Support source_profile

filipesilva · filipesilva · commit f351e9cd1b04 · 2024-12-10T15:47:25.000Z
Fix cognitect-labs#172
diff --git a/src/cognitect/aws/credentials.clj b/src/cognitect/aws/credentials.clj
@@ -237,11 +237,14 @@
       (fetch [_]
         (when (.exists f)
           (try
-            (let [profile (get (config/parse f) profile-name)]
+            (let [config         (config/parse f)
+                  profile        (get config profile-name)
+                  source-profile (some->> "source_profile" (get profile) (get config))
+                  creds-profile  (or source-profile profile)]
               (valid-credentials
-               {:aws/access-key-id     (get profile "aws_access_key_id")
-                :aws/secret-access-key (get profile "aws_secret_access_key")
-                :aws/session-token     (get profile "aws_session_token")}
+               {:aws/access-key-id     (get creds-profile "aws_access_key_id")
+                :aws/secret-access-key (get creds-profile "aws_secret_access_key")
+                :aws/session-token     (get creds-profile "aws_session_token")}
                "aws profiles file"))
             (catch Throwable t
               (log/error t "Error fetching credentials from aws profiles file")))))))))
diff --git a/test/resources/.aws/credentials b/test/resources/.aws/credentials
@@ -6,3 +6,6 @@ aws_secret_access_key = DEFAULT_AWS_SECRET_ACCESS_KEY
 aws_access_key_id = TARDIGRADE_AWS_ACCESS_KEY
 aws_secret_access_key = TARDIGRADE_AWS_SECRET_ACCESS_KEY
 aws_session_token = TARDIGRADE_AWS_SESSION_TOKEN
+
+[sourced]
+source_profile = default
diff --git a/test/src/cognitect/aws/credentials_test.clj b/test/src/cognitect/aws/credentials_test.clj
@@ -129,7 +129,12 @@
         (is (= {:aws/access-key-id "TARDIGRADE_AWS_ACCESS_KEY"
                 :aws/secret-access-key "TARDIGRADE_AWS_SECRET_ACCESS_KEY"
                 :aws/session-token "TARDIGRADE_AWS_SESSION_TOKEN"}
-               (credentials/fetch (credentials/profile-credentials-provider))))))))
+               (credentials/fetch (credentials/profile-credentials-provider))))))
+    (testing "uses source_profile."
+      (is (= {:aws/access-key-id "DEFAULT_AWS_ACCESS_KEY"
+              :aws/secret-access-key "DEFAULT_AWS_SECRET_ACCESS_KEY"
+              :aws/session-token nil}
+             (credentials/fetch (credentials/profile-credentials-provider "sourced" test-config)))))))
 
 (deftest container-credentials-provider-test
   (testing "The provider reads container metadata correctly."
