Copy credentials source + add default region

gravitational · Nov 14, 2024 · 929666d · 929666d
1 parent 00af620
commit 929666d
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 19 deletions.
diff --git a/lib/cloud/aws/config/config.go b/lib/cloud/aws/config/config.go
@@ -26,10 +26,21 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/sts"
 	"github.com/gravitational/trace"
 
-	"github.com/gravitational/teleport/lib/cloud"
 	"github.com/gravitational/teleport/lib/modules"
 )
 
+const defaultRegion = "us-east-1"
+
+// credentialsSource defines where the credentials must come from.
+type credentialsSource int
+
+const (
+	// credentialsSourceAmbient uses the default Cloud SDK method to load the credentials.
+	credentialsSourceAmbient = iota + 1
+	// credentialsSourceIntegration uses an Integration to load the credentials.
+	credentialsSourceIntegration
+)
+
 // AWSIntegrationSessionProvider defines a function that creates a credential provider from a region and an integration.
 // This is used to generate aws configs for clients that must use an integration instead of ambient credentials.
 type AWSIntegrationCredentialProvider func(ctx context.Context, region, integration string) (aws.CredentialsProvider, error)
@@ -45,7 +56,7 @@ type awsOptions struct {
 	// assumeRoleExternalID is used to assume an external AWS IAM Role.
 	assumeRoleExternalID string
 	// credentialsSource describes which source to use to fetch credentials.
-	credentialsSource cloud.CredentialsSource
+	credentialsSource credentialsSource
 	// integration is the name of the integration to be used to fetch the credentials.
 	integration string
 	// awsIntegrationCredentialsProvider is the integration credential provider to use.
@@ -58,11 +69,11 @@ type awsOptions struct {
 
 func (a *awsOptions) checkAndSetDefaults() error {
 	switch a.credentialsSource {
-	case cloud.CredentialsSourceAmbient:
+	case credentialsSourceAmbient:
 		if a.integration != "" {
 			return trace.BadParameter("integration and ambient credentials cannot be used at the same time")
 		}
-	case cloud.CredentialsSourceIntegration:
+	case credentialsSourceIntegration:
 		if a.integration == "" {
 			return trace.BadParameter("missing integration name")
 		}
@@ -114,15 +125,15 @@ func WithCredentialsMaybeIntegration(integration string) AWSOptionsFn {
 // This prevents the usage of AWS environment credentials.
 func withIntegrationCredentials(integration string) AWSOptionsFn {
 	return func(options *awsOptions) {
-		options.credentialsSource = cloud.CredentialsSourceIntegration
+		options.credentialsSource = credentialsSourceIntegration
 		options.integration = integration
 	}
 }
 
 // WithAmbientCredentials configures options to use the ambient credentials.
 func WithAmbientCredentials() AWSOptionsFn {
 	return func(options *awsOptions) {
-		options.credentialsSource = cloud.CredentialsSourceAmbient
+		options.credentialsSource = credentialsSourceAmbient
 	}
 }
 
@@ -162,6 +173,7 @@ func awsAmbientConfigProvider(region string, cred aws.CredentialsProvider, optio
 
 func buildAWSConfigOptions(region string, cred aws.CredentialsProvider, options awsOptions) []func(*config.LoadOptions) error {
 	opts := []func(*config.LoadOptions) error{
+		config.WithDefaultRegion(defaultRegion),
 		config.WithRegion(region),
 		config.WithCredentialsProvider(cred),
 	}
@@ -184,7 +196,7 @@ func getAWSConfigForRegion(ctx context.Context, region string, options awsOption
 	}
 
 	var cred aws.CredentialsProvider
-	if options.credentialsSource == cloud.CredentialsSourceIntegration {
+	if options.credentialsSource == credentialsSourceIntegration {
 		if options.awsIntegrationCredentialsProvider == nil {
 			return aws.Config{}, trace.BadParameter("missing aws integration credential provider")
 		}

diff --git a/lib/cloud/clients.go b/lib/cloud/clients.go
@@ -362,14 +362,14 @@ type azureClients struct {
 	azureRunCommandClients azure.ClientMap[azure.RunCommandClient]
 }
 
-// CredentialsSource defines where the credentials must come from.
-type CredentialsSource int
+// credentialsSource defines where the credentials must come from.
+type credentialsSource int
 
 const (
-	// CredentialsSourceAmbient uses the default Cloud SDK method to load the credentials.
-	CredentialsSourceAmbient = iota + 1
-	// CredentialsSourceIntegration uses an Integration to load the credentials.
-	CredentialsSourceIntegration
+	// credentialsSourceAmbient uses the default Cloud SDK method to load the credentials.
+	credentialsSourceAmbient = iota + 1
+	// credentialsSourceIntegration uses an Integration to load the credentials.
+	credentialsSourceIntegration
 )
 
 // awsOptions a struct of additional options for assuming an AWS role
@@ -384,7 +384,7 @@ type awsOptions struct {
 	assumeRoleExternalID string
 
 	// credentialsSource describes which source to use to fetch credentials.
-	credentialsSource CredentialsSource
+	credentialsSource credentialsSource
 
 	// integration is the name of the integration to be used to fetch the credentials.
 	integration string
@@ -398,11 +398,11 @@ type awsOptions struct {
 
 func (a *awsOptions) checkAndSetDefaults() error {
 	switch a.credentialsSource {
-	case CredentialsSourceAmbient:
+	case credentialsSourceAmbient:
 		if a.integration != "" {
 			return trace.BadParameter("integration and ambient credentials cannot be used at the same time")
 		}
-	case CredentialsSourceIntegration:
+	case credentialsSourceIntegration:
 		if a.integration == "" {
 			return trace.BadParameter("missing integration name")
 		}
@@ -470,15 +470,15 @@ func WithCredentialsMaybeIntegration(integration string) AWSOptionsFn {
 // This prevents the usage of AWS environment credentials.
 func withIntegrationCredentials(integration string) AWSOptionsFn {
 	return func(options *awsOptions) {
-		options.credentialsSource = CredentialsSourceIntegration
+		options.credentialsSource = credentialsSourceIntegration
 		options.integration = integration
 	}
 }
 
 // WithAmbientCredentials configures options to use the ambient credentials.
 func WithAmbientCredentials() AWSOptionsFn {
 	return func(options *awsOptions) {
-		options.credentialsSource = CredentialsSourceAmbient
+		options.credentialsSource = credentialsSourceAmbient
 	}
 }
 
@@ -791,7 +791,7 @@ func (c *cloudClients) getAWSSessionForRegion(region string, opts awsOptions) (*
 	}
 
 	sess, err := utils.FnCacheGet(context.Background(), c.awsSessionsCache, cacheKey, func(ctx context.Context) (*awssession.Session, error) {
-		if opts.credentialsSource == CredentialsSourceIntegration {
+		if opts.credentialsSource == credentialsSourceIntegration {
 			if c.awsIntegrationSessionProviderFn == nil {
 				return nil, trace.BadParameter("missing aws integration session provider")
 			}