From b3d7aa1103d2b1aae17aea1feacfa0ff731bac63 Mon Sep 17 00:00:00 2001 From: Blair Hamilton Date: Sat, 3 Dec 2022 12:13:18 -0500 Subject: [PATCH 1/5] Creating a new LocalStack session if the env var TERRATEST_LOCALSTACK is defined --- modules/aws/auth.go | 32 +++++++++++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/modules/aws/auth.go b/modules/aws/auth.go index f2aa6f78c..f94c5ac47 100644 --- a/modules/aws/auth.go +++ b/modules/aws/auth.go @@ -15,7 +15,8 @@ import ( ) const ( - AuthAssumeRoleEnvVar = "TERRATEST_IAM_ROLE" // OS environment variable name through which Assume Role ARN may be passed for authentication + AuthAssumeRoleEnvVar = "TERRATEST_IAM_ROLE" // OS environment variable name through which Assume Role ARN may be passed for authentication + UseLocalStackEnvVar = "TERRATEST_LOCALSTACK" // OS environment variable name through which LocalStack may be enabled ) // NewAuthenticatedSession creates an AWS session following to standard AWS authentication workflow. @@ -23,9 +24,13 @@ const ( func NewAuthenticatedSession(region string) (*session.Session, error) { if assumeRoleArn, ok := os.LookupEnv(AuthAssumeRoleEnvVar); ok { return NewAuthenticatedSessionFromRole(region, assumeRoleArn) - } else { - return NewAuthenticatedSessionFromDefaultCredentials(region) } + + if localStackUrl, ok := os.LookupEnv(UseLocalStackEnvVar); ok { + return NewAuthenticatedLocalStackSession(region, localStackUrl) + } + + return NewAuthenticatedSessionFromDefaultCredentials(region) } // NewAuthenticatedSessionFromDefaultCredentials gets an AWS Session, checking that the user has credentials properly configured in their environment. @@ -65,6 +70,27 @@ func NewAuthenticatedSessionFromRole(region string, roleARN string) (*session.Se return sess, nil } +// NewAuthenticatedLocalStackSession returns a new LocalStack AWS Session. +func NewAuthenticatedLocalStackSession(region string, url string) (*session.Session, error) { + awsConfig := aws.NewConfig().WithRegion(region).WithEndpoint(url).WithDisableSSL(true).WithCredentials(credentials.NewStaticCredentials("test", "test", "")) + + sessionOptions := session.Options{ + Config: *awsConfig, + SharedConfigState: session.SharedConfigEnable, + } + + sess, err := session.NewSessionWithOptions(sessionOptions) + if err != nil { + return nil, err + } + + if _, err = sess.Config.Credentials.Get(); err != nil { + return nil, CredentialsError{UnderlyingErr: err} + } + + return sess, nil +} + // CreateAwsSessionFromRole returns a new AWS session after assuming the role // whose ARN is provided in roleARN. func CreateAwsSessionFromRole(region string, roleARN string) (*session.Session, error) { From a60c9874155cb466eefb1a168771d169251c7366 Mon Sep 17 00:00:00 2001 From: Blair Hamilton Date: Sun, 4 Dec 2022 12:10:08 -0500 Subject: [PATCH 2/5] simplifying this more and just using the same function just modifying the awsConfig instead --- modules/aws/auth.go | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/modules/aws/auth.go b/modules/aws/auth.go index f94c5ac47..b47f367fe 100644 --- a/modules/aws/auth.go +++ b/modules/aws/auth.go @@ -16,7 +16,7 @@ import ( const ( AuthAssumeRoleEnvVar = "TERRATEST_IAM_ROLE" // OS environment variable name through which Assume Role ARN may be passed for authentication - UseLocalStackEnvVar = "TERRATEST_LOCALSTACK" // OS environment variable name through which LocalStack may be enabled + LocalStackEnvVar = "TERRATEST_LOCALSTACK" // OS environment variable name through which LocalStack may be enabled ) // NewAuthenticatedSession creates an AWS session following to standard AWS authentication workflow. @@ -24,19 +24,30 @@ const ( func NewAuthenticatedSession(region string) (*session.Session, error) { if assumeRoleArn, ok := os.LookupEnv(AuthAssumeRoleEnvVar); ok { return NewAuthenticatedSessionFromRole(region, assumeRoleArn) + } else { + return NewAuthenticatedSessionFromDefaultCredentials(region) } - - if localStackUrl, ok := os.LookupEnv(UseLocalStackEnvVar); ok { - return NewAuthenticatedLocalStackSession(region, localStackUrl) - } - - return NewAuthenticatedSessionFromDefaultCredentials(region) } // NewAuthenticatedSessionFromDefaultCredentials gets an AWS Session, checking that the user has credentials properly configured in their environment. func NewAuthenticatedSessionFromDefaultCredentials(region