From 446e8485b3e4b98ac456704aa23291cb672069e5 Mon Sep 17 00:00:00 2001
From: Adam Smith <zero1three@gmail.com>
Date: Wed, 13 Jun 2018 21:18:21 -0700
Subject: [PATCH 1/3] if user does not explicitly set Access Key ID and Secret
 Access Key then use boto3's methods as fallback

---
 octodns/provider/route53.py            | 19 ++++++++++++-------
 tests/test_octodns_provider_route53.py | 17 +++++++++++++++++
 2 files changed, 29 insertions(+), 7 deletions(-)

diff --git a/octodns/provider/route53.py b/octodns/provider/route53.py
index 502fa9f..afdebe1 100644
--- a/octodns/provider/route53.py
+++ b/octodns/provider/route53.py
@@ -232,12 +232,14 @@ class Route53Provider(BaseProvider):
     # health check config.
     HEALTH_CHECK_VERSION = '0001'
 
-    def __init__(self, id, access_key_id, secret_access_key, max_changes=1000,
-                 client_max_attempts=None, *args, **kwargs):
+    def __init__(self, id, access_key_id=None, secret_access_key=None,
+                 max_changes=1000, client_max_attempts=None, *args, **kwargs):
         self.max_changes = max_changes
+        _msg = 'access_key_id={}, secret_access_key=***'.format(access_key_id)
+        if access_key_id is None and secret_access_key is None:
+            _msg = 'auth=fallback'
         self.log = logging.getLogger('Route53Provider[{}]'.format(id))
-        self.log.debug('__init__: id=%s, access_key_id=%s, '
-                       'secret_access_key=***', id, access_key_id)
+        self.log.debug('__init__: id=%s, %s', id, _msg)
         super(Route53Provider, self).__init__(id, *args, **kwargs)
 
         config = None
@@ -246,9 +248,12 @@ class Route53Provider(BaseProvider):
                           client_max_attempts)
             config = Config(retries={'max_attempts': client_max_attempts})
 
-        self._conn = client('route53', aws_access_key_id=access_key_id,
-                            aws_secret_access_key=secret_access_key,
-                            config=config)
+        if access_key_id is None and secret_access_key is None:
+            self._conn = client('route53', config=config)
+        else:
+            self._conn = client('route53', aws_access_key_id=access_key_id,
+                                aws_secret_access_key=secret_access_key,
+                                config=config)
 
         self._r53_zones = None
         self._r53_rrsets = {}
diff --git a/tests/test_octodns_provider_route53.py b/tests/test_octodns_provider_route53.py
index aec31cb..75ee991 100644
--- a/tests/test_octodns_provider_route53.py
+++ b/tests/test_octodns_provider_route53.py
@@ -167,6 +167,23 @@ class TestRoute53Provider(TestCase):
 
         return (provider, stubber)
 
+    def _get_stubbed_fallback_auth_provider(self):
+        provider = Route53Provider('test')
+
+        # Use the stubber
+        stubber = Stubber(provider._conn)
+        stubber.activate()
+
+        return (provider, stubber)
+
+    def test_populate_with_fallback(self):
+        provider, stubber = self._get_stubbed_fallback_auth_provider()
+
+        got = Zone('unit.tests.', [])
+        with self.assertRaises(ClientError):
+            stubber.add_client_error('list_hosted_zones')
+            provider.populate(got)
+
     def test_populate(self):
         provider, stubber = self._get_stubbed_provider()
 

From 16eda53eb37453336c5b1d6a06146725bf585a51 Mon Sep 17 00:00:00 2001
From: Adam Smith <zero1three@gmail.com>
Date: Wed, 13 Jun 2018 21:24:29 -0700
Subject: [PATCH 2/3] add note about fallback authentication for route53
 provider

---
 octodns/provider/route53.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/octodns/provider/route53.py b/octodns/provider/route53.py
index afdebe1..50c734c 100644
--- a/octodns/provider/route53.py
+++ b/octodns/provider/route53.py
@@ -217,11 +217,14 @@ class Route53Provider(BaseProvider):
 
     route53:
         class: octodns.provider.route53.Route53Provider
-        # The AWS access key id (required)
+        # The AWS access key id
         access_key_id:
-        # The AWS secret access key (required)
+        # The AWS secret access key
         secret_access_key:
 
+    Alternatively, you may leave out access_key_id and secret_access_key,
+    this will result in boto3 deciding authentication dynamically.
+
     In general the account used will need full permissions on Route53.
     '''
     SUPPORTS_GEO = True

From 18e644918b869b3255a4ef1680cd226350e931ae Mon Sep 17 00:00:00 2001
From: Adam Smith <zero1three@gmail.com>
Date: Wed, 13 Jun 2018 23:29:47 -0700
Subject: [PATCH 3/3] fix formatting for base provider output

---
 octodns/provider/base.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/octodns/provider/base.py b/octodns/provider/base.py
index ada0c7a..2c93e49 100644
--- a/octodns/provider/base.py
+++ b/octodns/provider/base.py
@@ -17,7 +17,7 @@ class BaseProvider(BaseSource):
                  delete_pcent_threshold=Plan.MAX_SAFE_DELETE_PCENT):
         super(BaseProvider, self).__init__(id)
         self.log.debug('__init__: id=%s, apply_disabled=%s, '
-                       'update_pcent_threshold=%.2f'
+                       'update_pcent_threshold=%.2f, '
                        'delete_pcent_threshold=%.2f',
                        id,
                        apply_disabled,