search

broamski / aws-mfa

Manage AWS MFA Security Credentials
MIT License
1.03k stars 168 forks source link

--profile should override AWS_PROFILE #30

Open errordeveloper opened 6 years ago

errordeveloper commented 6 years ago

With AWS CLI, arguments override env vars. At the moment, aws-mfa seems to crash when AWS_PROFILE is set to an undefined profile, it should simply be ignored when --profile is specified.

$ echo $AWS_PROFILE
weaveworks-mfa
$ aws-mfa --profile weaveworks
INFO - Validating credentials for profile: weaveworks
INFO - Short term credentials section weaveworks is missing, obtaining new credentials.
Enter AWS MFA code for device [arn:aws:iam::<SNIP>] (renewing for 43200 seconds):<SNIP>
Traceback (most recent call last):
  File "/Users/ilya/Library/Local/Homebrew/bin/aws-mfa", line 11, in <module>
    sys.exit(main())
  File "/Users/ilya/Library/Local/Homebrew/lib/python2.7/site-packages/awsmfa/__init__.py", line 105, in main
    validate(args, config)
  File "/Users/ilya/Library/Local/Homebrew/lib/python2.7/site-packages/awsmfa/__init__.py", line 272, in validate
    get_credentials(short_term_name, key_id, access_key, args, config)
  File "/Users/ilya/Library/Local/Homebrew/lib/python2.7/site-packages/awsmfa/__init__.py", line 284, in get_credentials
    aws_secret_access_key=lt_access_key
  File "/Users/ilya/Library/Local/Homebrew/lib/python2.7/site-packages/boto3/__init__.py", line 79, in client
    return _get_default_session().client(*args, **kwargs)
  File "/Users/ilya/Library/Local/Homebrew/lib/python2.7/site-packages/boto3/__init__.py", line 69, in _get_default_session
    setup_default_session()
  File "/Users/ilya/Library/Local/Homebrew/lib/python2.7/site-packages/boto3/__init__.py", line 33, in setup_default_session
    DEFAULT_SESSION = Session(**kwargs)
  File "/Users/ilya/Library/Local/Homebrew/lib/python2.7/site-packages/boto3/session.py", line 80, in __init__
    self._setup_loader()
  File "/Users/ilya/Library/Local/Homebrew/lib/python2.7/site-packages/boto3/session.py", line 112, in _setup_loader
    self._loader = self._session.get_component('data_loader')
  File "/Users/ilya/Library/Local/Homebrew/lib/python2.7/site-packages/botocore/session.py", line 690, in get_component
    return self._components.get_component(name)
  File "/Users/ilya/Library/Local/Homebrew/lib/python2.7/site-packages/botocore/session.py", line 871, in get_component
    self._components[name] = factory()
  File "/Users/ilya/Library/Local/Homebrew/lib/python2.7/site-packages/botocore/session.py", line 178, in <lambda>
    lambda:  create_loader(self.get_config_variable('data_path')))
  File "/Users/ilya/Library/Local/Homebrew/lib/python2.7/site-packages/botocore/session.py", line 258, in get_config_variable
    elif self._found_in_config_file(methods, var_config):
  File "/Users/ilya/Library/Local/Homebrew/lib/python2.7/site-packages/botocore/session.py", line 279, in _found_in_config_file
    return var_config[0] in self.get_scoped_config()
  File "/Users/ilya/Library/Local/Homebrew/lib/python2.7/site-packages/botocore/session.py", line 351, in get_scoped_config
    raise ProfileNotFound(profile=profile_name)
botocore.exceptions.ProfileNotFound: The config profile (weaveworks-mfa) could not be found
$ unset AWS_PROFILE
$ aws-mfa --profile weaveworks
INFO - Validating credentials for profile: weaveworks
INFO - Short term credentials section weaveworks is missing, obtaining new credentials.
Enter AWS MFA code for device [arn:aws:iam::<SNIP>] (renewing for 43200 seconds):<SNIP>
INFO - Fetching Credentials - Profile: weaveworks, Duration: 43200
INFO - Success! Your credentials will expire in 43200 seconds at: 2018-06-07 19:17:02+00:00
$
stantonk commented 6 years ago

It actually fails even if AWS_PROFILE is set to "default", which is...very odd and confusing.