Skip to content

Commit

Permalink
Merge pull request vmware-tanzu#303 from kaovilai/kopias3profilecred-…
Browse files Browse the repository at this point in the history
…konveyor-dev

kopia/repository/config/aws.go: Set session.Options profile from config
  • Loading branch information
weshayutin authored Oct 26, 2023
2 parents 568c8b2 + 45b6593 commit 00308dd
Show file tree
Hide file tree
Showing 4 changed files with 86 additions and 30 deletions.
1 change: 1 addition & 0 deletions changelogs/unreleased/6997-kaovilai
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Fix unified repository (kopia) s3 credentials profile selection
31 changes: 2 additions & 29 deletions pkg/apis/velero/v2alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion pkg/repository/config/aws.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ func GetS3ResticEnvVars(config map[string]string) (map[string]string, error) {
result[awsSecretKeyEnvVar] = creds.SecretAccessKey
result[awsSessTokenEnvVar] = creds.SessionToken
result[awsCredentialsFileEnvVar] = ""
result[awsProfileEnvVar] = ""
result[awsProfileEnvVar] = "" // profile is not needed since we have the credentials from profile via GetS3Credentials
result[awsConfigFileEnvVar] = ""
}

Expand All @@ -87,6 +87,7 @@ func GetS3Credentials(config map[string]string) (*credentials.Value, error) {
opts.SharedConfigFiles = append(opts.SharedConfigFiles, credentialsFile)
opts.SharedConfigState = session.SharedConfigEnable
}
opts.Profile = config[awsProfileKey]

sess, err := session.NewSessionWithOptions(opts)
if err != nil {
Expand Down
81 changes: 81 additions & 0 deletions pkg/repository/config/aws_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,11 @@ limitations under the License.
package config

import (
"os"
"reflect"
"testing"

"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/stretchr/testify/require"
)

Expand Down Expand Up @@ -63,3 +66,81 @@ func TestGetS3ResticEnvVars(t *testing.T) {
})
}
}

func TestGetS3CredentialsCorrectlyUseProfile(t *testing.T) {
type args struct {
config map[string]string
secretFileContents string
}
tests := []struct {
name string
args args
want *credentials.Value
wantErr bool
}{
{
name: "Test GetS3Credentials use profile correctly",
args: args{
config: map[string]string{
"profile": "some-profile",
},
secretFileContents: `[default]
aws_access_key_id = default-access-key-id
aws_secret_access_key = default-secret-access-key
[profile some-profile]
aws_access_key_id = some-profile-access-key-id
aws_secret_access_key = some-profile-secret-access-key
`,
},
want: &credentials.Value{
AccessKeyID: "some-profile-access-key-id",
SecretAccessKey: "some-profile-secret-access-key",
},
},
{
name: "Test GetS3Credentials default to default profile",
args: args{
config: map[string]string{},
secretFileContents: `[default]
aws_access_key_id = default-access-key-id
aws_secret_access_key = default-secret-access-key
[profile some-profile]
aws_access_key_id = some-profile-access-key-id
aws_secret_access_key = some-profile-secret-access-key
`,
},
want: &credentials.Value{
AccessKeyID: "default-access-key-id",
SecretAccessKey: "default-secret-access-key",
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
tmpFile, err := os.CreateTemp("", "velero-test-aws-credentials")
defer os.Remove(tmpFile.Name())
if err != nil {
t.Errorf("GetS3Credentials() error = %v", err)
return
}
// write the contents of the secret file to the temp file
_, err = tmpFile.WriteString(tt.args.secretFileContents)
if err != nil {
t.Errorf("GetS3Credentials() error = %v", err)
return
}
tt.args.config["credentialsFile"] = tmpFile.Name()
got, err := GetS3Credentials(tt.args.config)
if (err != nil) != tt.wantErr {
t.Errorf("GetS3Credentials() error = %v, wantErr %v", err, tt.wantErr)
return
}
if !reflect.DeepEqual(got.AccessKeyID, tt.want.AccessKeyID) {
t.Errorf("GetS3Credentials() got = %v, want %v", got.AccessKeyID, tt.want.AccessKeyID)
}
if !reflect.DeepEqual(got.SecretAccessKey, tt.want.SecretAccessKey) {
t.Errorf("GetS3Credentials() got = %v, want %v", got.SecretAccessKey, tt.want.SecretAccessKey)
}
})
}
}

0 comments on commit 00308dd

Please sign in to comment.