diff --git a/scripts/create_minio_credential_file.sh b/scripts/create_minio_credential_file.sh index 0814285..ab08d71 100755 --- a/scripts/create_minio_credential_file.sh +++ b/scripts/create_minio_credential_file.sh @@ -28,17 +28,6 @@ aws_session_token=completelybogussessiontoken aws_access_key_id= aws_secret_access_key= aws_session_token= - -[assume-role-arn] -source_profile = default -role_arn = arn:aws:iam::840140254803:role/pyiceberg-etl-role -region = us-east-2 - -[assume-role-arn-external-id] -source_profile = default -role_arn = arn:aws:iam::840140254803:role/pyiceberg-etl-role -region = us-east-2 -external_id = 128289344 " # Write the credentials configuration to the file @@ -54,8 +43,19 @@ region=eu-west-1 [profile minio-testing-invalid] region=the-moon-123 -[minio-testing-empty] +[profile minio-testing-empty] region= + +[profile assume-role-arn] +source_profile = default +role_arn = arn:aws:iam::840140254803:role/pyiceberg-etl-role +region = us-east-2 + +[profile assume-role-arn-external-id] +source_profile = default +role_arn = arn:aws:iam::840140254803:role/pyiceberg-etl-role +region = us-east-2 +external_id = 128289344 " # Write the config to the file diff --git a/src/aws_secret.cpp b/src/aws_secret.cpp index b5a95b6..e6e7b06 100644 --- a/src/aws_secret.cpp +++ b/src/aws_secret.cpp @@ -44,9 +44,9 @@ static struct { //! Parse and set the remaining options static void ParseCoreS3Config(CreateSecretInput &input, KeyValueSecret &secret) { - vector options = {"key_id", "secret", "region", - "endpoint", "session_token", "endpoint", - "url_style", "use_ssl", "s3_url_compatibility_mode"}; + vector options = {"key_id", "secret", "region", + "endpoint", "session_token", "url_style", + "use_ssl", "s3_url_compatibility_mode"}; for (const auto &val : options) { auto set_region_param = input.options.find(val); if (set_region_param != input.options.end()) { @@ -65,26 +65,25 @@ static unique_ptr ConstructBaseS3Secret(vector &prefix_p static Aws::Config::Profile GetProfile(const string &profile_name, const bool require_profile) { Aws::Config::Profile selected_profile; - // get file path where aws credentials are stored. - // comes from AWS_SHARED_CREDENTIALS_FILE - auto credentials_file_path = Aws::Auth::ProfileConfigFileAWSCredentialsProvider::GetCredentialsProfileFilename(); + // get file path where aws config is stored. + // comes from AWS_CONFIG_FILE + auto config_file_path = Aws::Auth::GetConfigProfileFilename(); // get the profile from within that file Aws::Map profiles; - Aws::Config::AWSConfigFileProfileConfigLoader loader(credentials_file_path); + Aws::Config::AWSConfigFileProfileConfigLoader loader(config_file_path, true); if (loader.Load()) { profiles = loader.GetProfiles(); for (const auto &entry : profiles) { const Aws::String &profileName = entry.first; if (profileName == profile_name) { selected_profile = entry.second; - auto &url = selected_profile.GetValue("endpoint"); return selected_profile; } } } if (require_profile) { - throw InvalidConfigurationException("Secret Validation Failure: no profile '%s' found in credentials file %s", - profile_name, credentials_file_path); + throw InvalidConfigurationException("Secret Validation Failure: no profile '%s' found in config file %s", + profile_name, config_file_path); } return selected_profile; // empty profile } @@ -313,7 +312,6 @@ static unique_ptr CreateAWSSecretFromCredentialChain(ClientContext & result->secret_map["refresh_info"] = Value::STRUCT(struct_fields); } - AwsSetCredentialsResult ret; if (!credentials.IsExpiredOrEmpty()) { result->secret_map["key_id"] = Value(credentials.GetAWSAccessKeyId()); result->secret_map["secret"] = Value(credentials.GetAWSSecretKey()); @@ -356,7 +354,7 @@ void CreateAwsSecretFunctions::InitializeCurlCertificates(DatabaseInstance &db) struct stat buf; if (stat(caFile.c_str(), &buf) == 0) { SELECTED_CURL_CERT_PATH = caFile; - DUCKDB_LOG_DEBUG(db, "aws.CaCertificateDetection", "CA path: %s", SELECTED_CURL_CERT_PATH); + DUCKDB_LOG_DEBUG(db, "aws.CaCertificateDetection: CA path: %s", SELECTED_CURL_CERT_PATH); return; } }