Merge pull request #1391 from jeskew/jans510-Add-AWS_CREDENTIAL_PROFILES_FILE-Environment-Variable

jeskew · web-flow · commit 5ce12332cf4f · 2017-04-19T12:28:06.000-07:00
Add support for loading shared config
diff --git a/.changes/next-release/feature-EnvironmentVariable-6754fae2.json b/.changes/next-release/feature-EnvironmentVariable-6754fae2.json
@@ -0,0 +1,5 @@
+{
+  "type": "feature",
+  "category": "EnvironmentVariable",
+  "description": "Load config from ~/.aws/config if AWS_SDK_LOAD_CONFIG is set"
+}
diff --git a/.changes/next-release/feature-EnvironmentVariable-99ebc879.json b/.changes/next-release/feature-EnvironmentVariable-99ebc879.json
@@ -0,0 +1,5 @@
+{
+  "type": "feature",
+  "category": "EnvironmentVariable",
+  "description": "Add support for specifying the location of the shared config file via the AWS_CONFIG_FILE environment variable. This variable is only honored if AWS_SDK_LOAD_CONFIG is set to a truthy value."
+}
diff --git a/.changes/next-release/feature-EnvironmentVariable-ce9cbf48.json b/.changes/next-release/feature-EnvironmentVariable-ce9cbf48.json
@@ -0,0 +1,5 @@
+{
+  "type": "feature",
+  "category": "EnvironmentVariable",
+  "description": "Add support for the AWS_SHARED_CREDENTIALS_FILE environment variable if AWS_SDK_LOAD_CONFIG is set"
+}
diff --git a/lib/credentials/shared_ini_file_credentials.js b/lib/credentials/shared_ini_file_credentials.js
@@ -1,10 +1,12 @@
 var AWS = require('../core');
 var path = require('path');
+var SharedIniFile = require('../shared_ini');
 var STS = require('../../clients/sts');
 
 /**
  * Represents credentials loaded from shared credentials file
- * (defaulting to ~/.aws/credentials).
+ * (defaulting to ~/.aws/credentials or defined by the
+ * `AWS_SHARED_CREDENTIALS_FILE` environment variable).
  *
  * ## Using the shared credentials file
  *
@@ -39,8 +41,9 @@ AWS.SharedIniFileCredentials = AWS.util.inherit(AWS.Credentials, {
    * @param options [map] a set of options
    * @option options profile [String] (AWS_PROFILE env var or 'default')
    *   the name of the profile to load.
-   * @option options filename [String] ('~/.aws/credentials') the filename
-   *   to use when loading credentials.
+   * @option options filename [String] ('~/.aws/credentials' or defined by
+   *   AWS_SHARED_CREDENTIALS_FILE process env var)
+   *   the filename to use when loading credentials.
    * @option options disableAssumeRole [Boolean] (false) True to disable
    *   support for profiles that assume an IAM role. If true, and an assume
    *   role profile is selected, an error is raised.
@@ -51,8 +54,8 @@ AWS.SharedIniFileCredentials = AWS.util.inherit(AWS.Credentials, {
     options = options || {};
 
     this.filename = options.filename;
-    this.profile = options.profile || process.env.AWS_PROFILE || 'default';
-    this.disableAssumeRole = !!options.disableAssumeRole;
+    this.profile = options.profile || process.env.AWS_PROFILE || AWS.util.defaultProfile;
+    this.disableAssumeRole = Boolean(options.disableAssumeRole);
     this.get(function() {});
   },
 
@@ -70,19 +73,35 @@ AWS.SharedIniFileCredentials = AWS.util.inherit(AWS.Credentials, {
   refresh: function refresh(callback) {
     if (!callback) callback = function(err) { if (err) throw err; };
     try {
-      if (!this.filename) this.loadDefaultFilename();
-      var creds = AWS.util.ini.parse(AWS.util.readFileSync(this.filename));
-      var profile = creds[this.profile];
+      var profiles = {};
+      var i, availableProfiles;
+      if (process.env[AWS.util.configOptInEnv]) {
+        var config = new SharedIniFile({
+          isConfig: true,
+          filename: process.env[AWS.util.sharedConfigFileEnv]
+        });
+        for (i = 0, availableProfiles = config.getProfiles(); i < availableProfiles.length; i++) {
+          profiles[availableProfiles[i]] = config.getProfile(availableProfiles[i]);
+        }
+      }
+      var creds = new SharedIniFile({
+        filename: this.filename ||
+          (process.env[AWS.util.configOptInEnv] && process.env[AWS.util.sharedCredentialsFileEnv])
+      });
+      for (i = 0, availableProfiles = creds.getProfiles(); i < availableProfiles.length; i++) {
+        profiles[availableProfiles[i]] = creds.getProfile(availableProfiles[i]);
+      }
+      var profile = profiles[this.profile] || {};
 
