Profile Auth Support JVM system property and Environment Variables #297 (#312)

Author: kmbotts

.github/workflows/lint.yml

@@ -5,6 +5,8 @@ on:
     branches:
       - '*'
       - '!main'
+  pull_request:
+    branches: [ main ]
   workflow_dispatch:
 
 env:

.gitignore

@@ -15,3 +15,4 @@ local.properties
 # ignore generated files
 services/*/generated-src
 services/*/build.gradle.kts
+.kotest/

aws-runtime/auth/build.gradle.kts

@@ -8,6 +8,7 @@ extra["displayName"] = "Software :: AWS :: Kotlin SDK :: Auth"
 extra["moduleName"] = "aws.sdk.kotlin.runtime.auth"
 
 val smithyKotlinVersion: String by project
+val kotestVersion: String by project
 
 kotlin {
     sourceSets {
@@ -26,5 +27,10 @@ kotlin {
                 implementation(project(":aws-runtime:testing"))
             }
         }
+        jvmTest {
+            dependencies {
+                implementation("io.kotest:kotest-runner-junit5:$kotestVersion")
+            }
+        }
     }
 }

aws-runtime/auth/common/src/aws/sdk/kotlin/runtime/auth/ProfileCredentialsProvider.kt

@@ -25,8 +25,16 @@ public class ProfileCredentialsProvider public constructor(
     override val crtProvider: ProfileCredentialsProviderCrt = ProfileCredentialsProviderCrt.build {
         clientBootstrap = SdkDefaultIO.ClientBootstrap
         tlsContext = SdkDefaultIO.TlsContext
-        this.profileName = profileName
+        this.profileName = profileName ?: loadProfileName()
         this.configFileName = configFileName
         this.credentialsFileName = credentialsFileName
     }
 }
+
+/**
+ * Attempts to load profile name using the following priority,
+ * if neither are available, profileName will remain blank.
+ * 1. JVM System Property
+ * 2. Environment Variable
+ */
+internal expect fun loadProfileName(): String?

aws-runtime/auth/jvm/src/aws/sdk/kotlin/runtime/auth/ProfileCredentialsProviderJvm.kt

@@ -0,0 +1,21 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+
+package aws.sdk.kotlin.runtime.auth
+
+import aws.sdk.kotlin.runtime.AwsSdkSetting
+
+/**
+ * Attempts to load profile name using the following priority,
+ * if neither are available, profileName will remain blank.
+ * 1. JVM System Property
+ * 2. Environment Variable
+ */
+internal actual fun loadProfileName(): String? {
+    val profileSysPropOverride = System.getProperty(AwsSdkSetting.AwsProfile.jvmProperty, "")
+    return profileSysPropOverride.ifEmpty {
+        System.getenv().getOrDefault(AwsSdkSetting.AwsProfile.environmentVariable, null)
+    }
+}

aws-runtime/auth/jvm/test/aws/sdk/kotlin/runtime/auth/ProfileCredentialsProviderTest.kt

@@ -5,35 +5,80 @@
 
 package aws.sdk.kotlin.runtime.auth
 
+import aws.sdk.kotlin.runtime.AwsSdkSetting
+import io.kotest.extensions.system.withEnvironment
 import kotlinx.coroutines.runBlocking
+import org.junit.jupiter.api.AfterAll
+import org.junit.jupiter.api.BeforeAll
 import java.nio.file.Files
+import java.nio.file.Path
 import kotlin.test.Test
 import kotlin.test.assertEquals
 
 class ProfileCredentialsProviderTest {
     companion object {
-        private const val ID = "abcd"
-        private const val KEY = "efgh"
-        private val EXPECTED_CREDS = Credentials(ID, KEY, null)
+        private const val DEFAULT_ID = "defaultId"
+        private const val DEFAULT_KEY = "defaultKey"
+        private val EXPECTED_DEFAULT_CREDS = Credentials(DEFAULT_ID, DEFAULT_KEY, null)
+
+        private const val PROFILE_ID = "profileId"
+        private const val PROFILE_KEY = "profileKey"
+        private val EXPECTED_PROFILE_CREDS = Credentials(PROFILE_ID, PROFILE_KEY, null)
+
+        private lateinit var credsPath: Path
+
+        @BeforeAll
+        @JvmStatic
+        fun setup() {
+            credsPath = Files.createTempFile("ProfileCredentialsProviderTest_creds", "")
+            credsPath.toFile().writeText(
+                """
+                [default]
+                aws_access_key_id = $DEFAULT_ID
+                aws_secret_access_key = $DEFAULT_KEY
+                
+                [unique-profile-name]
+                aws_access_key_id = $PROFILE_ID
+                aws_secret_access_key = $PROFILE_KEY
+                """.trimIndent()
+            )
+        }
+
+        @AfterAll
+        @JvmStatic
+        fun teardown() {
+            Files.deleteIfExists(credsPath)
+        }
     }
 
     @Test
-    fun `it should create a provider for a valid profile`() = runBlocking {
-        val credsPath = Files.createTempFile("ProfileCredentialsProviderTest_creds", "")
-        credsPath.toFile().writeText(
-            """
-                [default]
-                aws_access_key_id = $ID
-                aws_secret_access_key = $KEY
-            """.trimIndent()
-        )
+    fun `it should create a provider for a default profile`() = runBlocking {
+        val provider = ProfileCredentialsProvider(credentialsFileName = credsPath.toString())
+        val actual = provider.getCredentials()
+        assertEquals(EXPECTED_DEFAULT_CREDS, actual)
+    }
 
-        try {
+    @Test
+    fun `it should create a provider for a unique profile specified in constructor`() = runBlocking {
+        val provider = ProfileCredentialsProvider(profileName = "unique-profile-name", credentialsFileName = credsPath.toString())
+        val actual = provider.getCredentials()
+        assertEquals(EXPECTED_PROFILE_CREDS, actual)
+    }
+
+    @Test
+    fun `it should create a provider for a unique profile specified from JVM Property`() = runBlocking {
+        System.setProperty(AwsSdkSetting.AwsProfile.jvmProperty, "unique-profile-name")
+        val provider = ProfileCredentialsProvider(credentialsFileName = credsPath.toString())
+        val actual = provider.getCredentials()
+        assertEquals(EXPECTED_PROFILE_CREDS, actual)
+    }
+
+    @Test
+    fun `it should create a provider for a unique profile specified from Environment Variable`() = runBlocking {
+        withEnvironment(AwsSdkSetting.AwsProfile.environmentVariable, "unique-profile-name") {
             val provider = ProfileCredentialsProvider(credentialsFileName = credsPath.toString())
             val actual = provider.getCredentials()
-            assertEquals(EXPECTED_CREDS, actual)
-        } finally {
-            Files.deleteIfExists(credsPath)
+            assertEquals(EXPECTED_PROFILE_CREDS, actual)
         }
     }
 }

aws-runtime/aws-core/common/src/aws/sdk/kotlin/runtime/AwsSdkSetting.kt

@@ -57,4 +57,9 @@ public sealed class AwsSdkSetting<T> (
      * For example, AWS Lambda will automatically specify a runtime indicating that the SDK is being used within Lambda.
      */
     public object AwsExecutionEnv : AwsSdkSetting<String>("AWS_EXECUTION_ENV", "aws.executionEnvironment")
+
+    /**
+     *  The name of the default profile that should be loaded from config
+     */
+    public object AwsProfile : AwsSdkSetting<String>("AWS_PROFILE", "aws.profile", "default")
 }