aws / git-remote-codecommit

An implementation of Git Remote Helper that makes it easier to interact with AWS CodeCommit
Apache License 2.0
272 stars 39 forks source link

Federated user role name is not used in CodeCommit PR Update #22

Closed DmitryNefedov closed 3 years ago

DmitryNefedov commented 3 years ago

Using the assumed role which stored as profile in aws/credentials.

When with aws codecommit credential-helper and push to CodeCommit, the CodeCommit PR shows update with the role id e.g. using /codecommit-dev/dmitry role shows "dmitry updated the pull request"

With git-remote-codecommit and usage of botocore session it uses session name which results in "botocore-session-123123123 updated the pull request". This makes it unclear who has pushed the latest/previous changes to the PR.

Steps to reproduce:

  1. configure git-remote-codecommit to use a profile
  2. Create a PR
  3. add new commit to local repo
  4. push new commit
  5. Check

The result shows "botocore-session-123123123 updated the pull request".

elliotsegler commented 3 years ago

This isn't so much an issue with git-remote-codecommit as it is with how botocore manages sessions using AWS profiles.

If you're using the assume_role syntax in your ~/aws/.config or ~/aws.credentials files, you'll probably want to specify role_session_name with role_arn. This will cause botocore to set the session name to something sensible, rather than the autogenerated one.

See https://docs.aws.amazon.com/credref/latest/refdocs/setting-global-role_session_name.html for details on that config variable.