New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS - support sourcing credentials from a different profile #212
Comments
I need to manage multiple environments using Terraform, so this feature is crucial. The final work will be executed through CI/CD; however, I'd like to frequently check the progress in the terminal while working. |
Thank you to all who left feedback on this issue!
Since #180, commands like From my understanding you are requesting support for the following scenario: Can you help me better discover your use case, and in which scenarios the explained solution above would fall short? |
@AndyTitu Thanks for your reply.I commented because the error message was directing me to this issue. However, the call from terraform failed and I would like to know if there is a proper place for this issue. |
@fillz-noh Sure, glad I could help!
Here is the issue for supporting the terraform use case, for aws but in general for any other tool. Also, I've just opened a PR about this: #256 |
This works for the aws cli but breaks other tools like sops since it's no longer able to determine the root credentials/keys. |
@jarshwah , @fillz-noh and everyone else involved in this issue: We have just released our new beta solution for the Terraform shell plugin. This allows AWS to work with Terraform out of the box, and also comes up with a general solution for authenticating terraform providers. Would be awesome if you could give it a try and let us know how/if this simplifies your workflows by a bunch. |
Hi I don't know if I'm missing something else but I've been trying the beta ( However, it's impossible for interacting with EKS using the current solution, it still seems to be requiring the
Am I missing something or is an additional fix going to be required? |
@jandeschuttere thanks for sharing your use case! The first thing that comes to mind when seeing that error is that the shell-plugin is not actually wrapping the tools you are using to manage EKS. Can you please share the exact command(s)/script that you are running? |
This happens with any of the commands interacting via When I looked closer into it it seems that the introduced shell-plugin is actually setting up an alias to wrap the 1pwd command, yet the kubectl config for EKS introduces an auth provider type "exec" (see https://kubernetes.io/docs/reference/access-authn-authz/authentication/#configuration)
The alias is not able to override this behaviour. Perhaps a different config in the ~/.kube/config could be set up so that it can use the alias or introduce the wrapping logic the same way as that alias is doing but I was at least not able to easily do so. |
@jandeschuttere Hey solved it by wrapping op command to
|
Platform or tool
AWS
Desired or expected behavior
AWS shell plugin should allow for sourcing a certain profile's credentials from another profile.
Current behavior
Currently AWS shell plugin supports long lived credential authentication, MFA and Assume Role support with temporary credentials authentication.
Relevant log output
No response
op CLI version
No response
The text was updated successfully, but these errors were encountered: