From ca85bc0cbada546bbf080d9ea41bd94bb748f130 Mon Sep 17 00:00:00 2001
From: Sameer Sharma <sameersharma@yelp.com>
Date: Tue, 2 Jul 2024 13:49:15 +0100
Subject: [PATCH] SEC-19136 | prefer boto3 session over aws profile and then
 service boto creds

---
 service_configuration_lib/spark_config.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/service_configuration_lib/spark_config.py b/service_configuration_lib/spark_config.py
index 72f74d4..db39de0 100644
--- a/service_configuration_lib/spark_config.py
+++ b/service_configuration_lib/spark_config.py
@@ -148,8 +148,13 @@ def get_aws_credentials(
             session['Credentials']['SecretAccessKey'],
             session['Credentials']['SessionToken'],
         )
+    # use the boto3 session if provided
+    elif session:
+        return use_aws_profile(session=session)
+    # use the aws profile if provided
     elif profile_name:
-        return use_aws_profile(profile_name=profile_name, session=session)
+        return use_aws_profile(profile_name=profile_name)
+    # use the service specific boto creds if boto3 session or aws profile is not provided
     elif service != DEFAULT_SPARK_SERVICE:
         service_credentials_path = os.path.join(AWS_CREDENTIALS_DIR, f'{service}.yaml')
         if os.path.exists(service_credentials_path):
@@ -159,8 +164,8 @@ def get_aws_credentials(
                 f'Did not find service AWS credentials at {service_credentials_path}. '
                 'Falling back to user credentials.',
             )
-
-    return use_aws_profile(session=session)
+    # try to get default aws profile creds if nothing else is provided
+    return use_aws_profile()
 
 
 def use_aws_profile(