diff --git a/aws/defaults/defaults.go b/aws/defaults/defaults.go index e3e7195cd8a..23bb639e018 100644 --- a/aws/defaults/defaults.go +++ b/aws/defaults/defaults.go @@ -24,7 +24,7 @@ import ( "github.com/aws/aws-sdk-go/aws/ec2metadata" "github.com/aws/aws-sdk-go/aws/endpoints" "github.com/aws/aws-sdk-go/aws/request" - "github.com/aws/aws-sdk-go/internal/container" + "github.com/aws/aws-sdk-go/internal/shareddefaults" ) // A Defaults provides a collection of default values for SDK clients. @@ -115,9 +115,6 @@ func CredProviders(cfg *aws.Config, handlers request.Handlers) []credentials.Pro const ( httpProviderAuthorizationEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN" httpProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_FULL_URI" - // EcsCredsProviderEnvVar is an environmental variable key used to - // determine which path needs to be hit. - EcsCredsProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" ) // RemoteCredProvider returns a credentials provider for the default remote @@ -127,8 +124,8 @@ func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.P return localHTTPCredProvider(cfg, handlers, u) } - if uri := os.Getenv(EcsCredsProviderEnvVar); len(uri) > 0 { - u := fmt.Sprintf("%s%s", container.URI, uri) + if uri := os.Getenv(shareddefaults.ECSCredsProviderEnvVar); len(uri) > 0 { + u := fmt.Sprintf("%s%s", shareddefaults.ECSContainerCredentialsURI, uri) return httpCredProvider(cfg, handlers, u) } diff --git a/aws/defaults/defaults_test.go b/aws/defaults/defaults_test.go index 139aaf00c0d..8c1319c43bb 100644 --- a/aws/defaults/defaults_test.go +++ b/aws/defaults/defaults_test.go @@ -10,6 +10,7 @@ import ( "github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds" "github.com/aws/aws-sdk-go/aws/credentials/endpointcreds" "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/internal/shareddefaults" ) func TestHTTPCredProvider(t *testing.T) { @@ -90,7 +91,7 @@ func TestHTTPCredProvider(t *testing.T) { func TestECSCredProvider(t *testing.T) { defer os.Clearenv() - os.Setenv(EcsCredsProviderEnvVar, "/abc/123") + os.Setenv(shareddefaults.ECSCredsProviderEnvVar, "/abc/123") provider := RemoteCredProvider(aws.Config{}, request.Handlers{}) if provider == nil { diff --git a/aws/session/session.go b/aws/session/session.go index 9c00a635f72..5d7b289501b 100644 --- a/aws/session/session.go +++ b/aws/session/session.go @@ -19,6 +19,7 @@ import ( "github.com/aws/aws-sdk-go/aws/defaults" "github.com/aws/aws-sdk-go/aws/endpoints" "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/internal/shareddefaults" ) const ( @@ -488,7 +489,7 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg share envCfg.Creds, ) case credSourceECSContainer: - if len(os.Getenv(defaults.EcsCredsProviderEnvVar)) == 0 { + if len(os.Getenv(shareddefaults.ECSCredsProviderEnvVar)) == 0 { return ErrSharedConfigECSContainerEnvVarEmpty } diff --git a/aws/session/session_test.go b/aws/session/session_test.go index ddac974d909..bd0f54e0052 100644 --- a/aws/session/session_test.go +++ b/aws/session/session_test.go @@ -16,7 +16,7 @@ import ( "github.com/aws/aws-sdk-go/aws/defaults" "github.com/aws/aws-sdk-go/aws/endpoints" "github.com/aws/aws-sdk-go/awstesting" - "github.com/aws/aws-sdk-go/internal/container" + "github.com/aws/aws-sdk-go/internal/shareddefaults" "github.com/aws/aws-sdk-go/service/s3" ) @@ -592,7 +592,7 @@ func TestSharedConfigCredentialSource(t *testing.T) { } })) - container.URI = ecsMetadataServer.URL + shareddefaults.ECSContainerCredentialsURI = ecsMetadataServer.URL stsServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Write([]byte(fmt.Sprintf(assumeRoleRespMsg, time.Now().Add(15*time.Minute).Format("2006-01-02T15:04:05Z")))) diff --git a/aws/session/shared_config.go b/aws/session/shared_config.go index 569ea43f27f..565a0b79508 100644 --- a/aws/session/shared_config.go +++ b/aws/session/shared_config.go @@ -94,7 +94,7 @@ func loadSharedConfig(profile string, filenames []string) (sharedConfig, error) return sharedConfig{}, err } - if len(cfg.AssumeRole.SourceProfile) > 0 || len(cfg.AssumeRole.CredentialSource) > 0 { + if len(cfg.AssumeRole.SourceProfile) > 0 { if err := cfg.setAssumeRoleSource(profile, files); err != nil { return sharedConfig{}, err } @@ -130,8 +130,10 @@ func (cfg *sharedConfig) setAssumeRoleSource(origProfile string, files []sharedC var assumeRoleSrc sharedConfig if len(cfg.AssumeRole.CredentialSource) > 0 { - cfg.AssumeRoleSource = &sharedConfig{} - return nil + // setAssumeRoleSource is only called when source_profile is found. + // If both source_profile and credential_source are set, then + // ErrSharedConfigSourceCollision will be returned + return ErrSharedConfigSourceCollision } // Multiple level assume role chains are not support diff --git a/internal/container/uri.go b/internal/container/uri.go deleted file mode 100644 index 14ca42751bb..00000000000 --- a/internal/container/uri.go +++ /dev/null @@ -1,6 +0,0 @@ -package container - -// URI is the endpoint to retrieve container credentials. -// This can be overriden to test to ensure the credential -// process is behaving correctly. -var URI = "http://169.254.170.2" diff --git a/internal/shareddefaults/ecs_container.go b/internal/shareddefaults/ecs_container.go new file mode 100644 index 00000000000..b63e4c2639b --- /dev/null +++ b/internal/shareddefaults/ecs_container.go @@ -0,0 +1,12 @@ +package shareddefaults + +const ( + // ECSCredsProviderEnvVar is an environmental variable key used to + // determine which path needs to be hit. + ECSCredsProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" +) + +// ECSContainerCredentialsURI is the endpoint to retrieve container +// credentials. This can be overriden to test to ensure the credential process +// is behaving correctly. +var ECSContainerCredentialsURI = "http://169.254.170.2"