cevoaustralia/aws-google-auth

.aws/config google_config.keyring setting overriden

Open

#153 opened on Oct 28, 2019

View on GitHub
 (4 comments) (0 reactions) (0 assignees)Python (531 stars) (172 forks)batch import
help wantedusability

Description

I set my ~/.aws/config up with several profiles. When i want to refresh my tokens, i want the google password to be read from my keychain (which i set up earlier). So this is what the config looks like.

[profile my-admin-profile]
region = us-east-1
google_config.ask_role = False
google_config.keyring = True
google_config.duration = 3600
google_config.google_idp_id = IDP_ID
google_config.role_arn = role_arn
google_config.google_sp_id = SRV_ID
google_config.u2f_disabled = False
google_config.google_username = me@company.org

When calling aws-google-auth with just one parameter telling it the profile name to read from, it asks for the password, not honouring the google_config.keyring = True setting.

$ aws-google-auth -p my-admin-profile
Google Password:

And even worse, it sets the config to False. So next time i try to refresh the tokens, it asks for the password again. The only way to remedy it, is to set the -k parameter. Is this intended behaviour? But i guess if you want to switch keychain off, there is another "negative" parameter needed, like -K to actively indicate you don't want the keychain and thne overriding the config file. Any thoughts are appreciated.

Contributor guide

Tech stack
python
Domain
clicloudsecurity
Issue type
bug
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-3 hours
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
PythonAWS CLIkeyring library
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
60
Research direction
Investigate how aws google auth reads and writes config settings, specifically the handling of google config.keyring in the config file. Look at the source code for config parsing (likely in a file like config.py or utils.py). Check if the keyring flag overrides the config setting and if there is a bug where the config is being written with a default value. Consider the fix to ensure that the setting from the config file is honored unless explicitly overridden by k or K flags.
.aws/config google_config.keyring setting overriden · cevoaustralia/aws-google-auth#153 | Good First Issue