Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding the option to export AWS credentials with a command #6808

Closed
wants to merge 7 commits into from
Closed

Adding the option to export AWS credentials with a command #6808

wants to merge 7 commits into from

Conversation

HugoCL
Copy link

@HugoCL HugoCL commented Mar 23, 2022

Issue #, if available:

This PR aims to solve #5261, which is adding the capability to the AWS CLI to export the credentials of the current session.

Description of changes:

  • Created a new command aws configure export-credentials for the purpose of the solution
  • Using the current session data, I use the "frozen credentials" to get the data needed to be outputted.
  • After getting the data, it's printed to STDOUT in JSON format using uni_print for better compatibility.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@HugoCL HugoCL changed the title V2 Adding the option to export AWS credentials with a command Mar 23, 2022
mdaniel
mdaniel reviewed Apr 13, 2022
View reviewed changes
awscli/customizations/configure/exporter.py
'No credentials available. Try running "aws configure" first.')
try:
credentials_data = credentials.get_frozen_credentials()
dump = {'aws_access_key_id': credentials_data.access_key,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this is a new command, without backward compat concerns, may I suggest using the same shape as is emitted by aws sts assume-role? it'd be one less special case for those wishing to consume the output

{
    "Credentials": {
        "AccessKeyId": "ASIA...",
        "SecretAccessKey": "sekrit...",
        "SessionToken": "bAsE64=",
        "Expiration": "2022-04-13T17:24:10.189000+00:00"
    }
}

where obviously SessionToken and Expiration would be elided just like they are in your current output

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @mdaniel, I'll try to make the changes as suggested

@tim-finnigan tim-finnigan added MLH needs-review This issue or pull request needs review from a core team member. labels Apr 18, 2022
@stealthycoin
Copy link
Contributor

Tests need to pass before it can be reviewed.

@benkehoe
Copy link

benkehoe commented May 9, 2022
edited

I'd say the JSON format should be the well-defined credential process format: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html

aws-export-credentials provides a comprehensive reference implementation that you may want to take a look at, especially the extraction of credential expiration.

@HugoCL
Copy link
Author

HugoCL commented May 19, 2022

Thanks for the suggestions @benkehoe! I'll try to work on that

1 similar comment
@HugoCL
Copy link
Author

HugoCL commented May 19, 2022

Thanks for the suggestions @benkehoe! I'll try to work on that

@justindho justindho marked this pull request as draft June 2, 2022 19:00
@jamesls jamesls mentioned this pull request Nov 2, 2022
Closed
2 tasks
jamesls added a commit to jamesls/aws-cli that referenced this pull request Nov 2, 2022
@jamesls
Add export-creds command to the CLI
ef9fab7 
This PR builds on the interface proposed in aws#6808 and implements
the additional features proposed in aws#7388.

From the original PRs, the additional features are:

* Added support for an explicit `--format` args to control the output
  format.
* Add support for env vars, powershell/windows vars, and a JSON format
  that's enables this command to be used as a `credential_process`.
* Detect, and prevent infinite recursion when the credential process
  resolution results in the CLI calling itself with the same command.

Closes aws#7388
Closes aws#5261
jamesls added a commit to jamesls/aws-cli that referenced this pull request Nov 2, 2022
@jamesls
Add export-creds command to the CLI
ace597d 
This PR builds on the interface proposed in aws#6808 and implements
the additional features proposed in aws#7388.

From the original PRs, the additional features are:

* Added support for an explicit `--format` args to control the output
  format.
* Add support for env vars, powershell/windows vars, and a JSON format
  that's enables this command to be used as a `credential_process`.
* Detect, and prevent infinite recursion when the credential process
  resolution results in the CLI calling itself with the same command.

Closes aws#7388
Closes aws#5261
@jamesls jamesls mentioned this pull request Nov 2, 2022
Merged
@tim-finnigan
Copy link
Contributor

Thanks for working on this PR Hugo. #7398 has now been merged, which mentioned building off of the interface proposed here. Now that this command is available I think the PR can be closed: https://awscli.amazonaws.com/v2/documentation/api/latest/reference/configure/export-credentials.html.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mdaniel mdaniel mdaniel left review comments

Assignees
No one assigned
Labels
MLH needs-review This issue or pull request needs review from a core team member.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@HugoCL @stealthycoin @benkehoe @tim-finnigan @mdaniel