Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request - add support for local configuration files (that override the user-level defaults) #238

Open
SWolfeCAI opened this issue Apr 4, 2022 · 1 comment
Open

Feature Request - add support for local configuration files (that override the user-level defaults) #238

SWolfeCAI opened this issue Apr 4, 2022 · 1 comment
Labels
enhancement

Comments

@SWolfeCAI
Copy link

Some of our terraform uses root-modules that are specific to single accounts; whenever we run those modules we use ALKS to get a session for the one relevant account.

A git repo might look a bit like:

./src/
./terraform/
./terraform/accounts/awsaccount1
./terraform/accounts/awsaccount2

As a minor enhancement, it would be nice if we could add a config file to those root modules to configure alks-cli to quickly get a session for the relevant account. Other CLI tools sometimes do this via "rc" files. Typically these files override the default configurations, and/or specify values that act as default parameters.

A pseudo-example for alks-cli might look something like:

File: ./terraform/accounts/awsaccount1/.alksrc

account=awsaccount1
role=Admin

With the above example, running commands like alks sessions open in thr ./terraform/accounts/awsaccount1 directory would use the specified account and role as the defaults. Running the same command elsewhere would not use these directory-specific settings.
@americk0
Copy link
Member

Hey @SWolfeCAI, pardon the delay in responding. I like the idea of this and I've been thinking about adding something like this for a while, but I don't have any solid details on when this could get added.

We've had some work planned on our backlog for a while to refactor the logic for how the CLI manages its settings and that will likely create an opportunity to reengineer this process and come up with a better solution that potentially allows for overrides of settings in subfolders with files similar to what you've described so it is on our radar.

In the meantime, although this isn't an implementation of your feature suggestion I believe I have a solution that might help you accomplish the same goal today. The AWS CLI (and many AWS-related tooling including terraform) can use a file called ~/.aws/credentials where you can specify various profiles and credentials for those profiles, but the really neat thing is that you can establish a profile that uses a credential process such that whenever the profile is used, the AWS CLI will execute the specified command to generate credentials for that profile on-the-fly, and the ALKS CLI can be used today to perform this action. I believe it would look something like this:

# ~/.aws/credentials

[profile awsmyaccount]
credential_process = /usr/local/bin/alks sessions open -a 012345678910 -r Admin -o aws

and then in your terraform file you could specify this profile on the aws provider block like this:

provider "aws" {
  region = ...
  profile = "awsmyaccount"
}

With this configuration your terraform should be able to automatically detect that profile and execute that ALKS CLI command to generate credentials for your account at the moment they're needed without the need for any .alksrc file. I would still like to eventually implement some kind of rc file for ALKS since there are potentially several other use cases for it so I will leave this feature request open for now but I hope this solution helps you in the meantime

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@americk0 @SWolfeCAI