fix(aws): enable when using .aws/credentials (#4604)

2024-11-28 07:46:28 +00:00 · 2022-11-27 06:06:05 -08:00 · 2022-11-27 06:06:05 -08:00 · c8ac8777a5
commit c8ac8777a5
parent 6e15c00238
1 changed files with 68 additions and 12 deletions
--- a/src/modules/aws.rs
+++ b/src/modules/aws.rs
@ -63,7 +63,7 @@ fn get_creds<'a>(context: &Context, config: &'a OnceCell<Option<Ini>>) -> Option
 // Get the section for a given profile name in the config file.
 fn get_profile_config<'a>(
    config: &'a Ini,
-    profile: &Option<Profile>,
+    profile: Option<&Profile>,
 ) -> Option<&'a ini::Properties> {
    match profile {
        Some(profile) => config.section(Some(format!("profile {profile}"))),
@ -74,11 +74,11 @@ fn get_profile_config<'a>(
 // Get the section for a given profile name in the credentials file.
 fn get_profile_creds<'a>(
    config: &'a Ini,
-    profile: &Option<Profile>,
+    profile: Option<&Profile>,
 ) -> Option<&'a ini::Properties> {
    match profile {
        None => config.section(Some("default")),
-        _ => config.section(profile.as_ref()),
+        _ => config.section(profile),
    }
 }
@ -88,7 +88,7 @@ fn get_aws_region_from_config(
    aws_config: &AwsConfigFile,
 ) -> Option<Region> {
    let config = get_config(context, aws_config)?;
-    let section = get_profile_config(config, aws_profile)?;
+    let section = get_profile_config(config, aws_profile.as_ref())?;
    section.get("region").map(std::borrow::ToOwned::to_owned)
 }
@ -118,7 +118,7 @@ fn get_aws_profile_and_region(
 fn get_credentials_duration(
    context: &Context,
-    aws_profile: &Option<String>,
+    aws_profile: Option<&Profile>,
    aws_creds: &AwsCredsFile,
 ) -> Option<i64> {
    let expiration_env_vars = ["AWS_SESSION_EXPIRATION", "AWSUME_EXPIRATION"];
@ -150,18 +150,35 @@ fn alias_name(name: Option<String>, aliases: &HashMap<String, &str>) -> Option<S
 fn has_credential_process_or_sso(
    context: &Context,
-    aws_profile: &Option<Profile>,
+    aws_profile: Option<&Profile>,
    aws_config: &AwsConfigFile,
    aws_creds: &AwsCredsFile,
 ) -> Option<bool> {
    let config = get_config(context, aws_config)?;
    let credentials = get_creds(context, aws_creds);
-    let section = get_profile_config(config, aws_profile)?;
+    let empty_section = ini::Properties::new();
-    Some(section.contains_key("credential_process") || section.contains_key("sso_start_url"))
+    // We use the aws_profile here because `get_profile_config()` treats None
    // as "special" and falls back to the "[default]"; otherwise this tries
    // to look up "[profile default]" which doesn't exist
    let config_section = get_profile_config(config, aws_profile).or(Some(&empty_section))?;
    let credential_section = match credentials {
        Some(credentials) => get_profile_creds(credentials, aws_profile),
        None => None,
    };
    Some(
        config_section.contains_key("credential_process")
            || config_section.contains_key("sso_start_url")
            || credential_section?.contains_key("credential_process")
            || credential_section?.contains_key("sso_start_url"),
    )
 }
 fn has_defined_credentials(
    context: &Context,
-    aws_profile: &Option<Profile>,
+    aws_profile: Option<&Profile>,
    aws_creds: &AwsCredsFile,
 ) -> Option<bool> {
    let valid_env_vars = [
@ -197,14 +214,15 @@ pub fn module<'a>(context: &'a Context) -> Option<Module<'a>> {
    // only display if credential_process is defined or has valid credentials
    if !config.force_display
-        && !has_credential_process_or_sso(context, &aws_profile, &aws_config).unwrap_or(false)
+        && !has_credential_process_or_sso(context, aws_profile.as_ref(), &aws_config, &aws_creds)
-        && !has_defined_credentials(context, &aws_profile, &aws_creds).unwrap_or(false)
+            .unwrap_or(false)
        && !has_defined_credentials(context, aws_profile.as_ref(), &aws_creds).unwrap_or(false)
    {
        return None;
    }
    let duration = {
-        get_credentials_duration(context, &aws_profile, &aws_creds).map(|duration| {
+        get_credentials_duration(context, aws_profile.as_ref(), &aws_creds).map(|duration| {
            if duration > 0 {
                render_time((duration * 1000) as u128, false)
            } else {
@ -899,6 +917,44 @@ credential_process = /opt/bin/awscreds-retriever
        dir.close()
    }
    #[test]
    fn credential_process_set_in_credentials() -> io::Result<()> {
        let dir = tempfile::tempdir()?;
        let config_path = dir.path().join("config");
        let credential_path = dir.path().join("credentials");
        let mut file = File::create(&config_path)?;
        file.write_all(
            "[default]
 region = ap-northeast-2
 "
            .as_bytes(),
        )?;
        let mut file = File::create(&credential_path)?;
        file.write_all(
            "[default]
 credential_process = /opt/bin/awscreds-for-tests
 "
            .as_bytes(),
        )?;
        let actual = ModuleRenderer::new("aws")
            .env("AWS_CONFIG_FILE", config_path.to_string_lossy().as_ref())
            .env(
                "AWS_CREDENTIALS_FILE",
                credential_path.to_string_lossy().as_ref(),
            )
            .collect();
        let expected = Some(format!(
            "on {}",
            Color::Yellow.bold().paint("☁️  (ap-northeast-2) ")
        ));
        assert_eq!(expected, actual);
        dir.close()
    }
    #[test]
    fn sso_set() -> io::Result<()> {
        let dir = tempfile::tempdir()?;