocator, profile, &role_session_name, s_role_session_name_config); + s_check_or_get_with_profile_config(allocator, profile, &token_file_path, s_token_file_path_config); + /* determin endpoint */ if (aws_credentials_provider_construct_endpoint(allocator, ¶meters->endpoint, region, s_sts_service_name)) { AWS_LOGF_ERROR( diff --git a/source/credentials_utils.c b/source/credentials_utils.c index 53b5a3f1..ba8ebd61 100644 --- a/source/credentials_utils.c +++ b/source/credentials_utils.c @@ -10,6 +10,7 @@ #include #include #include +#include #include #include #include @@ -406,3 +407,28 @@ int aws_credentials_provider_construct_endpoint( aws_byte_buf_clean_up(out_endpoint); return AWS_OP_ERR; } + +AWS_STATIC_STRING_FROM_LITERAL(s_region_config, "region"); +AWS_STATIC_STRING_FROM_LITERAL(s_region_env, "AWS_DEFAULT_REGION"); + +struct aws_string *aws_credentials_provider_resolve_region( + struct aws_allocator *allocator, + const struct aws_profile *profile) { + AWS_PRECONDITION(allocator); + AWS_PRECONDITION(profile); + + /* check environment variable */ + struct aws_string *region = NULL; + aws_get_environment_value(allocator, s_region_env, ®ion); + + if (region != NULL && region->len > 0) { + return region; + } + + /* check the config file */ + const struct aws_profile_property *property = aws_profile_get_property(profile, s_region_config); + if (property) { + region = aws_string_new_from_string(allocator, aws_profile_property_get_value(property)); + } + return region; +}