Add support of default AWS credentials chain (closes #36)

snowplow · Aug 24, 2020 · f6e4718 · f6e4718
1 parent 38de873
commit f6e4718
Show file tree

Hide file tree

Showing 6 changed files with 35 additions and 10 deletions.
diff --git a/src/emr_cluster.go b/src/emr_cluster.go
@@ -45,7 +45,7 @@ func InitEmrCluster(clusterConfig ClusterConfig) (*EmrCluster, error) {
 		return nil, err
 	}
 
-	svc := emr.New(session.New(), &aws.Config{
+	svc := emr.New(session.Must(session.NewSession()), &aws.Config{
 		Region:      aws.String(clusterConfig.Region),
 		Credentials: creds,
 	})

diff --git a/src/job_flow_steps.go b/src/job_flow_steps.go
@@ -43,7 +43,7 @@ func InitJobFlowSteps(playbookConfig PlaybookConfig, jobflowID string, isAsync b
 		return nil, err
 	}
 
-	emrSvc := emr.New(session.New(), &aws.Config{
+	emrSvc := emr.New(session.Must(session.NewSession()), &aws.Config{
 		Region:      aws.String(playbookConfig.Region),
 		Credentials: creds,
 	})

diff --git a/src/lock_test.go b/src/lock_test.go
@@ -25,13 +25,14 @@ import (
 )
 
 func makeClient(t *testing.T) (*api.Client, *testutil.TestServer) {
-	// Make client config
-	conf := api.DefaultConfig()
 	// Create server
-	server, err := testutil.NewTestServerConfigT(t, nil)
+	server, err := testutil.NewTestServerT(t)
 	if err != nil {
 		t.Fatal(err)
 	}
+
+	// Make client config
+	conf := api.DefaultConfig()
 	conf.Address = server.HTTPAddr
 
 	// Create client

diff --git a/src/logs_downloader.go b/src/logs_downloader.go
@@ -46,12 +46,14 @@ func InitLogsDownloader(accessKeyID, secretAccessKey, region, jobflowID string)
 		return nil, err
 	}
 
-	emrSvc := emr.New(session.New(), &aws.Config{
+	sess := session.Must(session.NewSession())
+
+	emrSvc := emr.New(sess, &aws.Config{
 		Region:      aws.String(region),
 		Credentials: creds,
 	})
 
-	s3Svc := s3.New(session.New(), &aws.Config{
+	s3Svc := s3.New(sess, &aws.Config{
 		Region:      aws.String(region),
 		Credentials: creds,
 	})

diff --git a/src/utils.go b/src/utils.go
@@ -23,21 +23,29 @@ import (
 
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
+	"github.com/aws/aws-sdk-go/aws/defaults"
 )
 
 // GetCredentialsProvider attempts to fetch credentials from either:
 // 1. IAM Role
 // 2. ENV Variables
-// 3. Static Credentials
+// 3. Default Credential Chain
+// 4. Static Credentials
 func GetCredentialsProvider(a string, s string) (*credentials.Credentials, error) {
 	if isIam(a) && isIam(s) {
 		return credentials.NewCredentials(&ec2rolecreds.EC2RoleProvider{}), nil
-	} else if isIam(a) || isIam(s) {
-		return nil, errors.New("access-key and secret-key must both be set to 'iam', or neither")
 	} else if isEnv(a) && isEnv(s) {
 		return credentials.NewEnvCredentials(), nil
+	} else if isDefault(a) && isDefault(s) {
+		cfg := defaults.Config()
+		handlers := defaults.Handlers()
+		return defaults.CredChain(cfg, handlers), nil
+	} else if isIam(a) || isIam(s) {
+		return nil, errors.New("access-key and secret-key must both be set to 'iam', or neither")
 	} else if isEnv(a) || isEnv(s) {
 		return nil, errors.New("access-key and secret-key must both be set to 'env', or neither")
+	} else if isDefault(a) || isDefault(s) {
+		return nil, errors.New("access-key and secret-key must both be set to 'default', or neither")
 	} else {
 		return credentials.NewStaticCredentials(a, s, ""), nil
 	}
@@ -53,6 +61,11 @@ func isEnv(key string) bool {
 	return key == "env"
 }
 
+// isDefault checks whether or not a variable is asking for default
+func isDefault(key string) bool {
+	return key == "default"
+}
+
 // InterfaceToJSONString writes an interface as a JSON
 func InterfaceToJSONString(m interface{}, pretty bool) string {
 	var b []byte

diff --git a/src/utils_test.go b/src/utils_test.go
@@ -38,6 +38,11 @@ func TestGetCredentialsProvider(t *testing.T) {
 	assert.NotNil(err)
 	assert.Equal("access-key and secret-key must both be set to 'env', or neither", err.Error())
 
+	res, err = GetCredentialsProvider("default", "faulty")
+	assert.Nil(res)
+	assert.NotNil(err)
+	assert.Equal("access-key and secret-key must both be set to 'default', or neither", err.Error())
+
 	res, err = GetCredentialsProvider("iam", "iam")
 	assert.NotNil(res)
 	assert.Nil(err)
@@ -46,6 +51,10 @@ func TestGetCredentialsProvider(t *testing.T) {
 	assert.NotNil(res)
 	assert.Nil(err)
 
+	res, err = GetCredentialsProvider("default", "default")
+	assert.NotNil(res)
+	assert.Nil(err)
+
 	res, err = GetCredentialsProvider("access", "secret")
 	assert.NotNil(res)
 	assert.Nil(err)