[login] simplify code by using built-in NewEnvFromConfig of AWS SDK

99designs · Mar 7, 2022 · d07990f · d07990f
1 parent 1c50927
commit d07990f
Show file tree

Hide file tree

Showing 6 changed files with 21 additions and 113 deletions.
diff --git a/cli/login.go b/cli/login.go
@@ -95,10 +95,7 @@ func LoginCommand(input LoginCommandInput, f *vault.ConfigFile, keyring keyring.
 
 	if input.ProfileName == "" {
 		// When no profile is specified, source credentials from the environment
-		credsProvider, err = vault.NewEnvironmentCredentialsProvider()
-		if err != nil {
-			return fmt.Errorf("using credentials from environment: %w", err)
-		}
+		credsProvider = vault.NewEnvironmentCredentialsProvider()
 	} else {
 		// Use a profile from the AWS config file
 		ckr := &vault.CredentialKeyring{Keyring: keyring}

diff --git a/go.mod b/go.mod
@@ -6,6 +6,7 @@ require (
 	github.com/99designs/keyring v1.2.0
 	github.com/alecthomas/kingpin v0.0.0-20200323085623-b6657d9477a6
 	github.com/aws/aws-sdk-go-v2 v1.14.0
+	github.com/aws/aws-sdk-go-v2/config v1.14.0
 	github.com/aws/aws-sdk-go-v2/service/iam v1.17.0
 	github.com/aws/aws-sdk-go-v2/service/sso v1.10.0
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.11.0
@@ -22,8 +23,11 @@ require (
 	github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4 // indirect
 	github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
 	github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.9.0 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.11.0 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.5 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.3.0 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.6 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.8.0 // indirect
 	github.com/aws/smithy-go v1.11.0 // indirect
 	github.com/danieljoos/wincred v1.1.2 // indirect

diff --git a/go.sum b/go.sum
@@ -12,10 +12,18 @@ github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 h1:s6gZFSlWYmbqAu
 github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE=
 github.com/aws/aws-sdk-go-v2 v1.14.0 h1:IzSYBJHu0ZdUi27kIW6xVrs0eSxI4AzwbenzfXhhVs4=
 github.com/aws/aws-sdk-go-v2 v1.14.0/go.mod h1:ZA3Y8V0LrlWj63MQAnRHgKf/5QB//LSZCPNWlWrNGLU=
+github.com/aws/aws-sdk-go-v2/config v1.14.0 h1:Yr8/7R6H8nqqfqgLATrcB83ax6FE2HcDXEB54XPhE98=
+github.com/aws/aws-sdk-go-v2/config v1.14.0/go.mod h1:GKDRrvsq/PTaOYc9252u8Uah1hsIdtor4oIrFvUNPNM=
+github.com/aws/aws-sdk-go-v2/credentials v1.9.0 h1:R3Q5s1uGLUg0aUzi+oRaUqRXhd17G/9+PiVnAwXp4sY=
+github.com/aws/aws-sdk-go-v2/credentials v1.9.0/go.mod h1:PyHKqk/+tJuDY7T8R580S1j/AcSD+ODeUZ99CAUKLqQ=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.11.0 h1:CkM4d3lNeMXMZ0BDX3BtCktnKA1Ftud84Hb6d+Ix4Rk=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.11.0/go.mod h1:rwdUKJV5rm+vHu1ncD1iGDqahBEL8O0tBjVqo9eO2N0=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.5 h1:+phazLmKkjBYhFTsGYH9J7jgnA8+Aer2yE4QeS4zn6A=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.5/go.mod h1:2hXc8ooJqF2nAznsbJQIn+7h851/bu8GVC80OVTTqf8=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.3.0 h1:PO+HNeJBeRK0yVD9CQZ+VUrYfd5sXqS7YdPYHHcDkR4=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.3.0/go.mod h1:miRSv9l093jX/t/j+mBCaLqFHo9xKYzJ7DGm1BsGoJM=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.6 h1:c8s9EhIPVFMFS+R1+rtEghGrf7v83gSUWbcCYX/OPes=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.6/go.mod h1:o1ippSg3yJx5EuT4AOGXJCUcmt5vrcxla1cg6K1Q8Iw=
 github.com/aws/aws-sdk-go-v2/service/iam v1.17.0 h1:lG9Hx7BGOiVFTS0qJ0nM//yCxvGNxoqzfOSvo2dpsl0=
 github.com/aws/aws-sdk-go-v2/service/iam v1.17.0/go.mod h1:1o13iK9CH2OanAQZpbxKdhGj23ij4V8ZZ9DFnSve3fc=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.8.0 h1:JNMALY8/ZnFsfAzBHtC4gq8JeZPANmIoI2VaBgYzbf8=

