search

manheim / awssume

rubygem for running a command with AWS AssumeRole credentials
MIT License
25 stars 11 forks source link

issue when using with aws query parameter #5

Open codezninja opened 7 years ago

codezninja commented 7 years ago

Hi,

I love this gem btw. Make my life alot easier. I'm having the following issue when I use aws query parameter and can't seem to find an easy resolutions. Any help would be appreciated

awssume aws --output text lambda list-functions --query 'Functions[?starts_with(FunctionName, `MY_FUNCTION_NAME`) == `true`].FunctionName'

sh: -c: line 0: syntax error near unexpected token `('
sh: -c: line 0: `AWS_ACCESS_KEY_ID='*******' AWS_EXPIRATION='2017-08-16 19:53:49 UTC' AWS_SECRET_ACCESS_KEY='***********' aws --output text lambda list-functions --query Functions[?starts_with(FunctionName, `MY_FUNCTION_NAME`) == `true`].FunctionName'
codezninja commented 7 years ago

I think this is a possible solution

awssume "aws --output text lambda list-functions --query \"Functions[?starts_with(FunctionName, \\\`FUNCTION_NAME\\\`) == \\\`true\\\`].FunctionName\""
jantman commented 7 years ago

I'm pretty sure the issue is with Awssume::CommandDecorator; format_cmd joins the args array into a string, and then that is passed to ruby's Kernel.system... but system() is explicitly designed to perform shell expansion if its argument is a string as opposed to an Array.

A pretty telling example of this comes from Ruby's API documentation:

system("echo *")
system("echo", "*")

produces:

config.h main.rb
*

As to a solution... I'm not 100% sure here, but it looks to me like the only reason that we're converting args from a (non-shell-evaluated) Array to a (shell-evaluated) string is to interpolate the AWS_* environment variable settings at the beginning of the command line. But we shouldn't have to do that; system() accepts an optional first env Hash parameter like spawn, where we can specify environment variables to set as a hash and then pass the command array through unmodified.

i.e. I think this problem would go away if the actual call became something like

system({'AWS_foo' => 'key', ... }, ARGV[0..-1])

or, in terms of an actual implementation, in lib/awssume.rb, change:

    aws_env = {
      'AWS_REGION'         => config.region,
      'AWS_DEFAULT_REGION' => config.region
    }
    creds_hash = adapter.assume
    fmt_cmd    = Awssume::CommandDecorator.format_cmd(ARGV[0..-1], creds_hash)

    handle_exit { system(aws_env, fmt_cmd) }

to:

    aws_env = {
      'AWS_REGION'         => config.region,
      'AWS_DEFAULT_REGION' => config.region
    }
    adapter.assume.each { |k,v| aws_env["AWS_#{k.upcase}"] = v }

    handle_exit { system(aws_env, ARGV[0..-1]) }

... unless I'm missing there being a reason why we're exporting some things directly to the environment, but relying on the shell to export others...?

qntnrbns commented 1 year ago

I also think the is the correct solution.

Do we feel good about a patch?