Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

clean environment every time #19

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

veqryn
Copy link
Contributor

@veqryn veqryn commented Aug 11, 2017

Fixes #18


This change is Reviewable

}
// Clear out any previously set AWS_ environment variables so
// they aren't used by this call
cleanEnv()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think cleanEnv() should actually just get removed. If we don't want aws-sdk-go to use creds from the environment, then we should just swap out the credential chain with an explicit SharedCredentialsProvider. I think it'd look something like:

config := aws.Config{Credentials: &credentials.SharedCredentialsProvider{Filename: "", Profile: ""}}
session := session.New(config)

cleanEnv() is some cruft from when this tool would shell out to the aws cli.

@veqryn
Copy link
Contributor Author

veqryn commented Aug 11, 2017

I looked through the old issues and found people had similar issues in the past.
It seems though that some people need these environment variables to connect to get the new session/assumed-role? If so, then we can't clear it any time.
Instead, we should force it to use the profile, as the correct credentials will be stored under there (or its parent profile).

@veqryn
Copy link
Contributor Author

veqryn commented Aug 11, 2017

Hm.. trying this and its not working:

	sess := session.Must(session.NewSession(&aws.Config{
		Credentials: credentials.NewSharedCredentials("", profile),
	}))

Output:

error: SharedCredsLoad: failed to get profile
caused by: section 'eo' does not exist

@jcftang
Copy link

jcftang commented Aug 29, 2018

I've been running into this issue as well where the env variables are used, it would be better if this tool used the credentials from the credentials config file and generated a config file and set the assumed credentials, it would allow for a daemonised assume-role process that can run just before the expiration of the token to be regenerated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants