Open perplexes opened 3 years ago
Hi Colin,
Sounds really cool - will check it out soon.
Please also add a test for this functionality.
Thanks Igor
On Oct 31, 2020, at 1:43 PM, Colin Curtin notifications@github.com wrote:
At work we use credential_process inside of ~/.aws/credientials, with a profile for each app/env combo so that we don't have to manually manage our AWS credentials. This adds support for using this directive: Get the command, execute in subshell to obtain JSON, parse json, and extract access key, secret, and session.
You can view, comment on, or merge this pull request online at:
https://github.com/okigan/awscurl/pull/102
Commit Summary
Execute credential process to get temporary credentials. File Changes
M awscurl/awscurl.py (15) Patch Links:
https://github.com/okigan/awscurl/pull/102.patch https://github.com/okigan/awscurl/pull/102.diff — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.
This should really rely on boto to get temporary credentials. A lot of people, myself included, use credential_process
to fetch master credentials that are then used by the api to assume a role.
This is partially related to #44. Which itself is an issue since it obfuscates the fact that it isn't following the standard methods to obtain credentials.
@perplexes So oddly enough it's failing continuous builds for ubuntu 3.6,3.8 -- which unclear why to me. Secondary PR is missing update to readme to indicate how to use this. Could you update the PR? Huge thanks!
I've added a branch to test the CI loop -- it's passing: https://github.com/okigan/awscurl/runs/1381017691?check_suite_focus=true
But the one for this PR is failing (capturing snapshot below):
@okigan could this get looked at and/or merged? We're starting to credential process too, it's much more convenient and allows for credentials to never be written to disk.
@perplexes I've updated your PR to pass tests, but I wanted to check if it is still needed, as https://github.com/okigan/awscurl/pull/146 was already merged?
At work we use
credential_process
inside of ~/.aws/credientials, with a profile for each app/env combo so that we don't have to manually manage our AWS credentials. This adds support for using this directive: Get the command, execute in subshell to obtain JSON, parse json, and extract access key, secret, and session.Follows https://github.com/aws/aws-cli/blob/ecd654bb665a29246496e6dcac33e24a60d6cf7a/awscli/topics/config-vars.rst#sourcing-credentials-from-external-processes