diff --git a/vault/environmentvariablescredentialsprovider.go b/vault/environmentvariablescredentialsprovider.go
@@ -4,56 +4,18 @@ import (
 	"context"
 	"fmt"
 	"github.com/aws/aws-sdk-go-v2/aws"
-	"log"
-	"os"
+	"github.com/aws/aws-sdk-go-v2/config"
 )
 
 // EnvironmentVariablesCredentialsProvider retrieves AWS credentials available in the OS environment variables
 type EnvironmentVariablesCredentialsProvider struct {
-	env EnvironmentVariablesProvider
 }
 
-const accessKeyIdEnvKey = "AWS_ACCESS_KEY_ID"
-const secretAccessKeyEnvKey = "AWS_SECRET_ACCESS_KEY"
-const sessionTokenEnvKey = "AWS_SESSION_TOKEN"
-
-func (m *EnvironmentVariablesCredentialsProvider) Retrieve(context.Context) (creds aws.Credentials, err error) {
-	accessKeyId := m.env.Get(accessKeyIdEnvKey)
-	secretAccessKey := m.env.Get(secretAccessKeyEnvKey)
-	sessionToken := m.env.Get(sessionTokenEnvKey)
-
-	if accessKeyId == "" || secretAccessKey == "" {
-		err := fmt.Errorf(
-			"missing AWS credentials in your environment.\n You need to set at least %s and %s, "+
-				"or use use aws-vault login <profile> to source credentials from your keychain",
-			accessKeyIdEnvKey, secretAccessKeyEnvKey,
-		)
+func (m *EnvironmentVariablesCredentialsProvider) Retrieve(context.Context) (aws.Credentials, error) {
+	configFromEnv, err := config.NewEnvConfig()
+	if err != nil {
+		err := fmt.Errorf("unable to authenticate to AWS through your environment variables: %w", err)
 		return aws.Credentials{}, err
 	}
-
-	if sessionToken == "" {
-		log.Printf("%s not found in environment variables. If using aws-vault login, "+
-			"you need to specify it in your environment since generating a sign-in link requires temporary credentials",
-			sessionTokenEnvKey,
-		)
-	}
-
-	return aws.Credentials{
-		AccessKeyID:     accessKeyId,
-		SecretAccessKey: secretAccessKey,
-		SessionToken:    sessionToken,
-		CanExpire:       sessionToken != "",
-	}, nil
-}
-
-// EnvironmentVariablesProvider is an interface to retrieve the value of environment variables
-// Useful for testing
-type EnvironmentVariablesProvider interface {
-	Get(name string) string
-}
-
-type environmentVariablesProviderImpl struct{}
-
-func (m *environmentVariablesProviderImpl) Get(name string) string {
-	return os.Getenv(name)
+	return configFromEnv.Credentials, nil
 }
diff --git a/vault/environmentvariablescredentialsprovider_test.go b/vault/environmentvariablescredentialsprovider_test.go
diff --git a/vault/vault.go b/vault/vault.go
@@ -291,10 +291,8 @@ func NewFederationTokenCredentialsProvider(profileName string, k *CredentialKeyr
 	}, nil
 }
 
-func NewEnvironmentCredentialsProvider() (aws.CredentialsProvider, error) {
-	return &EnvironmentVariablesCredentialsProvider{
-		env: &environmentVariablesProviderImpl{},
-	}, nil
+func NewEnvironmentCredentialsProvider() aws.CredentialsProvider {
+	return &EnvironmentVariablesCredentialsProvider{}
 }
 
 func FindMasterCredentialsNameFor(profileName string, keyring *CredentialKeyring, config *Config) (string, error) {