Create GetSessionWithAuthSettings (#144)

sarahzinger · web-flow · commit cb4e8d3bf03e · 2024-06-06T10:43:29.000-04:00
diff --git a/pkg/awsds/sessions.go b/pkg/awsds/sessions.go
@@ -73,6 +73,12 @@ var newRemoteCredentials = func(sess *session.Session) *credentials.Credentials
 	return credentials.NewCredentials(defaults.RemoteCredProvider(*sess.Config, sess.Handlers))
 }
 
+type GetSessionConfig struct {
+	Settings      AWSDatasourceSettings
+	HTTPClient    *http.Client
+	UserAgentName *string
+}
+
 type SessionConfig struct {
 	Settings      AWSDatasourceSettings
 	HTTPClient    *http.Client
@@ -100,7 +106,7 @@ func isOptInRegion(region string) bool {
 	return regions[region]
 }
 
-// GetSession returns a session from the config and possible region overrides -- implements AmazonSessionProvider
+// Deprecated: use GetSessionWithAuthSettings instead
 func (sc *SessionCache) GetSession(c SessionConfig) (*session.Session, error) {
 	if c.Settings.Region == "" && c.Settings.DefaultRegion != "" {
 		// DefaultRegion is deprecated, Region should be used instead
@@ -289,6 +295,16 @@ func (sc *SessionCache) GetSession(c SessionConfig) (*session.Session, error) {
 	return sess, nil
 }
 
+// AuthSettings can be grabed from the datasource instance's context with ReadSettingsFromContext
+func (sc *SessionCache) GetSessionWithAuthSettings(c GetSessionConfig, as AuthSettings) (*session.Session, error) {
+	return sc.GetSession(SessionConfig{
+		Settings:      c.Settings,
+		HTTPClient:    c.HTTPClient,
+		UserAgentName: c.UserAgentName,
+		AuthSettings:  &as,
+	})
+}
+
 // getSTSEndpoint returns true if the set endpoint is a fips endpoint
 func isFIPSEndpoint(endpoint string) bool {
 	return strings.Contains(endpoint, "fips") ||
diff --git a/pkg/awsds/sessions_test.go b/pkg/awsds/sessions_test.go
@@ -592,3 +592,21 @@ func TestWithCustomHTTPClient(t *testing.T) {
 	require.NotNil(t, sess)
 	assert.Equal(t, time.Duration(123), sess.Config.HTTPClient.Timeout)
 }
+
+func TestGetSessionWithAuthSettings(t *testing.T) {
+	t.Run("it uses the passed in for auth settings", func(t *testing.T) {
+		sessionConfig := GetSessionConfig{
+			Settings: AWSDatasourceSettings{
+				AuthType:  AuthTypeKeys,
+				AccessKey: "foo",
+				SecretKey: "bar",
+			},
+		}
+		authSettings := AuthSettings{
+			AllowedAuthProviders: []string{"ec2_iam_role"},
+		}
+		sessionCache := NewSessionCache()
+		_, err := sessionCache.GetSessionWithAuthSettings(sessionConfig, authSettings)
+		require.EqualError(t, err, "attempting to use an auth type that is not allowed: \"keys\"")
+	})
+}