string) (*session.Session, error) { awsConfig := aws.NewConfig().WithRegion(region) + if loaclStackUrl, ok := os.LookupEnv(LocalStackEnvVar); ok { + awsAccessKeyId := "test" + awsSecretAccessKey := "test" + + if AWS_ACCESS_KEY_ID, ok := os.LookupEnv("AWS_ACCESS_KEY_ID"); ok { + awsAccessKeyId = AWS_ACCESS_KEY_ID + } + + if AWS_SECRET_ACCESS_KEY, ok := os.LookupEnv("AWS_SECRET_ACCESS_KEY"); ok { + awsSecretAccessKey = AWS_SECRET_ACCESS_KEY + } + + awsConfig = awsConfig.WithEndpoint(loaclStackUrl).WithDisableSSL(true).WithCredentials(credentials.NewStaticCredentials(awsAccessKeyId, awsSecretAccessKey, "")) + } + sessionOptions := session.Options{ Config: *awsConfig, SharedConfigState: session.SharedConfigEnable, From 232f52b7d5906ac0d472bebcacfeeb7a111a4181 Mon Sep 17 00:00:00 2001 From: Blair Hamilton Date: Sun, 4 Dec 2022 12:12:28 -0500 Subject: [PATCH 3/5] removing newly added function --- modules/aws/auth.go | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/modules/aws/auth.go b/modules/aws/auth.go index b47f367fe..32fedca4e 100644 --- a/modules/aws/auth.go +++ b/modules/aws/auth.go @@ -81,27 +81,6 @@ func NewAuthenticatedSessionFromRole(region string, roleARN string) (*session.Se return sess, nil } -// NewAuthenticatedLocalStackSession returns a new LocalStack AWS Session. -func NewAuthenticatedLocalStackSession(region string, url string) (*session.Session, error) { - awsConfig := aws.NewConfig().WithRegion(region).WithEndpoint(url).WithDisableSSL(true).WithCredentials(credentials.NewStaticCredentials("test", "test", "")) - - sessionOptions := session.Options{ - Config: *awsConfig, - SharedConfigState: session.SharedConfigEnable, - } - - sess, err := session.NewSessionWithOptions(sessionOptions) - if err != nil { - return nil, err - } - - if _, err = sess.Config.Credentials.Get(); err != nil { - return nil, CredentialsError{UnderlyingErr: err} - } - - return sess, nil -} - // CreateAwsSessionFromRole returns a new AWS session after assuming the role // whose ARN is provided in roleARN. func CreateAwsSessionFromRole(region string, roleARN string) (*session.Session, error) { From 788590c6b596377534757545088087653bffa536 Mon Sep 17 00:00:00 2001 From: Blair Hamilton Date: Sun, 4 Dec 2022 12:13:29 -0500 Subject: [PATCH 4/5] corrected a typo in variable name --- modules/aws/auth.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/aws/auth.go b/modules/aws/auth.go index 32fedca4e..ed39c0e54 100644 --- a/modules/aws/auth.go +++ b/modules/aws/auth.go @@ -33,7 +33,7 @@ func NewAuthenticatedSession(region string) (*session.Session, error) { func NewAuthenticatedSessionFromDefaultCredentials(region string) (*session.Session, error) { awsConfig := aws.NewConfig().WithRegion(region) - if loaclStackUrl, ok := os.LookupEnv(LocalStackEnvVar); ok { + if localStackUrl, ok := os.LookupEnv(LocalStackEnvVar); ok { awsAccessKeyId := "test" awsSecretAccessKey := "test" @@ -45,7 +45,7 @@ func NewAuthenticatedSessionFromDefaultCredentials(region string) (*session.Sess awsSecretAccessKey = AWS_SECRET_ACCESS_KEY } - awsConfig = awsConfig.WithEndpoint(loaclStackUrl).WithDisableSSL(true).WithCredentials(credentials.NewStaticCredentials(awsAccessKeyId, awsSecretAccessKey, "")) + awsConfig = awsConfig.WithEndpoint(localStackUrl).WithDisableSSL(true).WithCredentials(credentials.NewStaticCredentials(awsAccessKeyId, awsSecretAccessKey, "")) } sessionOptions := session.Options{ From d46b45273751edd115e0609444a3c42707c2381d Mon Sep 17 00:00:00 2001 From: Blair Hamilton Date: Wed, 14 Dec 2022 13:08:47 -0500 Subject: [PATCH 5/5] adding comment to function with more context --- modules/aws/auth.go | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/aws/auth.go b/modules/aws/auth.go index ed39c0e54..41f036ec6 100644 --- a/modules/aws/auth.go +++ b/modules/aws/auth.go @@ -30,6 +30,7 @@ func NewAuthenticatedSession(region string) (*session.Session, error) { } // NewAuthenticatedSessionFromDefaultCredentials gets an AWS Session, checking that the user has credentials properly configured in their environment. +// if TERRATEST_LOCALSTACK environment variable is set, uses LocalStack Endpoint and Credentials. func NewAuthenticatedSessionFromDefaultCredentials(region string) (*session.Session, error) { awsConfig := aws.NewConfig().WithRegion(region)