Load credentials file from path specified in AWS_SHARED_CREDENTIALS_FILE if AWS_SDK_LOAD_CONFIG is set

Author: jeskew

.changes/next-release/feature-EnvironmentVariable-ce9cbf48.json

@@ -1,5 +1,5 @@
 {
   "type": "feature",
   "category": "EnvironmentVariable",
-  "description": "Add AWS_CREDENTIAL_PROFILES_FILE Environment Variable as defined in the Java AWS_SDK"
-}
+  "description": "Add support for the AWS_SHARED_CREDENTIALS_FILE environment variable if AWS_SDK_LOAD_CONFIG is set"
+}

lib/credentials/shared_ini_file_credentials.js

@@ -2,6 +2,9 @@ var AWS = require('../core');
 var path = require('path');
 var STS = require('../../clients/sts');
 
+var configOptInEnv = 'AWS_SDK_LOAD_CONFIG';
+var defaultProfile = 'default';
+
 /**
  * Represents credentials loaded from shared credentials file
  * (defaulting to ~/.aws/credentials or defined by the
@@ -52,9 +55,9 @@ AWS.SharedIniFileCredentials = AWS.util.inherit(AWS.Credentials, {
 
     options = options || {};
 
-    this.filename = options.filename || process.env.AWS_CREDENTIAL_PROFILES_FILE;
-    this.profile = options.profile || process.env.AWS_PROFILE || 'default';
-    this.disableAssumeRole = !!options.disableAssumeRole;
+    this.filename = options.filename;
+    this.profile = options.profile || process.env.AWS_PROFILE || defaultProfile;
+    this.disableAssumeRole = Boolean(options.disableAssumeRole);
     this.get(function() {});
   },
 
@@ -73,10 +76,18 @@ AWS.SharedIniFileCredentials = AWS.util.inherit(AWS.Credentials, {
     if (!callback) callback = function(err) { if (err) throw err; };
     try {
       if (!this.filename) this.loadDefaultFilename();
+      var profile = {};
+      if (process.env[configOptInEnv]) {
+        var configProfileName = this.profile === defaultProfile ?
+          'default' : 'profile ' + this.profile;
+        var config = AWS.util.ini
+          .parse(AWS.util.readFileSync(this.configFilename));
+        profile = AWS.util.merge(profile, config[configProfileName]);
+      }
       var creds = AWS.util.ini.parse(AWS.util.readFileSync(this.filename));
-      var profile = creds[this.profile];
+      profile = AWS.util.merge(profile, creds[this.profile]);
 
-      if (typeof profile !== 'object') {
+      if (Object.keys(profile).length === 0) {
         throw AWS.util.error(
           new Error('Profile ' + this.profile + ' not found in ' + this.filename),
           { code: 'SharedIniFileCredentialsProviderFailure' }
@@ -193,6 +204,7 @@ AWS.SharedIniFileCredentials = AWS.util.inherit(AWS.Credentials, {
    */
   loadDefaultFilename: function loadDefaultFilename() {
     var env = process.env;
+
     var home = env.HOME ||
                env.USERPROFILE ||
                (env.HOMEPATH ? ((env.HOMEDRIVE || 'C:/') + env.HOMEPATH) : null);
@@ -204,5 +216,11 @@ AWS.SharedIniFileCredentials = AWS.util.inherit(AWS.Credentials, {
     }
 
     this.filename = path.join(home, '.aws', 'credentials');
+
+    if (env[configOptInEnv]) {
+      this.filename = env.AWS_SHARED_CREDENTIALS_FILE || this.filename;
+      this.configFilename = env.AWS_CONFIG_FILE ||
+        path.join(home, '.aws', 'config');
+    }
   }
 });

test/credentials.spec.coffee

@@ -158,7 +158,8 @@ if AWS.util.isNode()
   describe 'AWS.SharedIniFileCredentials', ->
     beforeEach ->
       delete process.env.AWS_PROFILE
-      delete process.env.AWS_CREDENTIAL_PROFILES_FILE
+      delete process.env.AWS_SDK_LOAD_CONFIG
+      delete process.env.AWS_SHARED_CREDENTIALS_FILE
       delete process.env.HOME
       delete process.env.HOMEPATH
       delete process.env.HOMEDRIVE
@@ -210,8 +211,9 @@ if AWS.util.isNode()
         validateCredentials(creds)
         expect(AWS.util.readFileSync.calls[0].arguments[0]).to.match(/[\/\\]home[\/\\]user[\/\\].aws[\/\\]credentials/)
 
-      it 'loads credentials from path defined in AWS_CREDENTIAL_PROFILES_FILE', ->
-        process.env.AWS_CREDENTIAL_PROFILES_FILE = '/path/to/aws/credentials'
+      it 'loads credentials from path defined in AWS_SHARED_CREDENTIALS_FILE if AWS_SDK_LOAD_CONFIG is set', ->
+        process.env.AWS_SDK_LOAD_CONFIG = '1'
+        process.env.AWS_SHARED_CREDENTIALS_FILE = '/path/to/aws/credentials'
         mock = '''
         [default]
         aws_access_key_id = akid
@@ -223,7 +225,23 @@ if AWS.util.isNode()
         creds = new AWS.SharedIniFileCredentials()
         creds.get();
         validateCredentials(creds)
-        expect(AWS.util.readFileSync.calls[0].arguments[0]).to.equal('/path/to/aws/credentials')
+        expect(AWS.util.readFileSync.calls[0].arguments[0]).to.match(/[\/\\]home[\/\\]user[\/\\].aws[\/\\]config/)
+        expect(AWS.util.readFileSync.calls[1].arguments[0]).to.equal(process.env.AWS_SHARED_CREDENTIALS_FILE)
+
+      it 'loads credentials from ~/.aws/credentials if AWS_SDK_LOAD_CONFIG is not set', ->
+        process.env.AWS_SHARED_CREDENTIALS_FILE = '/path/to/aws/credentials'
+        mock = '''
+        [default]
+        aws_access_key_id = akid
+        aws_secret_access_key = secret
+        aws_session_token = session
+        '''
+        helpers.spyOn(AWS.util, 'readFileSync').andReturn(mock)
+
+        creds = new AWS.SharedIniFileCredentials()
+        creds.get();
+        validateCredentials(creds)
+        expect(AWS.util.readFileSync.calls[0].arguments[0]).to.match(/[\/\\]home[\/\\]user[\/\\].aws[\/\\]credentials/)
 
       it 'loads the default profile if AWS_PROFILE is empty', ->
         process.env.AWS_PROFILE = ''