fix: registry commands respect AWS_CONFIG_FILE

pkg/granted/registry/ini.go

@@ -4,29 +4,16 @@ import (
 	"fmt"
 	"os"
 	"path"
-	"path/filepath"
 
 	"github.com/common-fate/clio"
+	"github.com/fwdcloudsec/granted/pkg/cfaws"
 	"gopkg.in/ini.v1"
 )
 
-// Find the ~/.aws/config absolute path based on OS.
-func getDefaultAWSConfigLocation() (string, error) {
-	h, err := os.UserHomeDir()
-	if err != nil {
-		return "", err
-	}
-
-	configPath := filepath.Join(h, ".aws", "config")
-	return configPath, nil
-}
-
-// loadAWSConfigFile loads the `~/.aws/config` file, and creates it if it doesn't exist.
+// loadAWSConfigFile loads the AWS config file, and creates it if it doesn't exist.
+// It respects the AWS_CONFIG_FILE environment variable.
 func loadAWSConfigFile() (*ini.File, string, error) {
-	filepath, err := getDefaultAWSConfigLocation()
-	if err != nil {
-		return nil, "", err
-	}
+	filepath := cfaws.GetAWSConfigPath()
 
 	if _, err := os.Stat(filepath); os.IsNotExist(err) {
 		clio.Infof("created AWS config file: %s", filepath)

pkg/granted/registry/ini_test.go

@@ -0,0 +1,43 @@
+package registry
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestLoadAWSConfigFile_RespectsEnvVar(t *testing.T) {
+	// Create a temp dir with an AWS config file
+	tmpDir := t.TempDir()
+	customConfigPath := filepath.Join(tmpDir, "custom-aws-config")
+	err := os.WriteFile(customConfigPath, []byte("[profile test]\nregion = us-east-1\n"), 0600)
+	assert.NoError(t, err)
+
+	t.Setenv("AWS_CONFIG_FILE", customConfigPath)
+
+	cfg, path, err := loadAWSConfigFile()
+	assert.NoError(t, err)
+	assert.Equal(t, customConfigPath, path)
+	assert.NotNil(t, cfg)
+
+	// Verify it loaded the correct file
+	sec, err := cfg.GetSection("profile test")
+	assert.NoError(t, err)
+	assert.Equal(t, "us-east-1", sec.Key("region").String())
+}
+
+func TestLoadAWSConfigFile_DefaultPath(t *testing.T) {
+	// Sandbox HOME: loadAWSConfigFile auto-creates ~/.aws/config when missing,
+	// so without this it would touch the real user's home dir on a fresh machine.
+	tmpHome := t.TempDir()
+	t.Setenv("HOME", tmpHome)
+	t.Setenv("AWS_CONFIG_FILE", "")
+
+	_, path, err := loadAWSConfigFile()
+	assert.NoError(t, err)
+	// Exact match — a substring check would also pass for unrelated paths
+	// like "/foo/.aws/config-backup".
+	assert.Equal(t, filepath.Join(tmpHome, ".aws", "config"), path)
+}

pkg/granted/settings/set.go

@@ -188,7 +188,7 @@ func FieldOptions(cfg any) map[string]Field {
 	configValue := reflect.ValueOf(cfg)
 
 	// Check if cfg is a pointer to a struct
-	if configType.Kind() == reflect.Ptr && configType.Elem().Kind() == reflect.Struct {
+	if configType.Kind() == reflect.Pointer && configType.Elem().Kind() == reflect.Struct {
 		configType = configType.Elem()
 		configValue = configValue.Elem()
 	} else if configType.Kind() != reflect.Struct {
@@ -212,7 +212,7 @@ func FieldOptions(cfg any) map[string]Field {
 			}
 
 			//subfield structs reflect as a pointer
-			if kind == reflect.Ptr {
+			if kind == reflect.Pointer {
 				// Dereference the pointer to get the underlying value
 				if !fieldValue.IsNil() {
 					fieldValue = fieldValue.Elem()