-      if (typeof profile !== 'object') {
+      if (Object.keys(profile).length === 0) {
         throw AWS.util.error(
-          new Error('Profile ' + this.profile + ' not found in ' + this.filename),
+          new Error('Profile ' + this.profile + ' not found'),
           { code: 'SharedIniFileCredentialsProviderFailure' }
         );
       }
 
       if (profile['role_arn']) {
-        this.loadRoleProfile(creds, profile, callback);
+        this.loadRoleProfile(profiles, profile, callback);
         return;
       }
 
@@ -92,8 +111,7 @@ AWS.SharedIniFileCredentials = AWS.util.inherit(AWS.Credentials, {
 
       if (!this.accessKeyId || !this.secretAccessKey) {
         throw AWS.util.error(
-          new Error('Credentials not set in ' + this.filename +
-                    ' using profile ' + this.profile),
+          new Error('Credentials not set for profile ' + this.profile),
           { code: 'SharedIniFileCredentialsProviderFailure' }
         );
       }
@@ -111,8 +129,8 @@ AWS.SharedIniFileCredentials = AWS.util.inherit(AWS.Credentials, {
     if (this.disableAssumeRole) {
       throw AWS.util.error(
         new Error('Role assumption profiles are disabled. ' +
-                  'Failed to load profile ' + this.profile + ' from ' +
-                  this.filename),
+                  'Failed to load profile ' + this.profile +
+                  ' from ' + creds.filename),
         { code: 'SharedIniFileCredentialsProviderFailure' }
       );
     }
@@ -125,8 +143,7 @@ AWS.SharedIniFileCredentials = AWS.util.inherit(AWS.Credentials, {
 
     if (!sourceProfileName) {
       throw AWS.util.error(
-        new Error('source_profile is not set in ' + this.filename +
-                  ' using profile ' + this.profile),
+        new Error('source_profile is not set using profile ' + this.profile),
         { code: 'SharedIniFileCredentialsProviderFailure' }
       );
     }
@@ -135,9 +152,8 @@ AWS.SharedIniFileCredentials = AWS.util.inherit(AWS.Credentials, {
 
     if (typeof sourceProfile !== 'object') {
       throw AWS.util.error(
-        new Error('source_profile ' + sourceProfileName + ' set in ' +
-                  this.filename + ' using profile ' + this.profile +
-                  ' does not exist'),
+        new Error('source_profile ' + sourceProfileName + ' using profile '
+          + this.profile + ' does not exist'),
         { code: 'SharedIniFileCredentialsProviderFailure' }
       );
     }
@@ -153,8 +169,7 @@ AWS.SharedIniFileCredentials = AWS.util.inherit(AWS.Credentials, {
     if (!sourceCredentials.accessKeyId || !sourceCredentials.secretAccessKey) {
       throw AWS.util.error(
         new Error('Credentials not set in source_profile ' +
-                  sourceProfileName + ' set in ' + this.filename +
-                  ' using profile ' + this.profile),
+                  sourceProfileName + ' using profile ' + this.profile),
         { code: 'SharedIniFileCredentialsProviderFailure' }
       );
     }
@@ -184,23 +199,5 @@ AWS.SharedIniFileCredentials = AWS.util.inherit(AWS.Credentials, {
       self.expireTime = data.Credentials.Expiration;
       callback();
     });
-  },
-
-  /**
-   * @api private
-   */
-  loadDefaultFilename: function loadDefaultFilename() {
-    var env = process.env;
-    var home = env.HOME ||
-               env.USERPROFILE ||
-               (env.HOMEPATH ? ((env.HOMEDRIVE || 'C:/') + env.HOMEPATH) : null);
-    if (!home) {
-      throw AWS.util.error(
-        new Error('Cannot load credentials, HOME path not set'),
-        { code: 'SharedIniFileCredentialsProviderFailure' }
-      );
-    }
-
-    this.filename = path.join(home, '.aws', 'credentials');
   }
 });
diff --git a/lib/node_loader.js b/lib/node_loader.js
@@ -26,6 +26,8 @@ require('./credentials/environment_credentials');
 require('./credentials/file_system_credentials');
 require('./credentials/shared_ini_file_credentials');
 
