libstore: Put all the AWS credentials logic behind interface class AwsCredentialProvider

This makes it so we don't need to rely on global variables and hacky destructors to clean up another global variable. Just putting it in the correct order in the class is more than enough.
2025-11-20 09:19:36 +01:00 · 2025-10-16 21:13:04 +03:00 · 2025-10-16 21:13:04 +03:00 · dc03c6a812
commit dc03c6a812
parent b1d067c9bb
4 changed files with 69 additions and 89 deletions
--- a/src/libstore/filetransfer.cc
+++ b/src/libstore/filetransfer.cc
@ -883,22 +883,12 @@ void FileTransferRequest::setupForS3()
    if (usernameAuth) {
        debug("Using pre-resolved AWS credentials from parent process");
        sessionToken = preResolvedAwsSessionToken;
-    } else {
-        std::string profile = parsedS3.profile.value_or("");
-        try {
-            auto creds = getAwsCredentials(profile);
-            usernameAuth = UsernameAuth{
-                .username = creds.accessKeyId,
-                .password = creds.secretAccessKey,
-            };
-            sessionToken = creds.sessionToken;
-        } catch (const AwsAuthError & e) {
-            warn("AWS authentication failed for S3 request %s: %s", uri, e.what());
-            // Invalidate the cached credentials so next request will retry
-            invalidateAwsCredentials(profile);
-            // Continue without authentication - might be a public bucket
-            return;
-        }
+    } else if (auto creds = getAwsCredentialsProvider()->maybeGetCredentials(parsedS3)) {
+        usernameAuth = UsernameAuth{
+            .username = creds->accessKeyId,
+            .password = creds->secretAccessKey,
+        };
+        sessionToken = creds->sessionToken;
    }
    if (sessionToken)
        headers.emplace_back("x-amz-security-token", *sessionToken);