Skip to content

Commit

Permalink
expand warnings for missing aws auth
Browse files Browse the repository at this point in the history
  • Loading branch information
@wr0ngway
wr0ngway committed Dec 5, 2018
1 parent 9a247a8 commit 3ad6ec0
Show file tree
Hide file tree
Showing 2 changed files with 70 additions and 5 deletions.
16 changes: 14 additions & 2 deletions lib/simplygenius/atmos/providers/aws/auth_manager.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,20 @@ def authenticate(system_env, **opts, &block)
profile = system_env['AWS_PROFILE']
key = system_env['AWS_ACCESS_KEY_ID']
secret = system_env['AWS_SECRET_ACCESS_KEY']
if profile.blank? && (key.blank? || secret.blank?)
logger.warn("An aws profile or key/secret should be supplied via the environment")
# dont warn if default profile
no_creds = ::Aws::SharedCredentials.new.credentials.nil? rescue true

if profile.blank? && (key.blank? || secret.blank?) && no_creds
logger.warn("No AWS credentials are active in the environment nor shared credential store")
logger.warn("Run 'aws configure' to add some to the shared credential store")
end
if profile.present? && key.present?
logger.warn("Ignoring AWS_PROFILE because AWS_ACCESS_KEY_ID is set in the environment")
end

if Atmos.config["auth.bypass"]
logger.warn("Bypassing atmos aws authentication")
return block.call(Hash[system_env])
end

# Handle bootstrapping a new env account. Newly created organization
Expand Down
59 changes: 56 additions & 3 deletions spec/providers/aws/auth_manager_spec.rb
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
require 'simplygenius/atmos/providers/aws/auth_manager'
require 'climate_control'

module SimplyGenius
module Atmos
Expand Down Expand Up @@ -160,9 +161,54 @@ module Aws

describe "authenticate" do

it "warns if environment doesn't contain auth" do
manager.authenticate({}) {}
expect(Logging.contents).to match(/should be supplied/)
describe "environment warning" do

around(:each) do |ex|
ClimateControl.modify('AWS_PROFILE' => nil, 'AWS_ACCESS_KEY_ID' => nil, 'AWS_SECRET_ACCESS_KEY' => nil) do
ex.run
end
::Aws.shared_config.fresh
end

it "doesn't warn if environment contains profile" do
manager.authenticate({'AWS_PROFILE' => "foo"}) {}
expect(Logging.contents).to_not match(/No AWS credentials are active/)
end

it "doesn't warn if environment contains access key" do
manager.authenticate({'AWS_ACCESS_KEY_ID' => "foo", 'AWS_SECRET_ACCESS_KEY' => 'bar'}) {}
expect(Logging.contents).to_not match(/No AWS credentials are active/)
end

it "doesn't warn if a default profile is active" do
within_construct do |c|
c.file("credentials", <<~EOF
[default]
aws_access_key_id = abc123
aws_secret_access_key = abc123
EOF
)
ClimateControl.modify("AWS_SHARED_CREDENTIALS_FILE" => "#{c}/credentials") do
::Aws.shared_config.fresh
manager.authenticate({}) {}
expect(Logging.contents).to_not match(/No AWS credentials are active/)
end
end
end

it "warns if environment doesn't contain auth" do
ClimateControl.modify("AWS_SHARED_CREDENTIALS_FILE" => "/no/creds") do
::Aws.shared_config.fresh
manager.authenticate({}) {}
expect(Logging.contents).to match(/No AWS credentials are active/)
end
end

it "warns if environment contains profile and key" do
manager.authenticate({'AWS_PROFILE' => "foo", 'AWS_ACCESS_KEY_ID' => "foo"}) {}
expect(Logging.contents).to match(/Ignoring AWS_PROFILE/)
end

end

it "fails if STS can't do anything" do
Expand Down Expand Up @@ -229,6 +275,13 @@ module Aws
expect(Logging.contents).to match(/Using aws root credentials/)
end

it "uses simple path for bypass option" do
expect(::Aws::STS::Client).to receive(:new).never
Atmos.config["auth"]["bypass"] = true
expect { |b| manager.authenticate({}, &b) }.to yield_with_args
expect(Logging.contents).to match(/Bypassing atmos aws authentication/)
end

it "authenticates" do
expect { |b| manager.authenticate({'AWS_PROFILE' => 'profile'}, &b) }.
to yield_with_args(
Expand Down

0 comments on commit 3ad6ec0

Please sign in to comment.