search

okigan / awscurl

curl-like access to AWS resources with AWS Signature Version 4 request signing.
MIT License
737 stars 91 forks source link

Execute credential process to get temporary credentials. #102

Open perplexes opened 3 years ago

perplexes commented 3 years ago

At work we use credential_process inside of ~/.aws/credientials, with a profile for each app/env combo so that we don't have to manually manage our AWS credentials. This adds support for using this directive: Get the command, execute in subshell to obtain JSON, parse json, and extract access key, secret, and session.

Follows https://github.com/aws/aws-cli/blob/ecd654bb665a29246496e6dcac33e24a60d6cf7a/awscli/topics/config-vars.rst#sourcing-credentials-from-external-processes

okigan commented 3 years ago

Hi Colin,

Sounds really cool - will check it out soon.

Please also add a test for this functionality.

Thanks Igor

On Oct 31, 2020, at 1:43 PM, Colin Curtin notifications@github.com wrote:

 At work we use credential_process inside of ~/.aws/credientials, with a profile for each app/env combo so that we don't have to manually manage our AWS credentials. This adds support for using this directive: Get the command, execute in subshell to obtain JSON, parse json, and extract access key, secret, and session.

Follows https://github.com/aws/aws-cli/blob/ecd654bb665a29246496e6dcac33e24a60d6cf7a/awscli/topics/config-vars.rst#sourcing-credentials-from-external-processes

You can view, comment on, or merge this pull request online at:

https://github.com/okigan/awscurl/pull/102

Commit Summary

Execute credential process to get temporary credentials. File Changes

M awscurl/awscurl.py (15) Patch Links:

https://github.com/okigan/awscurl/pull/102.patch https://github.com/okigan/awscurl/pull/102.diff — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

lugoues commented 3 years ago

This should really rely on boto to get temporary credentials. A lot of people, myself included, use credential_process to fetch master credentials that are then used by the api to assume a role.

This is partially related to #44. Which itself is an issue since it obfuscates the fact that it isn't following the standard methods to obtain credentials.

okigan commented 3 years ago

@perplexes So oddly enough it's failing continuous builds for ubuntu 3.6,3.8 -- which unclear why to me. Secondary PR is missing update to readme to indicate how to use this. Could you update the PR? Huge thanks!

I've added a branch to test the CI loop -- it's passing: https://github.com/okigan/awscurl/runs/1381017691?check_suite_focus=true

But the one for this PR is failing (capturing snapshot below): image

fugkco commented 2 years ago

@okigan could this get looked at and/or merged? We're starting to credential process too, it's much more convenient and allows for credentials to never be written to disk.

okigan commented 1 year ago

@perplexes I've updated your PR to pass tests, but I wanted to check if it is still needed, as https://github.com/okigan/awscurl/pull/146 was already merged?