From e4eed1e702e2fb77cff9bfd5169a85fce7c77dab Mon Sep 17 00:00:00 2001
From: Sam O'Connor <sam@octech.com.au>
Date: Sun, 20 Dec 2015 21:51:26 +1100
Subject: [PATCH] credentials handling tweaks

---
 src/OCAWS.jl  | 66 +++++++++++++++++++++++++++++++++++++--------------
 src/http.jl   |  1 +
 src/lambda.jl |  5 +---
 3 files changed, 50 insertions(+), 22 deletions(-)

diff --git a/src/OCAWS.jl b/src/OCAWS.jl
index 8cd5bb2..b7c31a1 100644
--- a/src/OCAWS.jl
+++ b/src/OCAWS.jl
@@ -17,7 +17,25 @@ include("AWSException.jl")
 
 
 export sqs, sns, ec2, iam, sdb, s3,
-       AWSRequest
+       AWSConfig, aws_config, AWSRequest
+
+typealias AWSConfig SymDict
+
+function aws_config(;access_key_id=nothing,
+                     secret_key=nothing,
+                     region="us-east-1",
+                     args...)
+
+    config = SymDict(args)
+    config[:region] = region
+    if access_key_id != nothing
+        config[:creds] = @symdict(access_key_id, secret_key)
+    else
+        config[:creds] = SymDict()
+    end
+    return config
+end
+
 
 
 #------------------------------------------------------------------------------#
@@ -46,7 +64,7 @@ typealias AWSRequest SymDict
 #     :service  => "sdb"
 # )
 
-function post_request(aws::AWSRequest,
+function post_request(aws::AWSConfig,
                       service::ASCIIString,
                       version::ASCIIString,
                       query::StrDict)
@@ -83,7 +101,7 @@ include("sign.jl")
 function do_request(r::AWSRequest)
 
     # Try request 3 times to deal with possible Redirect and ExiredToken...
-    @repeat 3 try 
+    @repeat 3 try
 
         # Configure default headers...
         if !haskey(r, :headers)
@@ -92,12 +110,12 @@ function do_request(r::AWSRequest)
         r[:headers]["User-Agent"] = "JuliaAWS.jl/0.0.0"
         r[:headers]["Host"]       = URI(r[:url]).host
         if !haskey(r[:headers], "Content-Type") && r[:verb] == "POST"
-            r[:headers]["Content-Type"] = 
+            r[:headers]["Content-Type"] =
                 "application/x-www-form-urlencoded; charset=utf-8"
         end
 
         # Load local system credentials if needed...
-        if !haskey(r[:creds], :access_key_id)
+        if !haskey(r, :creds) || !haskey(r[:creds], :access_key_id)
             update_instance_credentials!(r[:creds])
         end
 
@@ -225,7 +243,7 @@ export localhost_is_ec2, ec2_metadata, ec2_get_instance_credentials
 ec2(aws; args...) = do_request(post(aws, "ec2", "2014-02-01", StrDict(args)))
 
 
-function localhost_is_ec2() 
+function localhost_is_ec2()
 
     if localhost_is_lambda()
         return false
@@ -250,7 +268,7 @@ function ec2_metadata(key)
 end
 
 
-function update_ec2_instance_credentials!(aws)
+function update_ec2_instance_credentials!(creds)
 
     @assert localhost_is_ec2()
 
@@ -258,13 +276,13 @@ function update_ec2_instance_credentials!(aws)
     info  = JSON.parse(info)
 
     name  = ec2_metadata("iam/security-credentials/")
-    creds = ec2_metadata("iam/security-credentials/$name")
-    creds = JSON.parse(creds)
+    new_creds = ec2_metadata("iam/security-credentials/$name")
+    new_creds = JSON.parse(new_creds)
 
-    aws[:access_key_id] = creds["AccessKeyId"]
-    aws[:secret_key]    = creds["SecretAccessKey"]
-    aws[:token]         = creds["Token"]
-    aws[:user_arn]      = info["InstanceProfileArn"]
+    creds[:access_key_id] = new_creds["AccessKeyId"]
+    creds[:secret_key]    = new_creds["SecretAccessKey"]
+    creds[:token]         = new_creds["Token"]
+    creds[:user_arn]      = info["InstanceProfileArn"]
 end
 
 
@@ -273,18 +291,30 @@ end
 # Lambda Metadata
 #------------------------------------------------------------------------------#
 
+using IniFile
 
 localhost_is_lambda() = haskey(ENV, "LAMBDA_TASK_ROOT")
 
 
-function update_instance_credentials!(aws)
+function update_instance_credentials!(creds)
 
     if localhost_is_ec2()
+
         update_ec2_instance_credentials!(aws)
-    else 
-        aws[:access_key_id] = ENV["AWS_ACCESS_KEY_ID"]
-        aws[:secret_key]    = ENV["AWS_SECRET_ACCESS_KEY"]
-        aws[:token]         = ENV["AWS_SESSION_TOKEN"]
+
+    elseif haskey(ENV, "AWS_ACCESS_KEY_ID")
+
+        creds[:access_key_id] = ENV["AWS_ACCESS_KEY_ID"]
+        creds[:secret_key]    = ENV["AWS_SECRET_ACCESS_KEY"]
+        creds[:token]         = ENV["AWS_SESSION_TOKEN"]
+
+    elseif isfile("$(ENV["HOME"])/.aws/credentials")
+
+        ini = read(Inifile(), "$(ENV["HOME"])/.aws/credentials")
+
+        creds[:access_key_id] = get(ini, "default", "aws_access_key_id")
+        creds[:secret_key]    = get(ini, "default", "aws_secret_access_key")
+        delete!(creds, :token)
     end
 end
 
diff --git a/src/http.jl b/src/http.jl
index 0060075..dbffcc2 100644
--- a/src/http.jl
+++ b/src/http.jl
@@ -38,6 +38,7 @@ end
 function http_attempt(request::Request, return_stream=false)
 
     #println("$(request.method) $(request.uri)")
+    #println(request.headers)
     #println(bytestring(request.data))
 
     # Start HTTP transaction...
diff --git a/src/lambda.jl b/src/lambda.jl
index 260a242..320fa7f 100644
--- a/src/lambda.jl
+++ b/src/lambda.jl
@@ -337,7 +337,6 @@ end
 # @lambda deploys an AWS Lambda that contains the body of the Julia function.
 # It then rewrites the local Julia function to call invocke_lambda().
 
-
 macro lambda(aws::Symbol, f::Expr)
 
     @assert f.head == :function
@@ -377,12 +376,10 @@ macro lambda(aws::Symbol, f::Expr)
 
     f.args[2] = quote
         jl_data = serialize64($(Expr(:tuple, args...)))
-        r = invoke_lambda($aws, $name, @symdict(jl_data))
+        r = invoke_lambda($aws, $name, Dict(:jl_data => jl_data))
         try 
             return deserialize64(r[:jl_data])
-        catch
         end
-
         return r
     end