+var SharedIniFile = require('./shared_ini');
+
 // Setup default chain providers
 // If this changes, please update documentation for
 // AWS.CredentialProviderChain.defaultProviders in
@@ -59,7 +61,22 @@ AWS.util.update(AWS.Config.prototype.keys, {
     return new AWS.CredentialProviderChain();
   },
   region: function() {
-    return process.env.AWS_REGION || process.env.AMAZON_REGION;
+    var env = process.env;
+    var region = env.AWS_REGION || env.AMAZON_REGION;
+    if (env[AWS.util.configOptInEnv]) {
+      var toCheck = [
+        {filename: env[AWS.util.sharedCredentialsFileEnv]},
+        {isConfig: true, filename: env[AWS.util.sharedConfigFileEnv]}
+      ];
+      while (!region && toCheck.length) {
+        var configFile = new SharedIniFile(toCheck.shift());
+        var profile = configFile.getProfile(
+          env.AWS_PROFILE || AWS.util.defaultProfile
+        );
+        region = profile && profile.region;
+      }
+    }
+    return region;
   }
 });
 
diff --git a/lib/shared_ini.js b/lib/shared_ini.js
@@ -0,0 +1,72 @@
+var AWS = require('./core');
+var os = require('os');
+var path = require('path');
+
+/**
+ * @api private
+ */
+module.exports = AWS.util.inherit({
+  constructor: function SharedIniFile(options) {
+    options = options || {};
+
+    this.isConfig = options.isConfig === true;
+    this.filename = options.filename || this.getDefaultFilepath();
+  },
+
+  ensureFileLoaded: function loadFile() {
+    if (!this.parsedContents) {
+      this.parsedContents = AWS.util.ini.parse(
+        AWS.util.readFileSync(this.filename)
+      );
+    }
+  },
+
+  getDefaultFilepath: function getDefaultFilepath() {
+    return path.join(
+      this.getHomeDir(),
+      '.aws',
+      this.isConfig ? 'config' : 'credentials'
+    );
+  },
+
+  getHomeDir: function getHomeDir() {
+    if (typeof os.homedir === 'function') {
+      return os.homedir();
+    }
+
+    var env = process.env;
+    var home = env.HOME ||
+      env.USERPROFILE ||
+      (env.HOMEPATH ? ((env.HOMEDRIVE || 'C:/') + env.HOMEPATH) : null);
+
+    if (home) {
+      return home;
+    }
+
+    throw AWS.util.error(
+      new Error('Cannot load credentials, HOME path not set')
+    );
+  },
+
+  getProfile: function loadProfile(profile) {
+    this.ensureFileLoaded();
+
+    var profileIndex = profile !== AWS.util.defaultProfile && this.isConfig ?
+      'profile ' + profile : profile;
+
+    return this.parsedContents[profileIndex];
+  },
+
+  getProfiles: function loadProfileNames() {
+    this.ensureFileLoaded();
+    var isConfig = this.isConfig;
+
+    return Object.keys(this.parsedContents).map(function(profileName) {
+      if (isConfig) {
+        return profileName.replace(/^profile\s/, '');
+      }
+
+      return profileName;
+    });
+  }
+});
diff --git a/lib/util.js b/lib/util.js
@@ -892,8 +892,27 @@ var util = {
     if (rules.payload && resp.data[rules.payload]) {
       resp.data[rules.payload] = resp.data[rules.payload].toString();
     }
-  }
+  },
+
+  /**
+   * @api private
+   */
+  defaultProfile: 'default',
+
+  /**
+   * @api private
+   */
+  configOptInEnv: 'AWS_SDK_LOAD_CONFIG',
+
+  /**
+   * @api private
+   */
+  sharedCredentialsFileEnv: 'AWS_SHARED_CREDENTIALS_FILE',
 
+  /**
+   * @api private
+   */
+  sharedConfigFileEnv: 'AWS_CONFIG_FILE'
 };
 
 module.exports = util;
diff --git a/test/config.spec.coffee b/test/config.spec.coffee
diff --git a/test/credentials.spec.coffee b/test/credentials.spec.coffee
diff --git a/test/services/cloudsearchdomain.spec.coffee b/test/services/cloudsearchdomain.spec.coffee
