Merge pull request #117 from articulate/fix/aws-region

feat: add AWS_REGION to default env vars
articulate · Feb 7, 2023 · 8d04395 · 8d04395
2 parents c666f88 + c05d28f
commit 8d04395
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 9 deletions.
diff --git a/config.go b/config.go
@@ -6,6 +6,7 @@ type Config struct {
 	Service     string
 	Product     string
 	Environment string
+	Region      string
 }
 
 // ConsulPaths returns the paths from Consul to load

diff --git a/main.go b/main.go
@@ -25,12 +25,18 @@ func main() {
 		Service:     os.Getenv("SERVICE_NAME"),
 		Product:     os.Getenv("SERVICE_PRODUCT"),
 		Environment: os.Getenv("SERVICE_ENV"),
+		Region:      os.Getenv("AWS_REGION"),
+	}
+
+	if cfg.Region == "" {
+		cfg.Region = "us-east-1"
 	}
 
 	logger := log.With().
 		Str("env", cfg.Environment).
 		Str("service", cfg.Service).
 		Str("product", cfg.Product).
+		Str("region", cfg.Region).
 		Logger()
 
 	// handles peer environments (peer-some-thing => peer), which loads stage vars
@@ -48,6 +54,7 @@ func main() {
 		logger.Warn().Err(err).Msg("Cannot determine PWD")
 	}
 	env.Add("PWD", pwd)
+	env.Add("AWS_REGION", cfg.Region)
 
 	if addr := os.Getenv("CONSUL_ADDR"); addr != "" {
 		env.Merge(loadConsul(addr, cfg, logger))
@@ -86,7 +93,7 @@ func loadConsul(addr string, c Config, l zerolog.Logger) Dict {
 func loadVault(ctx context.Context, addr string, c Config, l zerolog.Logger) Dict {
 	l.Debug().Msg("Loading values from Vault")
 
-	client, err := NewVault(addr)
+	client, err := NewVault(addr, c.Region)
 	if err != nil {
 		l.Fatal().Err(err).Str("addr", addr).Msg("Could not connect to Vault")
 	}

diff --git a/vault.go b/vault.go
@@ -17,10 +17,11 @@ const k8sTokenFile = "/var/run/secrets/kubernetes.io/serviceaccount/token" //nol
 // Vault is a client for fetching values from Vault
 type Vault struct {
 	client *api.Client
+	region string
 }
 
 // NewVault returns a new Vault client
-func NewVault(addr string) (*Vault, error) {
+func NewVault(addr, region string) (*Vault, error) {
 	cfg := api.DefaultConfig()
 	cfg.Address = addr
 
@@ -29,7 +30,7 @@ func NewVault(addr string) (*Vault, error) {
 		return nil, fmt.Errorf("could not connect to %s: %w", addr, err)
 	}
 
-	return &Vault{client}, nil
+	return &Vault{client, region}, nil
 }
 
 // Authenticate authenticates the client with Vault
@@ -73,12 +74,7 @@ func (v *Vault) getAuthMethod(role string) (api.AuthMethod, error) {
 		return nil, nil
 	}
 
-	region := os.Getenv("AWS_REGION")
-	if region == "" {
-		region = "us-east-1"
-	}
-
-	auth, err := aws.NewAWSAuth(aws.WithRegion(region), aws.WithRole(role))
+	auth, err := aws.NewAWSAuth(aws.WithRegion(v.region), aws.WithRole(role))
 	if err != nil {
 		return nil, fmt.Errorf("could not authenticate with IAM: %w", err)
 	}