[fix] Don't merge individual aws config sections, rather replace them (…

…#68)
chanzuckerberg · Jul 27, 2020 · 37ea434 · 37ea434
1 parent f3f29e5
commit 37ea434
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 0 deletions.
diff --git a/pkg/aws_config_client/writers.go b/pkg/aws_config_client/writers.go
@@ -93,6 +93,16 @@ func (a *AWSConfigSTDOUTWriter) Write(p []byte) (int, error) {
 }
 
 func mergeAWSConfigs(new *ini.File, old *ini.File) (*ini.File, error) {
+	// first, delete all overlapping sections
+	for _, section := range new.Sections() {
+		// skip over the default section
+		if section.Name() == "DEFAULT" {
+			continue
+		}
+
+		old.DeleteSection(section.Name())
+	}
+
 	baseBytes := bytes.NewBuffer(nil)
 	newAWSProfileBytes := bytes.NewBuffer(nil)
 	_, err := new.WriteTo(newAWSProfileBytes)

diff --git a/pkg/aws_config_client/writers_test.go b/pkg/aws_config_client/writers_test.go
@@ -10,6 +10,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/require"
+	"gopkg.in/ini.v1"
 )
 
 func TestAWSConfigFileWriter(t *testing.T) {
@@ -38,3 +39,54 @@ func TestAWSConfigFileWriter(t *testing.T) {
 
 	r.Equal(expectedData, readData)
 }
+
+func TestMergeAWSConfigs(t *testing.T) {
+	r := require.New(t)
+
+	old := `
+[profile source]
+region = us-west-2
+output = json
+
+
+[profile foo]
+role_arn           = arn:aws:iam::01234567890:role/foo
+source_profile     = czi-id
+region             = us-west-2
+output             = json
+credential_process = aws-oidc creds-process --issuer-url=foo --client-id=foo --aws-role-arn=arn:aws:iam::01234567890:role/foo
+`
+
+	new := `
+[profile foo]
+region             = us-west-2
+output             = json
+credential_process = aws-oidc creds-process --issuer-url=foo --client-id=foo --aws-role-arn=arn:aws:iam::01234567890:role/foo
+`
+
+	expected := `[profile source]
+region = us-west-2
+output = json
+
+[profile foo]
+region             = us-west-2
+output             = json
+credential_process = aws-oidc creds-process --issuer-url=foo --client-id=foo --aws-role-arn=arn:aws:iam::01234567890:role/foo
+
+`
+
+	oldINI, err := ini.Load([]byte(old))
+	r.NoError(err)
+
+	newINI, err := ini.Load([]byte(new))
+	r.NoError(err)
+
+	resultINI, err := mergeAWSConfigs(newINI, oldINI)
+	r.NoError(err)
+
+	result := bytes.NewBuffer(nil)
+	_, err = resultINI.WriteTo(result)
+	r.NoError(err)
+
+	r.Equal(expected, result.String())
+}