Skip to content

Commit

Permalink
fix: remove more module-level uses of config.global (#83)
Browse files Browse the repository at this point in the history
  • Loading branch information
hanshuebner authored Sep 13, 2023
1 parent 078bc30 commit 0664553
Show file tree
Hide file tree
Showing 5 changed files with 21 additions and 19 deletions.
5 changes: 5 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,11 @@ Release process:
1. upload using: `VERSION=x.y.z APIKEY=abc... make upload`
1. test installing the rock from LuaRocks

### 1.3.4 (13-Sep-2023)

- fix: remove more module-level uses of config.global
[83](https://github.com/Kong/lua-resty-aws/pull/83)

### 1.3.3 (13-Sep-2023)

- fix: don't invoke region detection code on the module toplevel and advise against trying to.
Expand Down
4 changes: 2 additions & 2 deletions src/resty/aws/credentials/CredentialProviderChain.lua
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ local CredentialProviderChain = setmetatable({}, Super)
CredentialProviderChain.__index = CredentialProviderChain


local AWS_EC2_METADATA_DISABLED = require("resty.aws.config").global.AWS_EC2_METADATA_DISABLED
local aws_config = require("resty.aws.config")


CredentialProviderChain.defaultProviders = {} do
Expand Down Expand Up @@ -36,7 +36,7 @@ CredentialProviderChain.defaultProviders = {} do
add_if_exists("RemoteCredentials") -- since "ECSCredentials" doesn't exist? and for ECS RemoteCredentials is used???
add_if_exists("ProcessCredentials")
add_if_exists("TokenFileWebIdentityCredentials")
if AWS_EC2_METADATA_DISABLED then
if aws_config.global.AWS_EC2_METADATA_DISABLED then
ngx.log(ngx.DEBUG, "AWS_EC2_METADATA_DISABLED is set, skipping EC2MetadataCredentials provider")
else
add_if_exists("EC2MetadataCredentials")
Expand Down
5 changes: 4 additions & 1 deletion src/resty/aws/credentials/EnvironmentCredentials.lua
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@
-- @classmod EnvironmentCredentials


local aws_config = require("resty.aws.config")


-- Create class
local Super = require "resty.aws.credentials.Credentials"
local EnvironmentCredentials = setmetatable({}, Super)
Expand Down Expand Up @@ -33,7 +36,7 @@ end
-- updates credentials.
-- @return success, or nil+err
function EnvironmentCredentials:refresh()
local global_config = require("resty.aws.config").global
local global_config = aws_config.global

local access = os.getenv(self.envPrefix .. "_ACCESS_KEY_ID") or global_config[self.envPrefix .. "_ACCESS_KEY_ID"]
if not access then
Expand Down
14 changes: 6 additions & 8 deletions src/resty/aws/credentials/RemoteCredentials.lua
Original file line number Diff line number Diff line change
Expand Up @@ -25,21 +25,19 @@ local FullUri do
return t
end

local global_config = require("resty.aws.config").global
local aws_config = require("resty.aws.config")

local ENV_RELATIVE_URI = global_config.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
local ENV_FULL_URI = global_config.AWS_CONTAINER_CREDENTIALS_FULL_URI
local FULL_URI_UNRESTRICTED_PROTOCOLS = makeset { "https" }
local FULL_URI_ALLOWED_PROTOCOLS = makeset { "http", "https" }
local FULL_URI_ALLOWED_HOSTNAMES = makeset { "localhost", "127.0.0.1" }
local RELATIVE_URI_HOST = '169.254.170.2'

local function getFullUri()
if ENV_RELATIVE_URI then
return 'http://' .. RELATIVE_URI_HOST .. ENV_RELATIVE_URI
if aws_config.global.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI then
return 'http://' .. RELATIVE_URI_HOST .. aws_config.global.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI

elseif ENV_FULL_URI then
local parsed_url = url.parse(ENV_FULL_URI)
elseif aws_config.global.AWS_CONTAINER_CREDENTIALS_FULL_URI then
local parsed_url = url.parse(aws_config.global.AWS_CONTAINER_CREDENTIALS_FULL_URI)

if not FULL_URI_ALLOWED_PROTOCOLS[parsed_url.scheme] then
return nil, 'Unsupported protocol, must be one of '
Expand All @@ -55,7 +53,7 @@ local FullUri do
.. parsed_url.host .. ' requested.'
end

return ENV_FULL_URI
return aws_config.global.AWS_CONTAINER_CREDENTIALS_FULL_URI

else
return nil, 'Environment variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI or '
Expand Down
12 changes: 4 additions & 8 deletions src/resty/aws/credentials/TokenFileWebIdentityCredentials.lua
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,7 @@
local readfile = require("pl.utils").readfile
local lom = require("lxp.lom")


local global_config = require("resty.aws.config").global
local AWS_ROLE_ARN = global_config.role_arn
local AWS_WEB_IDENTITY_TOKEN_FILE = global_config.web_identity_token_file
local AWS_ROLE_SESSION_NAME = global_config.role_session_name or "session@lua-resty-aws"
local aws_config = require("resty.aws.config")


-- Create class
Expand All @@ -29,14 +25,14 @@ function TokenFileWebIdentityCredentials:new(opts)

opts = opts or {}
self.token_file = assert(
opts.token_file or AWS_WEB_IDENTITY_TOKEN_FILE,
opts.token_file or aws_config.global.AWS_WEB_IDENTITY_TOKEN_FILE,
"either 'opts.token_file' or environment variable 'AWS_WEB_IDENTITY_TOKEN_FILE' must be set"
)
self.role_arn = assert(
opts.role_arn or AWS_ROLE_ARN,
opts.role_arn or aws_config.global.AWS_ROLE_ARN,
"either 'opts.role_arn' or environment variable 'AWS_ROLE_ARN' must be set"
)
self.session_name = opts.session_name or AWS_ROLE_SESSION_NAME
self.session_name = opts.session_name or aws_config.global.AWS_ROLE_SESSION_NAME or "session@lua-resty-aws"

return self
end
Expand Down

0 comments on commit 0664553

Please sign in to comment.