Comments (11)
I'm not sure I understand the use case here. Why would the same users on a host use the same AWS credentials (or other parameter in the .aws/credentials
file)?
from puppet-awscli.
if, on a single system, multiple users need an AWS cli profile called "default" (since most tools / libraries make it difficult to use named profiles), this isn't possible to achieve given your use of $title. I agree that the solution should be to make an aws_profile
param if you want something other than "default", and the actual $title can be ignored other than puppet's internal use.
from puppet-awscli.
@justindowning
The use case isn't the same users on the same system, it is different users on the same system, using the same profile name within their credentials/config files (i.e., 'default'). This is very useful when you deploy different IAM creds for different users on the same system, depending on the AWS perms you want to authorize for each user (super-users vs S3 bucket manager). The way it is handled currently, you need to define a different resource title for each user, which would translate to different profile names. This would require unpleasant adjustments on the cli/sdk. Example:
User A creds file:
[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
User B creds file:
[default2] <==== necessary to use "default2" in the resource declaration to avoid dup declaration
aws_access_key_id=AKIAI44QH8DHBEXAMPLE
aws_secret_access_key=je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
User B must then do:
aws ec2 describe-instances --profile default2
Parameterizing the profile name allows both users to use default, requiring no adjustments on the CLI or within an SDK (boto, etc).
jgnagy's commit looks good; in fact he simplified my approach by retaining the use of $title within the concat::fragment statements (which will always be unique).
from puppet-awscli.
FYI implementing the code changes per @jgnagy or my advice will certainly be a backwards compatibility breaking release.
from puppet-awscli.
My PR includes an update to the README that briefly describes the change as breaking. It wouldn't hurt to accentuate that a bit more if the PR is accepted, perhaps with a minor (or even major) version bump.
from puppet-awscli.
I created #24, but realised the issue probably makes more sense to be fixed as part of this. Please note the naming format of a named profile is different between ~/.aws/credentials
and ~/.aws/config
.
from puppet-awscli.
@jccl I modified the .erb template to incorporate your changes. Good catch, thanks. Tested as working in my env.
from puppet-awscli.
@jccl and @mvolhontseff, agreed, this is a good catch, and I'm happy to integrate a check (and appropriate logic) for this here if we all agree it makes sense to do so.
from puppet-awscli.
@jgnagy - updated config_concat.erb and submitted a pull request
from puppet-awscli.
Merged, and I updated the README. We'll see if all the tests still pass, then maybe @justindowning can merge this in for us.
from puppet-awscli.
Merged #23 🎉
from puppet-awscli.
Related Issues (20)
- PUP-4997 - pip provider on RHEL problem HOT 2
- Need install_options for pip install for awscli so we can set the proxy variable HOT 2
- pip command on centOS 7 requires /usr/bin/pip-python which is not installed by easy_install HOT 1
- Allow setting proxy for the EPEL module HOT 2
- Invalid parameter show_diff HOT 1
- Issues with puppetlabs-concat versions? HOT 1
- puppet 4 support HOT 4
- AmazonLinux Support HOT 4
- Default file mode is world-readable HOT 1
- Concat dependency annoyance HOT 4
- Support for additional config options HOT 1
- Test fails after clean clone run HOT 1
- Support credential_source HOT 1
- Ubuntu 18.04 support / use official .deb package HOT 3
- module dependencies HOT 2
- stahnma-epel is deprecated HOT 1
- Support puppet 5 HOT 1
- Please add support for aws-cli v.2 HOT 1
- Support for Ubuntu 20.04 / Puppet >= 6.1? HOT 2
- Please allow `puppetlabs/stdlib` >= 7.0.0
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppet-awscli.