]>
Commit | Line | Data |
---|---|---|
bae9f6d2 JC |
1 | package session |
2 | ||
3 | import ( | |
4 | "os" | |
bae9f6d2 JC |
5 | "strconv" |
6 | ||
107c1cdb | 7 | "github.com/aws/aws-sdk-go/aws" |
bae9f6d2 | 8 | "github.com/aws/aws-sdk-go/aws/credentials" |
15c0b25d | 9 | "github.com/aws/aws-sdk-go/aws/defaults" |
bae9f6d2 JC |
10 | ) |
11 | ||
15c0b25d AP |
12 | // EnvProviderName provides a name of the provider when config is loaded from environment. |
13 | const EnvProviderName = "EnvConfigCredentials" | |
14 | ||
bae9f6d2 JC |
15 | // envConfig is a collection of environment values the SDK will read |
16 | // setup config from. All environment values are optional. But some values | |
17 | // such as credentials require multiple values to be complete or the values | |
18 | // will be ignored. | |
19 | type envConfig struct { | |
20 | // Environment configuration values. If set both Access Key ID and Secret Access | |
21 | // Key must be provided. Session Token and optionally also be provided, but is | |
22 | // not required. | |
23 | // | |
24 | // # Access Key ID | |
25 | // AWS_ACCESS_KEY_ID=AKID | |
26 | // AWS_ACCESS_KEY=AKID # only read if AWS_ACCESS_KEY_ID is not set. | |
27 | // | |
28 | // # Secret Access Key | |
29 | // AWS_SECRET_ACCESS_KEY=SECRET | |
30 | // AWS_SECRET_KEY=SECRET=SECRET # only read if AWS_SECRET_ACCESS_KEY is not set. | |
31 | // | |
32 | // # Session Token | |
33 | // AWS_SESSION_TOKEN=TOKEN | |
34 | Creds credentials.Value | |
35 | ||
36 | // Region value will instruct the SDK where to make service API requests to. If is | |
37 | // not provided in the environment the region must be provided before a service | |
38 | // client request is made. | |
39 | // | |
40 | // AWS_REGION=us-east-1 | |
41 | // | |
42 | // # AWS_DEFAULT_REGION is only read if AWS_SDK_LOAD_CONFIG is also set, | |
43 | // # and AWS_REGION is not also set. | |
44 | // AWS_DEFAULT_REGION=us-east-1 | |
45 | Region string | |
46 | ||
47 | // Profile name the SDK should load use when loading shared configuration from the | |
48 | // shared configuration files. If not provided "default" will be used as the | |
49 | // profile name. | |
50 | // | |
51 | // AWS_PROFILE=my_profile | |
52 | // | |
53 | // # AWS_DEFAULT_PROFILE is only read if AWS_SDK_LOAD_CONFIG is also set, | |
54 | // # and AWS_PROFILE is not also set. | |
55 | // AWS_DEFAULT_PROFILE=my_profile | |
56 | Profile string | |
57 | ||
58 | // SDK load config instructs the SDK to load the shared config in addition to | |
59 | // shared credentials. This also expands the configuration loaded from the shared | |
60 | // credentials to have parity with the shared config file. This also enables | |
61 | // Region and Profile support for the AWS_DEFAULT_REGION and AWS_DEFAULT_PROFILE | |
62 | // env values as well. | |
63 | // | |
64 | // AWS_SDK_LOAD_CONFIG=1 | |
65 | EnableSharedConfig bool | |
66 | ||
67 | // Shared credentials file path can be set to instruct the SDK to use an alternate | |
68 | // file for the shared credentials. If not set the file will be loaded from | |
69 | // $HOME/.aws/credentials on Linux/Unix based systems, and | |
70 | // %USERPROFILE%\.aws\credentials on Windows. | |
71 | // | |
72 | // AWS_SHARED_CREDENTIALS_FILE=$HOME/my_shared_credentials | |
