From dbea9b6205f4ac674aaf977e26730d588226a935 Mon Sep 17 00:00:00 2001 From: Emil Lerch Date: Mon, 2 Feb 2026 16:19:29 -0800 Subject: [PATCH] proper profile support --- build.zig.zon | 4 ++++ tools/build/src/deploy.zig | 5 ++--- tools/build/src/iam.zig | 12 ++++-------- 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/build.zig.zon b/build.zig.zon index 51c1e07..a31b7f3 100644 --- a/build.zig.zon +++ b/build.zig.zon @@ -9,6 +9,10 @@ .lambda_build = .{ .path = "tools/build", }, + .aws = .{ + .url = "git+https://git.lerch.org/lobo/aws-sdk-for-zig#686b18d1f4329e80cf6d9b916eaa0c231333edb9", + .hash = "aws-0.0.1-SbsFcAc3CgCdWfayHWFazNfJBxkzLyU2wOJSj7h4W17-", + }, }, // Specifies the set of files and directories that are included in this package. // Only files and directories listed here are included in the `hash` that diff --git a/tools/build/src/deploy.zig b/tools/build/src/deploy.zig index cb771d4..43be393 100644 --- a/tools/build/src/deploy.zig +++ b/tools/build/src/deploy.zig @@ -212,9 +212,6 @@ fn deployFunction(deploy_opts: DeployOptions, options: RunOptions) !void { return error.InvalidArchitecture; } - // Note: Profile is expected to be set via AWS_PROFILE env var before invoking this tool - // (e.g., via aws-vault exec) - // Get or create IAM role if not provided const role_arn = if (deploy_opts.role_arn) |r| try options.allocator.dupe(u8, r) @@ -244,6 +241,7 @@ fn deployFunction(deploy_opts: DeployOptions, options: RunOptions) !void { const aws_options = aws.Options{ .client = client, .region = region, + .credential_options = .{ .profile = .{ .profile_name = options.profile } }, }; // Convert arch string to Lambda format @@ -279,6 +277,7 @@ fn deployFunction(deploy_opts: DeployOptions, options: RunOptions) !void { .client = client, .region = region, .diagnostics = &create_diagnostics, + .credential_options = .{ .profile = .{ .profile_name = options.profile } }, }; const create_result = aws.Request(services.lambda.create_function).call(.{ diff --git a/tools/build/src/iam.zig b/tools/build/src/iam.zig index 3e94610..2f2c69f 100644 --- a/tools/build/src/iam.zig +++ b/tools/build/src/iam.zig @@ -58,9 +58,6 @@ fn printHelp(writer: *std.Io.Writer) void { /// Get or create an IAM role for Lambda execution /// Returns the role ARN pub fn getOrCreateRole(role_name: []const u8, options: RunOptions) ![]const u8 { - // Note: Profile is expected to be set via AWS_PROFILE env var before invoking this tool - // (e.g., via aws-vault exec) - var client = aws.Client.init(options.allocator, .{}); defer client.deinit(); @@ -73,12 +70,10 @@ pub fn getOrCreateRole(role_name: []const u8, options: RunOptions) ![]const u8 { .allocator = options.allocator, }; - const region = options.region orelse "us-east-1"; // IAM is global, but needs a region for signing - _ = region; - const aws_options = aws.Options{ .client = client, .diagnostics = &diagnostics, + .credential_options = .{ .profile = .{ .profile_name = options.profile } }, }; const get_result = aws.Request(services.iam.get_role).call(.{ @@ -87,7 +82,7 @@ pub fn getOrCreateRole(role_name: []const u8, options: RunOptions) ![]const u8 { defer diagnostics.deinit(); if (diagnostics.http_code == 404) { // Role doesn't exist, create it - return try createRole(options.allocator, role_name, client); + return try createRole(options.allocator, role_name, client, options.profile); } std.log.err("IAM GetRole failed: {} (HTTP {})", .{ err, diagnostics.http_code }); return error.IamGetRoleFailed; @@ -98,11 +93,12 @@ pub fn getOrCreateRole(role_name: []const u8, options: RunOptions) ![]const u8 { return try options.allocator.dupe(u8, get_result.response.role.arn); } -fn createRole(allocator: std.mem.Allocator, role_name: []const u8, client: aws.Client) ![]const u8 { +fn createRole(allocator: std.mem.Allocator, role_name: []const u8, client: aws.Client, profile: ?[]const u8) ![]const u8 { const services = aws.Services(.{.iam}){}; const aws_options = aws.Options{ .client = client, + .credential_options = .{ .profile = .{ .profile_name = profile } }, }; const assume_role_policy =