Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support AssumeRole when credential_source = Environment #231

Closed
wants to merge 2 commits into from
Closed

Support AssumeRole when credential_source = Environment #231

wants to merge 2 commits into from

Conversation

benhowes
Copy link

@benhowes benhowes commented Aug 4, 2020

From #181

Description of changes:
This PR is a slight variation on the code outlined in #181, which just always passes the value of AWS_PROFILE to the creation of a session. To the best of my knowledge, this will work in the regular cases which are already supported, as well as when assuming a role with credential_source = Environment.

I've not currently added any tests, because I cannot see any examples of tests which use the ~/.aws/config or any tests which set AWS_PROFILE.

Opening this for discussion and to hopefully arrive at a solution which is mergeable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@benhowes benhowes marked this pull request as ready for review November 19, 2020 13:14
kzys
kzys suggested changes Nov 19, 2020
View reviewed changes
ecr-login/ecr.go
@@ -52,13 +53,21 @@ func (self ECRHelper) Get(serverURL string) (string, string, error) {
return "", "", credentials.NewErrCredentialsNotFound()
}

profile, profile_exists := os.LookupEnv("AWS_PROFILE")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: profile_exists -> profileExists

https://golang.org/doc/effective_go.html#mixed-caps

Finally, the convention in Go is to use MixedCaps or mixedCaps rather than underscores to write multiword names.

ecr-login/ecr.go
Comment on lines 59 to +70
if registry.FIPS {
client, err = self.ClientFactory.NewClientWithFipsEndpoint(registry.Region)
if err != nil {
logrus.WithError(err).Error("Error resolving FIPS endpoint")
return "", "", credentials.NewErrCredentialsNotFound()
}
} else if profile_exists {
client, err = self.ClientFactory.NewClientWithExplicitProfile(profile)
if err != nil {
logrus.WithError(err).Error("Error creating client with explicit profile")
return "", "", credentials.NewErrCredentialsNotFound()
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is probably a question for @samuelkarp - Right now FIPS and AWS_PROFILE are mutually-exclusive. Is there a case where a customer want to use AWS_PROFILE, but with FIPS?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, these options should not be mutually exclusive.

Base automatically changed from master to main February 18, 2021 20:00
@samuelkarp
Copy link
Contributor

@benhowes Are you able to update this to address the mutual-exclusivity problem?

@benhowes
Copy link
Author

@samuelkarp I've actually left the company where I was developing this since then, I don't think I'll find time to work on this PR any further. Sorry!

@samuelkarp
Copy link
Contributor

@benhowes Thanks for letting me know! I'm going to close this PR for now, but we'd be open to looking at changes like this again in the future.

@samuelkarp samuelkarp closed this Feb 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@samuelkarp samuelkarp samuelkarp left review comments

@kzys kzys kzys requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@benhowes @samuelkarp @kzys