Merge pull request #175 from miketheman/miketheman/allow-missing-aws
Add flag to detect-aws-credentials to allow missing keys
diff --git a/pre_commit_hooks/detect_aws_credentials.py b/pre_commit_hooks/detect_aws_credentials.py
index b0826ca..42758f0 100644
--- a/pre_commit_hooks/detect_aws_credentials.py
+++ b/pre_commit_hooks/detect_aws_credentials.py
@@ -95,6 +95,12 @@
'secret keys from'
)
)
+ parser.add_argument(
+ '--allow-missing-credentials',
+ dest='allow_missing_credentials',
+ action='store_true',
+ help='Allow hook to pass when no credentials are detected.'
+ )
args = parser.parse_args(argv)
credential_files = set(args.credential_files)
@@ -111,6 +117,9 @@
# the set of keys.
keys |= get_aws_secrets_from_env()
+ if not keys and args.allow_missing_credentials:
+ return 0
+
if not keys:
print(
'No AWS keys were found in the configured credential files and '
diff --git a/tests/detect_aws_credentials_test.py b/tests/detect_aws_credentials_test.py
index 9c2fda7..943a3f8 100644
--- a/tests/detect_aws_credentials_test.py
+++ b/tests/detect_aws_credentials_test.py
@@ -130,3 +130,17 @@
'and environment variables.\nPlease ensure you have the '
'correct setting for --credentials-file\n'
)
+
+
+@patch('pre_commit_hooks.detect_aws_credentials.get_aws_secrets_from_file')
+@patch('pre_commit_hooks.detect_aws_credentials.get_aws_secrets_from_env')
+def test_non_existent_credentials_with_allow_flag(mock_secrets_env, mock_secrets_file):
+ """Test behavior with no configured AWS secrets and flag to allow when missing."""
+ mock_secrets_env.return_value = set()
+ mock_secrets_file.return_value = set()
+ ret = main((
+ get_resource_path('aws_config_without_secrets.ini'),
+ "--credentials-file=testing/resources/credentailsfilethatdoesntexist",
+ "--allow-missing-credentials"
+ ))
+ assert ret == 0