73 | SharedCredentialsFile string | |
74 | ||
75 | // Shared config file path can be set to instruct the SDK to use an alternate | |
76 | // file for the shared config. If not set the file will be loaded from | |
77 | // $HOME/.aws/config on Linux/Unix based systems, and | |
78 | // %USERPROFILE%\.aws\config on Windows. | |
79 | // | |
80 | // AWS_CONFIG_FILE=$HOME/my_shared_config | |
81 | SharedConfigFile string | |
82 | ||
107c1cdb | 83 | // Sets the path to a custom Credentials Authority (CA) Bundle PEM file |
15c0b25d | 84 | // that the SDK will use instead of the system's root CA bundle. |
bae9f6d2 JC |
85 | // Only use this if you want to configure the SDK to use a custom set |
86 | // of CAs. | |
87 | // | |
88 | // Enabling this option will attempt to merge the Transport | |
89 | // into the SDK's HTTP client. If the client's Transport is | |
90 | // not a http.Transport an error will be returned. If the | |
91 | // Transport's TLS config is set this option will cause the | |
92 | // SDK to overwrite the Transport's TLS config's RootCAs value. | |
93 | // | |
94 | // Setting a custom HTTPClient in the aws.Config options will override this setting. | |
95 | // To use this option and custom HTTP client, the HTTP client needs to be provided | |
96 | // when creating the session. Not the service client. | |
97 | // | |
98 | // AWS_CA_BUNDLE=$HOME/my_custom_ca_bundle | |
99 | CustomCABundle string | |
15c0b25d AP |
100 | |
101 | csmEnabled string | |
102 | CSMEnabled bool | |
103 | CSMPort string | |
104 | CSMClientID string | |
107c1cdb ND |
105 | |
106 | enableEndpointDiscovery string | |
107 | // Enables endpoint discovery via environment variables. | |
108 | // | |
109 | // AWS_ENABLE_ENDPOINT_DISCOVERY=true | |
110 | EnableEndpointDiscovery *bool | |
bae9f6d2 JC |
111 | } |
112 | ||
113 | var ( | |
15c0b25d AP |
114 | csmEnabledEnvKey = []string{ |
115 | "AWS_CSM_ENABLED", | |
116 | } | |
117 | csmPortEnvKey = []string{ | |
118 | "AWS_CSM_PORT", | |
119 | } | |
120 | csmClientIDEnvKey = []string{ | |
121 | "AWS_CSM_CLIENT_ID", | |
122 | } | |
bae9f6d2 JC |
123 | credAccessEnvKey = []string{ |
124 | "AWS_ACCESS_KEY_ID", | |
125 | "AWS_ACCESS_KEY", | |
126 | } | |
127 | credSecretEnvKey = []string{ | |
128 | "AWS_SECRET_ACCESS_KEY", | |
129 | "AWS_SECRET_KEY", | |
130 | } | |
131 | credSessionEnvKey = []string{ | |
132 | "AWS_SESSION_TOKEN", | |
133 | } | |
134 | ||
107c1cdb ND |
135 | enableEndpointDiscoveryEnvKey = []string{ |
136 | "AWS_ENABLE_ENDPOINT_DISCOVERY", | |
137 | } | |
138 | ||
bae9f6d2 JC |
139 | regionEnvKeys = []string{ |
140 | "AWS_REGION", | |
141 | "AWS_DEFAULT_REGION", // Only read if AWS_SDK_LOAD_CONFIG is also set | |
142 | } | |
143 | profileEnvKeys = []string{ | |
144 | "AWS_PROFILE", | |
145 | "AWS_DEFAULT_PROFILE", // Only read if AWS_SDK_LOAD_CONFIG is also set | |
146 | } | |
9b12e4fe JC |
147 | sharedCredsFileEnvKey = []string{ |
148 | "AWS_SHARED_CREDENTIALS_FILE", | |
149 | } | |
150 | sharedConfigFileEnvKey = []string{ | |
151 | "AWS_CONFIG_FILE", | |
152 | } | |
bae9f6d2 JC |
153 | ) |
154 | ||
155 | // loadEnvConfig retrieves the SDK's environment configuration. | |
156 | // See `envConfig` for the values that will be retrieved. | |
157 | // | |
158 | // If the environment variable `AWS_SDK_LOAD_CONFIG` is set to a truthy value | |
