Skip to content

Fix default profile handling when parsing AWS configuration files #727

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Jul 3, 2025
Merged

Fix default profile handling when parsing AWS configuration files #727

merged 7 commits into from
Jul 3, 2025

Conversation

@omus
Copy link
Member

@omus omus commented Jul 2, 2025
edited
Loading

While working on #726 it was noticed that one of our AWSConfig tests was falling back to getting the region from IMDS when it should have been getting that information from the AWS configuration file via source_profile. This PR updates the internal function _aws_profile_config to combine the various configuration sections with all of the options inherited via source_profile.

In #726 I noticed that some tests which appeared to be unit tests were failing as they would attempt to fallback on IMDS to determine the region. This made me investigate the internals of the _aws_profile_config and address some minor issues.

omus
omus commented Jul 2, 2025
View reviewed changes
src/utilities/credentials.jl
Comment on lines 39 to 44
if profile != "default" || !haskey(sections(ini), "default")
profile = "profile $profile"
# Prefer using "profile default" over "default"
section_name = if profile != "default" || haskey(sections(ini), "profile default")
"profile $profile"
else
"default"
end
Copy link
Member Author

@omus omus Jul 2, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note the previous logic was to prefer default over profile default which deviates from the AWS CLI preference.

@omus omus marked this pull request as ready for review July 2, 2025 15:59
@omus omus mentioned this pull request Jul 2, 2025
Merged
@omus
Copy link
Member Author

omus commented Jul 2, 2025
edited
Loading

Made this feature opt-in as other logic in this code base expects only the one profile to be loaded. I discovered this in #726 and I thought it best to keep things simple for now and maybe we can use the recursive approach across the board in an future update.

@omus omus changed the title Improve AWS config support for source_profile Add recursive AWS config support via source_profile Jul 2, 2025
@omus omus changed the title Add recursive AWS config support via source_profile Improve recursive AWS config support via source_profile Jul 2, 2025
maganaluis
maganaluis approved these changes Jul 2, 2025
View reviewed changes
test/unit/AWSCredentials.jl Outdated
source_profile = test
role_arn = arn:aws:iam::123456789000:role/Dev
[profile test:sub-dev]
Copy link
Collaborator

@maganaluis maganaluis Jul 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this now supports chained roles, the max time for the session is one hour. Would this time limit cause any other issues?

Copy link
Member Author

@omus omus Jul 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We supported role chaining before this change so nothing really changed here. Any issues that existed before would still be present

@omus omus changed the title Improve recursive AWS config support via source_profile Fix default profile handling when parsing AWS configuration files Jul 2, 2025
@omus
Copy link
Member Author

omus commented Jul 2, 2025

PR has been revised to no longer support inheritance as AWS configurations don't usually support that (annoyingly).

@omus omus requested a review from maganaluis July 2, 2025 21:02
@omus omus enabled auto-merge July 3, 2025 13:14
@omus omus added this pull request to the merge queue Jul 3, 2025
Merged via the queue into master with commit a883442 Jul 3, 2025
7 checks passed
@omus omus deleted the cv/aws-profile-config branch July 3, 2025 13:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maganaluis maganaluis maganaluis approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@omus @maganaluis