search

ex-aws / ex_aws

A flexible, easy to use set of clients AWS APIs for Elixir
https://hex.pm/packages/ex_aws
MIT License
1.26k stars 521 forks source link

Config parser doesn't support quotes/spaces in `credential_process` #1039

Open digitalcora opened 3 months ago

digitalcora commented 3 months ago

I use 1Password to store my AWS credentials, and initially set up my ~/.aws/config like this:

# https://tenmilesquare.com/resources/security/how-to-use-1password-to-securely-store-your-aws-credentials/

[default]
region = us-east-1
credential_process = "/home/me/.aws/op-cred-helper.sh" "Vault" "AWS Access Key"

This works perfectly with the AWS CLI. However, it doesn't work with ExAWS (using configparser_ex), since it only splits the value of credential_process on whitespace without understanding quoted values. The resulting function call looks like:

System.cmd(
  "\"/home/me/.aws/op-cred-helper.sh\"", ["\"Vault\"", "\"AWS", "Access", "Key\""],
  [stderr_to_stdout: true]
)

...which throws an ENOENT since there is no such file as "/home/me/.aws/op-cred-helper.sh" (quotes included!). As a workaround I can remove all the quotes, but then there cannot be spaces anywhere in the file path, vault name, or item name, otherwise the command isn't constructed correctly. (Fortunately 1Password allows referring to vaults/items using unique IDs that don't contain spaces, so this is only a real problem if the file path contains a space.)

credentials_process is documented to support quoted paths/arguments here: https://docs.aws.amazon.com/sdkref/latest/guide/feature-process-credentials.html