google: check additional AWS variable
AWS_DEFAULT_REGION should have been checked as a backup to AWS_REGION but wasn't. Also removed a redundant print statement in a test case.
Change-Id: Ia6e13eb20f509110a81e3071228283c43a1e9283
GitHub-Last-Rev: 1a10bcc0791f862983c3e3ae36f0cb73e29db267
GitHub-Pull-Request: golang/oauth2#486
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/302789
Reviewed-by: Cody Oss <codyoss@google.com>
Trust: Cody Oss <codyoss@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
diff --git a/google/internal/externalaccount/aws.go b/google/internal/externalaccount/aws.go
index fbcefb4..cb41c62 100644
--- a/google/internal/externalaccount/aws.go
+++ b/google/internal/externalaccount/aws.go
@@ -342,6 +342,8 @@
func (cs *awsCredentialSource) getRegion() (string, error) {
if envAwsRegion := getenv("AWS_REGION"); envAwsRegion != "" {
return envAwsRegion, nil
+ } if envAwsRegion := getenv("AWS_DEFAULT_REGION"); envAwsRegion != "" {
+ return envAwsRegion, nil
}
if cs.RegionURL == "" {
diff --git a/google/internal/externalaccount/aws_test.go b/google/internal/externalaccount/aws_test.go
index 95ff9ce..669ba1e 100644
--- a/google/internal/externalaccount/aws_test.go
+++ b/google/internal/externalaccount/aws_test.go
@@ -638,6 +638,81 @@
}
}
+func TestAwsCredential_BasicRequestWithDefaultEnv(t *testing.T) {
+ server := createDefaultAwsTestServer()
+ ts := httptest.NewServer(server)
+
+ tfc := testFileConfig
+ tfc.CredentialSource = server.getCredentialSource(ts.URL)
+
+ oldGetenv := getenv
+ defer func() { getenv = oldGetenv }()
+ getenv = setEnvironment(map[string]string{
+ "AWS_ACCESS_KEY_ID": "AKIDEXAMPLE",
+ "AWS_SECRET_ACCESS_KEY": "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY",
+ "AWS_DEFAULT_REGION": "us-west-1",
+ })
+
+ base, err := tfc.parse(context.Background())
+ if err != nil {
+ t.Fatalf("parse() failed %v", err)
+ }
+
+ out, err := base.subjectToken()
+ if err != nil {
+ t.Fatalf("retrieveSubjectToken() failed: %v", err)
+ }
+ expected := getExpectedSubjectToken(
+ "https://sts.us-west-1.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15",
+ "us-west-1",
+ "AKIDEXAMPLE",
+ "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY",
+ "",
+ )
+
+ if got, want := out, expected; !reflect.DeepEqual(got, want) {
+ t.Errorf("subjectToken = %q, want %q", got, want)
+ }
+}
+
+func TestAwsCredential_BasicRequestWithTwoRegions(t *testing.T) {
+ server := createDefaultAwsTestServer()
+ ts := httptest.NewServer(server)
+
+ tfc := testFileConfig
+ tfc.CredentialSource = server.getCredentialSource(ts.URL)
+
+ oldGetenv := getenv
+ defer func() { getenv = oldGetenv }()
+ getenv = setEnvironment(map[string]string{
+ "AWS_ACCESS_KEY_ID": "AKIDEXAMPLE",
+ "AWS_SECRET_ACCESS_KEY": "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY",
+ "AWS_REGION": "us-west-1",
+ "AWS_DEFAULT_REGION": "us-east-1",
+ })
+
+ base, err := tfc.parse(context.Background())
+ if err != nil {
+ t.Fatalf("parse() failed %v", err)
+ }
+
+ out, err := base.subjectToken()
+ if err != nil {
+ t.Fatalf("retrieveSubjectToken() failed: %v", err)
+ }
+ expected := getExpectedSubjectToken(
+ "https://sts.us-west-1.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15",
+ "us-west-1",
+ "AKIDEXAMPLE",
+ "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY",
+ "",
+ )
+
+ if got, want := out, expected; !reflect.DeepEqual(got, want) {
+ t.Errorf("subjectToken = %q, want %q", got, want)
+ }
+}
+
func TestAwsCredential_RequestWithBadVersion(t *testing.T) {
server := createDefaultAwsTestServer()
ts := httptest.NewServer(server)
diff --git a/google/internal/externalaccount/urlcredsource_test.go b/google/internal/externalaccount/urlcredsource_test.go
index 8ade2a2..6a36d0d 100644
--- a/google/internal/externalaccount/urlcredsource_test.go
+++ b/google/internal/externalaccount/urlcredsource_test.go
@@ -7,7 +7,6 @@
import (
"context"
"encoding/json"
- "fmt"
"net/http"
"net/http/httptest"
"testing"
@@ -20,7 +19,6 @@
if r.Method != "GET" {
t.Errorf("Unexpected request method, %v is found", r.Method)
}
- fmt.Println(r.Header)
if r.Header.Get("Metadata") != "True" {
t.Errorf("Metadata header not properly included.")
}
