Open cpcloud opened 2 years ago
The workaround is to set AWS_PROFILE
environment variable on nix-daemon. This profile-selection code should be ripped out and we should just use the default AWS SDK Credential chain in my opinion.
Note that the whole AWS credential stuff is generally a bit of a pain in the butt because both your current user needs to have access to the credentials as well as the root user. Because for example substitution is done by the nix-daemon.
Is your feature request related to a problem? Please describe.
When specifying the
profile=my-profile
parameter in an S3 binary cache URL, SSO credentials ignored. A profile's existence doesn't necessarily imply auth using ~/.aws/credentials`, yet it is treated that way by nix.This appears to be because the code here will use
ProfileConfigFileAWSCredentialsProvider
when theprofile
parameter is provided. Unfortunately that class appears to force looking for credentials in~/.aws/credentials
.SSO works when a profile using it is named
default
, since that'll hit the default credentials provider chain.Describe the solution you'd like
I'd like the
profile
parameter to take effect regardless of credentials provider method.Describe alternatives you've considered
One alternative I see is to name anything that must use SSO
default
, which is undesirable because I have multiple profiles that auth this way.The other is to set
AWS_PROFILE
, which appears to work.Additional context