Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configurable SSO directories #63

Open
wants to merge 2 commits into
base: next
Choose a base branch
from
Open

Configurable SSO directories #63

wants to merge 2 commits into from

Conversation

nazarewk
Copy link

@nazarewk nazarewk commented Apr 21, 2022
edited
Loading

Allows configuring SSO directories explicitly in addition to more sane defaults (discovering them from AWS SDK credentials/config file locations).

@nazarewk
Configurable SSO directories
d9c0642 
Allows configuring SSO directories explicitly in addition to more sane defaults (discovering them from AWS SDK credentials/config file locations)
@jaen
Copy link

jaen commented Apr 21, 2022

This would be very useful to me, as I usually keep AWS stuff in a directory scoped to a project using direnv and AWS SSO util kind of ignores that.

@benkehoe
Copy link
Owner

I'm open to this, but I'd rather see it implemented on the AWS CLI (/botocore) instead, so that it's not specific to aws-sso-util. Could you open an issue/PR there first to see if they're open to it? A workaround like this in aws-sso-util would be the backup if they aren't.

@benkehoe
Copy link
Owner

benkehoe commented May 1, 2022

It also occurred to me that it may be dangerous to allow an environment variable to tell it where to put credentials. A bit like the redirect on an OAuth flow. I'll have to think more about that, seek some advice.

@nazarewk
Copy link
Author

nazarewk commented May 4, 2022
edited
Loading

It also occurred to me that it may be dangerous to allow an environment variable to tell it where to put credentials. A bit like the redirect on an OAuth flow. I'll have to think more about that, seek some advice.

While I agree it should be stored in secret-service (or something similar) instead, the AWS SDK already set the precedence on storing credentials in files pointed to by envvars.

I'm open to this, but I'd rather see it implemented on the AWS CLI (/botocore) instead, so that it's not specific to aws-sso-util. Could you open an issue/PR there first to see if they're open to it? A workaround like this in aws-sso-util would be the backup if they aren't.

I'll take a look at viability of implementing it in botocore when i have some free time (most likely not in the next ~3 weeks).

@nazarewk nazarewk mentioned this pull request May 4, 2022
Closed
2 tasks
@benkehoe
Copy link
Owner

benkehoe commented May 5, 2022

The AWS SDK generally has the capability for you to tell it where to get credentials that you've already stored (e.g., with AWS_SHARED_CREDENTIALS_FILE), which is different from telling it where to put cached credentials. Does that make sense?

@nazarewk
Copy link
Author

nazarewk commented May 6, 2022

You're right, AWS SDK does not store, only reads the credentials.

@nazarewk
Copy link
Author

nazarewk commented May 6, 2022

FYI: looks like you already made a feature request to botocore boto/botocore#1923 ?

@benkehoe
Copy link
Owner

boto/botocore#1923 is different. It's asking for the functionality of aws_sso_lib.get_boto3_session() to be native in boto3.

@benkehoe benkehoe force-pushed the next branch 2 times, most recently from 83aff0f to 426b8a6 Compare March 6, 2023 18:12
@benkehoe benkehoe force-pushed the next branch 2 times, most recently from be306f9 to 9290b84 Compare July 19, 2023 20:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@nazarewk @jaen @benkehoe @dtrodrigues