From 2f87a133a28b35d237631bef1a2afc44664b565f Mon Sep 17 00:00:00 2001 From: Yurii Polishchuk Date: Mon, 9 Mar 2026 18:20:40 +0100 Subject: [PATCH] fix: registry commands now respect AWS_CONFIG_FILE environment variable granted registry add/sync/remove/setup ignored the AWS_CONFIG_FILE environment variable and always wrote to ~/.aws/config. The assume command was fixed for this in #229, but registry commands were missed. This change reuses cfaws.GetAWSConfigPath() which already handles AWS_CONFIG_FILE correctly, consistent with AWS CLI behavior: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html --- pkg/granted/registry/ini.go | 14 +++---- pkg/granted/registry/ini_test.go | 70 ++++++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+), 9 deletions(-) create mode 100644 pkg/granted/registry/ini_test.go diff --git a/pkg/granted/registry/ini.go b/pkg/granted/registry/ini.go index 916c08c1..ef031bc3 100644 --- a/pkg/granted/registry/ini.go +++ b/pkg/granted/registry/ini.go @@ -4,21 +4,17 @@ import ( "fmt" "os" "path" - "path/filepath" "github.com/common-fate/clio" + "github.com/fwdcloudsec/granted/pkg/cfaws" "gopkg.in/ini.v1" ) -// Find the ~/.aws/config absolute path based on OS. +// getDefaultAWSConfigLocation returns the AWS config file path, +// respecting the AWS_CONFIG_FILE environment variable per +// https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html func getDefaultAWSConfigLocation() (string, error) { - h, err := os.UserHomeDir() - if err != nil { - return "", err - } - - configPath := filepath.Join(h, ".aws", "config") - return configPath, nil + return cfaws.GetAWSConfigPath(), nil } // loadAWSConfigFile loads the `~/.aws/config` file, and creates it if it doesn't exist. diff --git a/pkg/granted/registry/ini_test.go b/pkg/granted/registry/ini_test.go new file mode 100644 index 00000000..956841e9 --- /dev/null +++ b/pkg/granted/registry/ini_test.go @@ -0,0 +1,70 @@ +package registry + +import ( + "os" + "path/filepath" + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestGetDefaultAWSConfigLocation(t *testing.T) { + tests := []struct { + name string + envValue string + wantCustom bool + }{ + { + name: "uses AWS_CONFIG_FILE when set", + envValue: "/custom/path/config", + wantCustom: true, + }, + { + name: "falls back to default when not set", + envValue: "", + wantCustom: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Setenv("AWS_CONFIG_FILE", tt.envValue) + + got, err := getDefaultAWSConfigLocation() + assert.NoError(t, err) + if tt.wantCustom { + assert.Equal(t, tt.envValue, got) + } else { + assert.Contains(t, got, ".aws/config") + } + }) + } +} + +func TestLoadAWSConfigFile_RespectsEnvVar(t *testing.T) { + // Create a temp dir with an AWS config file + tmpDir := t.TempDir() + customConfigPath := filepath.Join(tmpDir, "custom-aws-config") + err := os.WriteFile(customConfigPath, []byte("[profile test]\nregion = us-east-1\n"), 0600) + assert.NoError(t, err) + + t.Setenv("AWS_CONFIG_FILE", customConfigPath) + + cfg, path, err := loadAWSConfigFile() + assert.NoError(t, err) + assert.Equal(t, customConfigPath, path) + assert.NotNil(t, cfg) + + // Verify it loaded the correct file + sec, err := cfg.GetSection("profile test") + assert.NoError(t, err) + assert.Equal(t, "us-east-1", sec.Key("region").String()) +} + +func TestLoadAWSConfigFile_DefaultPath(t *testing.T) { + t.Setenv("AWS_CONFIG_FILE", "") + + _, path, err := loadAWSConfigFile() + assert.NoError(t, err) + assert.Contains(t, path, ".aws/config") +}