Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Automatically selects config section matching AWS_PROFILE #272

Open
wants to merge 6 commits into
base: master
Choose a base branch
from

Conversation

nl-brett-stime
Copy link
Contributor

@nl-brett-stime nl-brett-stime commented Dec 30, 2020

When a user has exported an AWS_PROFILE environment variable, the logic in this PR will find a matching section in ~/.okta_aws_login_config, if configured.

Description

See motivation section below.
To enable the new feature for a given profile, the corresponding section in ~/.okta_aws_login_config must add a new attribute e.g., the following...

[someProfile]
aws_profile_env_match = foo

...would activate the profile when the AWS_PROFILE environment variable is set to foo

Related Issue

#271

Motivation and Context

E.g., Existing usage with many explicit profile references:

gimme-aws-creds --profile foo
aws --profile foo s3 ls
aws --profile foo ec2 describe-instances
AWS_PROFILE=foo terraform apply

Optional new usage for those of us who wish to type less:

export AWS_PROFILE=foo
gimme-aws-creds                 # After this PR, gimme recognizes the same environment variable as the AWS CLI and SDK.
aws s3 ls                       # The AWS CLI already recognizes the AWS_PROFILE environment variable
aws ec2 describe-instances
terraform apply                 # Other tools built on an AWS SDK already recognize the AWS_PROFILE environment variable

How Has This Been Tested?

I'm using it locally. If I have more time in the near future, I may provide additional documentation and testing. I tried to make the new feature at least a little bit self-discoverable without external documentation. I also did some manual testing for the existing cases.

For some reason, if I run nosetests --verbosity=2 tests/, I get errors like the ones below, even though I ranpip3 install -r requirements.txt:

    from mock import patch
ModuleNotFoundError: No module named 'mock'

    import responses
ModuleNotFoundError: No module named 'responses'

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

@Sector95
Copy link
Contributor

Sector95 commented Mar 2, 2021

Need to use requirements_dev.txt for running the tests.

@nl-brett-stime
Copy link
Contributor Author

The CLA at https://www.clahub.com/agreements/Nike-Inc/fastbreak isn't loading for me (tried both Brave and Firefox).

bwynsm
bwynsm previously requested changes Apr 21, 2021
gimme_aws_creds/config.py Show resolved Hide resolved
@bwynsm bwynsm dismissed their stale review April 21, 2021 15:25

miss-read one of the elements required - we'll have to think about that added requirement being added manually..

@bwynsm
Copy link
Contributor

bwynsm commented Apr 21, 2021

I tested this and it seems to work (ignore my previous review)
One obstacle here is that the user does have to go in and manually alter their okta config to add a line, which is a little painful. I get the concept there, but seems like a bit painful anyway. I'll think about this.

@nl-brett-stime
Copy link
Contributor Author

nl-brett-stime commented May 20, 2021

One obstacle here is that the user does have to go in and manually alter their okta config to add a line, which is a little painful.

In theory, we could add a question to the --action-configure wizard to help users when creating new profiles in their okta config. Unfortunately, in practice, I'm not sure how soon I'll be available to help with that effort. Would you be willing to take an iterative approach i.e., merge this sooner if I open a backlog issue to improve --action-configure later?

@jcreyf
Copy link
Contributor

jcreyf commented Dec 2, 2022

I'm late to the party here. Am starting to use gimme-aws-creds again after several years of not needing it.
I need this functionality too and started implementing my own change without knowing this issue and PR were out there.
My code change is just 3 lines in config.py:
https://github.com/jcreyf/gimme-aws-creds/blob/e4a5e5a43715dcbf436e4a2bb8d4e5a490571761/gimme_aws_creds/config.py#L177
1 line is a simple change to pick up the AWS_PROFILE value (if set) and the 2 other lines are to display the selected profile on the command line to inform the user.
What do you guys think? It doesn't need any updates to the okta config.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants