From 06645534c31d6f116a338c7d5e97a5af12eda946 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hans=20H=C3=BCbner?= Date: Wed, 13 Sep 2023 16:22:19 +0200 Subject: [PATCH] fix: remove more module-level uses of config.global (#83) --- README.md | 5 +++++ .../aws/credentials/CredentialProviderChain.lua | 4 ++-- .../aws/credentials/EnvironmentCredentials.lua | 5 ++++- src/resty/aws/credentials/RemoteCredentials.lua | 14 ++++++-------- .../TokenFileWebIdentityCredentials.lua | 12 ++++-------- 5 files changed, 21 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index d896144..9f6e2f3 100644 --- a/README.md +++ b/README.md @@ -169,6 +169,11 @@ Release process: 1. upload using: `VERSION=x.y.z APIKEY=abc... make upload` 1. test installing the rock from LuaRocks +### 1.3.4 (13-Sep-2023) + +- fix: remove more module-level uses of config.global + [83](https://github.com/Kong/lua-resty-aws/pull/83) + ### 1.3.3 (13-Sep-2023) - fix: don't invoke region detection code on the module toplevel and advise against trying to. diff --git a/src/resty/aws/credentials/CredentialProviderChain.lua b/src/resty/aws/credentials/CredentialProviderChain.lua index c659270..f54bd05 100644 --- a/src/resty/aws/credentials/CredentialProviderChain.lua +++ b/src/resty/aws/credentials/CredentialProviderChain.lua @@ -8,7 +8,7 @@ local CredentialProviderChain = setmetatable({}, Super) CredentialProviderChain.__index = CredentialProviderChain -local AWS_EC2_METADATA_DISABLED = require("resty.aws.config").global.AWS_EC2_METADATA_DISABLED +local aws_config = require("resty.aws.config") CredentialProviderChain.defaultProviders = {} do @@ -36,7 +36,7 @@ CredentialProviderChain.defaultProviders = {} do add_if_exists("RemoteCredentials") -- since "ECSCredentials" doesn't exist? and for ECS RemoteCredentials is used??? add_if_exists("ProcessCredentials") add_if_exists("TokenFileWebIdentityCredentials") - if AWS_EC2_METADATA_DISABLED then + if aws_config.global.AWS_EC2_METADATA_DISABLED then ngx.log(ngx.DEBUG, "AWS_EC2_METADATA_DISABLED is set, skipping EC2MetadataCredentials provider") else add_if_exists("EC2MetadataCredentials") diff --git a/src/resty/aws/credentials/EnvironmentCredentials.lua b/src/resty/aws/credentials/EnvironmentCredentials.lua index 75a2e95..082b3db 100644 --- a/src/resty/aws/credentials/EnvironmentCredentials.lua +++ b/src/resty/aws/credentials/EnvironmentCredentials.lua @@ -2,6 +2,9 @@ -- @classmod EnvironmentCredentials +local aws_config = require("resty.aws.config") + + -- Create class local Super = require "resty.aws.credentials.Credentials" local EnvironmentCredentials = setmetatable({}, Super) @@ -33,7 +36,7 @@ end -- updates credentials. -- @return success, or nil+err function EnvironmentCredentials:refresh() - local global_config = require("resty.aws.config").global + local global_config = aws_config.global local access = os.getenv(self.envPrefix .. "_ACCESS_KEY_ID") or global_config[self.envPrefix .. "_ACCESS_KEY_ID"] if not access then diff --git a/src/resty/aws/credentials/RemoteCredentials.lua b/src/resty/aws/credentials/RemoteCredentials.lua index 09b919e..ecc1859 100644 --- a/src/resty/aws/credentials/RemoteCredentials.lua +++ b/src/resty/aws/credentials/RemoteCredentials.lua @@ -25,21 +25,19 @@ local FullUri do return t end - local global_config = require("resty.aws.config").global + local aws_config = require("resty.aws.config") - local ENV_RELATIVE_URI = global_config.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI - local ENV_FULL_URI = global_config.AWS_CONTAINER_CREDENTIALS_FULL_URI local FULL_URI_UNRESTRICTED_PROTOCOLS = makeset { "https" } local FULL_URI_ALLOWED_PROTOCOLS = makeset { "http", "https" } local FULL_URI_ALLOWED_HOSTNAMES = makeset { "localhost", "127.0.0.1" } local RELATIVE_URI_HOST = '169.254.170.2' local function getFullUri() - if ENV_RELATIVE_URI then - return 'http://' .. RELATIVE_URI_HOST .. ENV_RELATIVE_URI + if aws_config.global.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI then + return 'http://' .. RELATIVE_URI_HOST .. aws_config.global.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI - elseif ENV_FULL_URI then - local parsed_url = url.parse(ENV_FULL_URI) + elseif aws_config.global.AWS_CONTAINER_CREDENTIALS_FULL_URI then + local parsed_url = url.parse(aws_config.global.AWS_CONTAINER_CREDENTIALS_FULL_URI) if not FULL_URI_ALLOWED_PROTOCOLS[parsed_url.scheme] then return nil, 'Unsupported protocol, must be one of ' @@ -55,7 +53,7 @@ local FullUri do .. parsed_url.host .. ' requested.' end - return ENV_FULL_URI + return aws_config.global.AWS_CONTAINER_CREDENTIALS_FULL_URI else return nil, 'Environment variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI or ' diff --git a/src/resty/aws/credentials/TokenFileWebIdentityCredentials.lua b/src/resty/aws/credentials/TokenFileWebIdentityCredentials.lua index 9fa0c70..3fc0158 100644 --- a/src/resty/aws/credentials/TokenFileWebIdentityCredentials.lua +++ b/src/resty/aws/credentials/TokenFileWebIdentityCredentials.lua @@ -4,11 +4,7 @@ local readfile = require("pl.utils").readfile local lom = require("lxp.lom") - -local global_config = require("resty.aws.config").global -local AWS_ROLE_ARN = global_config.role_arn -local AWS_WEB_IDENTITY_TOKEN_FILE = global_config.web_identity_token_file -local AWS_ROLE_SESSION_NAME = global_config.role_session_name or "session@lua-resty-aws" +local aws_config = require("resty.aws.config") -- Create class @@ -29,14 +25,14 @@ function TokenFileWebIdentityCredentials:new(opts) opts = opts or {} self.token_file = assert( - opts.token_file or AWS_WEB_IDENTITY_TOKEN_FILE, + opts.token_file or aws_config.global.AWS_WEB_IDENTITY_TOKEN_FILE, "either 'opts.token_file' or environment variable 'AWS_WEB_IDENTITY_TOKEN_FILE' must be set" ) self.role_arn = assert( - opts.role_arn or AWS_ROLE_ARN, + opts.role_arn or aws_config.global.AWS_ROLE_ARN, "either 'opts.role_arn' or environment variable 'AWS_ROLE_ARN' must be set" ) - self.session_name = opts.session_name or AWS_ROLE_SESSION_NAME + self.session_name = opts.session_name or aws_config.global.AWS_ROLE_SESSION_NAME or "session@lua-resty-aws" return self end