Merge pull request kelseyhightower#428 from bracki/fix_dynamodb_crede…

…ntials Fix DynamoDB credentials handling
ycaihua · Apr 1, 2016 · 6e198db · 6e198db
2 parents 705f2ee + fccd648
commit 6e198db
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 10 deletions.
diff --git a/backends/dynamodb/client.go b/backends/dynamodb/client.go
@@ -4,7 +4,6 @@ import (
 	"os"
 
 	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/dynamodb"
 	"github.com/kelseyhightower/confd/log"
@@ -21,14 +20,6 @@ type Client struct {
 // configured via the AWS_REGION environment variable.
 // It returns an error if the connection cannot be made or the table does not exist.
 func NewDynamoDBClient(table string) (*Client, error) {
-	creds := credentials.NewChainCredentials(
-		[]credentials.Provider{
-			&credentials.EnvProvider{},
-		})
-	_, err := creds.Get()
-	if err != nil {
-		return nil, err
-	}
 	var c *aws.Config
 	if os.Getenv("DYNAMODB_LOCAL") != "" {
 		log.Debug("DYNAMODB_LOCAL is set")
@@ -39,7 +30,17 @@ func NewDynamoDBClient(table string) (*Client, error) {
 	} else {
 		c = nil
 	}
-	d := dynamodb.New(session.New(), c)
+
+	session := session.New(c)
+
+	// Fail early, if no credentials can be found
+	_, err := session.Config.Credentials.Get()
+	if err != nil {
+		return nil, err
+	}
+
+	d := dynamodb.New(session)
+
 	// Check if the table exists
 	_, err = d.DescribeTable(&dynamodb.DescribeTableInput{TableName: &table})
 	if err != nil {

diff --git a/integration/dynamodb/test.sh b/integration/dynamodb/test.sh
@@ -57,10 +57,26 @@ aws dynamodb put-item --table-name confd --region eu-west-1 \
     --item '{ "key": { "S": "/prefix/upstream/app2" }, "value": {"S": "10.0.1.11:8080"}}' \
     --endpoint-url http://localhost:8000
 
+# Run confd, expect it to work
+confd --onetime --log-level debug --confdir ./integration/confdir --interval 5 --backend dynamodb --table confd
+if [ $? -ne 0 ]
+then
+        exit 1
+fi
+
 # Run confd with --watch, expecting it to fail
 confd --onetime --log-level debug --confdir ./integration/confdir --interval 5 --backend dynamodb --table confd --watch
 if [ $? -eq 0 ]
 then
         exit 1
 fi
+
+# Run confd without AWS credentials, expecting it to fail
+unset AWS_ACCESS_KEY_ID
+unset AWS_SECRET_ACCESS_KEY
+
 confd --onetime --log-level debug --confdir ./integration/confdir --interval 5 --backend dynamodb --table confd
+if [ $? -eq 0 ]
+then
+        exit 1
+fi