fromIni function
Creates a credential provider that will read from ini files and supports role assumption and multi-factor authentication.
Implementation
Future<AwsClientCredentials?> fromIni({
bool preferStaticCredentials = false,
Client? client,
String? preferredProfile,
}) async {
final environment = Platform.environment;
final profiles = _getProfilesFromSharedConfig();
final profileName =
preferredProfile ?? environment['AWS_PROFILE'] ?? 'default';
final profile = profiles?[profileName];
if (profile == null) {
return null;
}
final secretKey =
profile['aws_secret_access_key'] ?? profile['aws_access_secret_key'];
final accessKey = profile['aws_access_key_id'];
/*
In the CLI, the presence of both a role_arn and static credentials have
different meanings depending on how many profiles have been visited. For
the first profile processed, role_arn takes precedence over any static
credentials, but for all subsequent profiles, static credentials are
used if present, and only in their absence will the profile's
source_profile and role_arn keys be used to load another set of
credentials. This var is intended to yield compatible behaviour in this
sdk.
*/
final preferStaticCredentialsToRoleArn =
preferStaticCredentials && secretKey != null && accessKey != null;
if (profile['role_arn'] != null && !preferStaticCredentialsToRoleArn) {
return _loadRoleProfile(profiles!, profile, profileName, client);
}
if (secretKey == null) {
print('profile [$profileName] does not contain "aws_secret_access_key"');
return null;
}
if (accessKey == null) {
print('profile [$profileName] does not contain "aws_access_key_id"');
return null;
}
final sessionToken = profile['aws_session_token'];
return AwsClientCredentials(
accessKey: accessKey,
secretKey: secretKey,
sessionToken: sessionToken,
);
}