Improvement: Add Process-Creds option for use by AWS CLI

[neilramsay]

Add --process-creds option to partially address #40

Allows the ~/.aws/config file to use the credential_process directive with aws-google-auth, so that users can use AWS CLI profiles without calling the aws-google-auth tool directly.

Please note that the AWS CLI does not currently cache credentials obtained from an external credential_process. The aws-google-auth --profile option 'caches' the authentication tokens in the ~/.aws/credentials file, which effectively caches the results.

Additionally, the ~/.aws/config profile cannot be used as a source_profile for another profile, so is unable to assume roles in other accounts. See boto/botocore#1329

---

Please bear with me as this is my first PR, and my Python experience is limited.

Cheers, Neil

[neilramsay]

I'll fix up the Flake8 failures, and also I need to test credential expiry.

NR

[coveralls]

Coverage increased (+0.7%) to 47.431% when pulling b6fa7d3e4d778b703f45d2e9915aebc72bf3030c on neilramsay:feature/neilramsay/issue_40 into e468c011068b386375b8ecb686323bf69e503633 on cevoaustralia:master.

[neilramsay]

@stevemac007 are you the right person to review this?

NR

[neilramsay]

I've checked the expiry of credentials (as stored in ~/.aws/credentials), and found that they don't automatically refresh (prompt from aws-google-auth), so I may need to investigate internal caching.

[stevemac007]

Hi @neilramsay - thanks for the contribution, I've only just had some time to look into the recent contributions - you'll see there are now some conflicts due to recent changes - if you can resolve the conflicts we can move forward.

I'm not aware of the credential process that you reference here - where in your work flow would you use something like this? We have the tool to a flow where it limits interactivity as much as possible, but are there constraints in using this mode, ie can you do with MFA enable? Just wondering how any user input or prompts would work.