Open neilramsay opened 4 years ago
I'll fix up the Flake8 failures, and also I need to test credential expiry.
NR
@stevemac007 are you the right person to review this?
NR
I've checked the expiry of credentials (as stored in ~/.aws/credentials
), and found that they don't automatically refresh (prompt from aws-google-auth), so I may need to investigate internal caching.
Hi @neilramsay - thanks for the contribution, I've only just had some time to look into the recent contributions - you'll see there are now some conflicts due to recent changes - if you can resolve the conflicts we can move forward.
I'm not aware of the credential process
that you reference here - where in your work flow would you use something like this? We have the tool to a flow where it limits interactivity as much as possible, but are there constraints in using this mode, ie can you do with MFA enable? Just wondering how any user input or prompts would work.
Add
--process-creds
option to partially address #40Allows the
~/.aws/config
file to use thecredential_process
directive with aws-google-auth, so that users can use AWS CLI profiles without calling the aws-google-auth tool directly.Please note that the AWS CLI does not currently cache credentials obtained from an external
credential_process
. The aws-google-auth--profile
option 'caches' the authentication tokens in the~/.aws/credentials
file, which effectively caches the results.Additionally, the
~/.aws/config
profile cannot be used as asource_profile
for another profile, so is unable to assume roles in other accounts. See boto/botocore#1329Please bear with me as this is my first PR, and my Python experience is limited.
Cheers, Neil