159 | // the shared SDK config will be loaded in addition to the SDK's specific | |
160 | // configuration values. | |
161 | func loadEnvConfig() envConfig { | |
162 | enableSharedConfig, _ := strconv.ParseBool(os.Getenv("AWS_SDK_LOAD_CONFIG")) | |
163 | return envConfigLoad(enableSharedConfig) | |
164 | } | |
165 | ||
166 | // loadEnvSharedConfig retrieves the SDK's environment configuration, and the | |
167 | // SDK shared config. See `envConfig` for the values that will be retrieved. | |
168 | // | |
169 | // Loads the shared configuration in addition to the SDK's specific configuration. | |
170 | // This will load the same values as `loadEnvConfig` if the `AWS_SDK_LOAD_CONFIG` | |
171 | // environment variable is set. | |
172 | func loadSharedEnvConfig() envConfig { | |
173 | return envConfigLoad(true) | |
174 | } | |
175 | ||
176 | func envConfigLoad(enableSharedConfig bool) envConfig { | |
177 | cfg := envConfig{} | |
178 | ||
179 | cfg.EnableSharedConfig = enableSharedConfig | |
180 | ||
181 | setFromEnvVal(&cfg.Creds.AccessKeyID, credAccessEnvKey) | |
182 | setFromEnvVal(&cfg.Creds.SecretAccessKey, credSecretEnvKey) | |
183 | setFromEnvVal(&cfg.Creds.SessionToken, credSessionEnvKey) | |
184 | ||
15c0b25d AP |
185 | // CSM environment variables |
186 | setFromEnvVal(&cfg.csmEnabled, csmEnabledEnvKey) | |
187 | setFromEnvVal(&cfg.CSMPort, csmPortEnvKey) | |
188 | setFromEnvVal(&cfg.CSMClientID, csmClientIDEnvKey) | |
189 | cfg.CSMEnabled = len(cfg.csmEnabled) > 0 | |
190 | ||
bae9f6d2 JC |
191 | // Require logical grouping of credentials |
192 | if len(cfg.Creds.AccessKeyID) == 0 || len(cfg.Creds.SecretAccessKey) == 0 { | |
193 | cfg.Creds = credentials.Value{} | |
194 | } else { | |
15c0b25d | 195 | cfg.Creds.ProviderName = EnvProviderName |
bae9f6d2 JC |
196 | } |
197 | ||
198 | regionKeys := regionEnvKeys | |
199 | profileKeys := profileEnvKeys | |
200 | if !cfg.EnableSharedConfig { | |
201 | regionKeys = regionKeys[:1] | |
202 | profileKeys = profileKeys[:1] | |
203 | } | |
204 | ||
205 | setFromEnvVal(&cfg.Region, regionKeys) | |
206 | setFromEnvVal(&cfg.Profile, profileKeys) | |
207 | ||
107c1cdb ND |
208 | // endpoint discovery is in reference to it being enabled. |
209 | setFromEnvVal(&cfg.enableEndpointDiscovery, enableEndpointDiscoveryEnvKey) | |
210 | if len(cfg.enableEndpointDiscovery) > 0 { | |
211 | cfg.EnableEndpointDiscovery = aws.Bool(cfg.enableEndpointDiscovery != "false") | |
212 | } | |
213 | ||
9b12e4fe JC |
214 | setFromEnvVal(&cfg.SharedCredentialsFile, sharedCredsFileEnvKey) |
215 | setFromEnvVal(&cfg.SharedConfigFile, sharedConfigFileEnvKey) | |
bae9f6d2 | 216 | |
15c0b25d AP |
217 | if len(cfg.SharedCredentialsFile) == 0 { |
218 | cfg.SharedCredentialsFile = defaults.SharedCredentialsFilename() | |
219 | } | |
220 | if len(cfg.SharedConfigFile) == 0 { | |
221 | cfg.SharedConfigFile = defaults.SharedConfigFilename() | |
222 | } | |
223 | ||
bae9f6d2 JC |
224 | cfg.CustomCABundle = os.Getenv("AWS_CA_BUNDLE") |
225 | ||
226 | return cfg | |
227 | } | |
228 | ||
229 | func setFromEnvVal(dst *string, keys []string) { | |
230 | for _, k := range keys { | |
231 | if v := os.Getenv(k); len(v) > 0 { | |
232 | *dst = v | |
233 | break | |
234 | } | |
235 | } | |
236 | } |