Always enable AWS shared configuration file support (#38)

Reference: #35
hashicorp · Jun 3, 2020 · 481cea2 · 481cea2
1 parent 3eb3a61
commit 481cea2
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 41 deletions.
diff --git a/awsauth.go b/awsauth.go
@@ -181,32 +181,24 @@ func parseAccountIDAndPartitionFromARN(inputARN string) (string, string, error)
 func GetCredentialsFromSession(c *Config) (*awsCredentials.Credentials, error) {
 	log.Printf("[INFO] Attempting to use session-derived credentials")
 
-	var sess *session.Session
-	var err error
-	if c.Profile == "" {
-		sess, err = session.NewSession(&aws.Config{EndpointResolver: c.EndpointResolver()})
-		if err != nil {
-			return nil, ErrNoValidCredentialSources
-		}
-	} else {
-		options := &session.Options{
-			Config: aws.Config{
-				EndpointResolver: c.EndpointResolver(),
-				HTTPClient:       cleanhttp.DefaultClient(),
-				MaxRetries:       aws.Int(0),
-				Region:           aws.String(c.Region),
-			},
-		}
-		options.Profile = c.Profile
-		options.SharedConfigState = session.SharedConfigEnable
+	// Avoid setting HTTPClient here as it will prevent the ec2metadata
+	// client from automatically lowering the timeout to 1 second.
+	options := &session.Options{
+		Config: aws.Config{
+			EndpointResolver: c.EndpointResolver(),
+			MaxRetries:       aws.Int(0),
+			Region:           aws.String(c.Region),
+		},
+		Profile:           c.Profile,
+		SharedConfigState: session.SharedConfigEnable,
+	}
 
-		sess, err = session.NewSessionWithOptions(*options)
-		if err != nil {
-			if IsAWSErr(err, "NoCredentialProviders", "") {
-				return nil, ErrNoValidCredentialSources
-			}
-			return nil, fmt.Errorf("Error creating AWS session: %w", err)
+	sess, err := session.NewSessionWithOptions(*options)
+	if err != nil {
+		if IsAWSErr(err, "NoCredentialProviders", "") {
+			return nil, ErrNoValidCredentialSources
 		}
+		return nil, fmt.Errorf("Error creating AWS session: %w", err)
 	}
 
 	creds := sess.Config.Credentials

diff --git a/session.go b/session.go
@@ -35,7 +35,8 @@ func GetSessionOptions(c *Config) (*session.Options, error) {
 			MaxRetries:       aws.Int(0),
 			Region:           aws.String(c.Region),
 		},
-		Profile: c.Profile,
+		Profile:           c.Profile,
+		SharedConfigState: session.SharedConfigEnable,
 	}
 
 	// get and validate credentials

diff --git a/session_test.go b/session_test.go
@@ -161,10 +161,7 @@ aws_secret_access_key = ProfileSharedCredentialsSecretKey
 				Profile: "SharedConfigurationProfile",
 				Region:  "us-east-1",
 			},
-			Description: "config Profile shared configuration credential_source Ec2InstanceMetadata",
-			EnvironmentVariables: map[string]string{
-				"AWS_SDK_LOAD_CONFIG": "1",
-			},
+			Description:             "config Profile shared configuration credential_source Ec2InstanceMetadata",
 			EnableEc2MetadataServer: true,
 			ExpectedCredentialsValue: credentials.Value{
 				AccessKeyID:     "AssumeRoleAccessKey",
@@ -198,7 +195,6 @@ role_session_name = AssumeRoleSessionName
 			Description: "config Profile shared configuration credential_source EcsContainer",
 			EnvironmentVariables: map[string]string{
 				"AWS_CONTAINER_CREDENTIALS_RELATIVE_URI": "/creds",
-				"AWS_SDK_LOAD_CONFIG":                    "1",
 			},
 			EnableEc2MetadataServer:    true,
 			EnableEcsCredentialsServer: true,
@@ -232,9 +228,6 @@ role_session_name = AssumeRoleSessionName
 				Region:  "us-east-1",
 			},
 			Description: "config Profile shared configuration source_profile",
-			EnvironmentVariables: map[string]string{
-				"AWS_SDK_LOAD_CONFIG": "1",
-			},
 			ExpectedCredentialsValue: credentials.Value{
 				AccessKeyID:     "AssumeRoleAccessKey",
 				ProviderName:    stscreds.ProviderName,
@@ -351,8 +344,7 @@ aws_secret_access_key = ProfileSharedCredentialsSecretKey
 			Description:             "environment AWS_PROFILE shared configuration credential_source Ec2InstanceMetadata",
 			EnableEc2MetadataServer: true,
 			EnvironmentVariables: map[string]string{
-				"AWS_PROFILE":         "SharedConfigurationProfile",
-				"AWS_SDK_LOAD_CONFIG": "1",
+				"AWS_PROFILE": "SharedConfigurationProfile",
 			},
 			ExpectedCredentialsValue: credentials.Value{
 				AccessKeyID:     "AssumeRoleAccessKey",
@@ -388,7 +380,6 @@ role_session_name = AssumeRoleSessionName
 			EnvironmentVariables: map[string]string{
 				"AWS_CONTAINER_CREDENTIALS_RELATIVE_URI": "/creds",
 				"AWS_PROFILE":                            "SharedConfigurationProfile",
-				"AWS_SDK_LOAD_CONFIG":                    "1",
 			},
 			ExpectedCredentialsValue: credentials.Value{
 				AccessKeyID:     "AssumeRoleAccessKey",
@@ -420,8 +411,7 @@ role_session_name = AssumeRoleSessionName
 			},
 			Description: "environment AWS_PROFILE shared configuration source_profile",
 			EnvironmentVariables: map[string]string{
-				"AWS_PROFILE":         "SharedConfigurationProfile",
-				"AWS_SDK_LOAD_CONFIG": "1",
+				"AWS_PROFILE": "SharedConfigurationProfile",
 			},
 			ExpectedCredentialsValue: credentials.Value{
 				AccessKeyID:     "AssumeRoleAccessKey",
@@ -906,9 +896,6 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey
 				Region:  "us-east-1",
 			},
 			Description: "session creation error",
-			EnvironmentVariables: map[string]string{
-				"AWS_SDK_LOAD_CONFIG": "1",
-			},
 			ExpectedError: func(err error) bool {
 				// TODO: Return wrapped error
 				//return IsAWSErr(err, "CredentialRequiresARNError", "")