aws
Sending DurationSeconds in assumeRole request in SharedIniFileCredentials
tldr; as in title, respect duration_seconds of a chained profile if any (by passing it to the assume role request in SharedIniFileCredentials)
Checklist
- [x]
npm run testpasses - [x] changelog is added,
npm run add-change - [x] run bundle exec rake docs:api and inspect doc/latest/index.html if documentation is changed
--
The unit test should hopefully reflect the use case; but for more context, we're running into the situation where a chained profile's duration_seconds doesn't get picked up by aws-sdk-js and therefore ends up having the 1h limit by default
[base-profile]
aws_access_key_id = access
aws_secret_access_key = secret
[default]
source_profile = base-profile
duration_seconds = 7200
// And this below credentials would last for just 1h instead of 2h as expected
new AWS.SharedIniFileCredentials({
profile: 'default'
disableAssumeRole: false,
});
// The workaround that we do now is to manually craft that Credentials
// (ie. create `baseProfile` credentials, assumeRole `default` with the
// correct `durationSeconds`, etc. literally what we have inside
// `SharedIniFileCredentials#loadRoleProfile()`), which is a bit cumbersome
Who could review this guys, @lsegal @jeskew @AllanFly120 @jstewmon maybe? (I see your names on the git blame π apologize if I made a wrong tag). Thanks a lot
I'm just a contributor, but these changes LGTM FWIW.
nit: I would consider this a feature, not a bugfix for the changelog entry.
Hi @soyelmnd, thank you for the contribution. Is the duration_seconds specified in any AWS documents or is there other language AWS SDK supports it?
https://docs.aws.amazon.com/en_pv/cli/latest/userguide/cli-configure-files.html#cli-configure-files-global
Is the duration_seconds specified in any AWS documents
Yup, as @jstewmon linked above (thanks Jonathan) βοΈ the cli config, which I believe should be considered the source of truth for SharedIniFileCredentials, shouldn't it?
... or is there other language AWS SDK supports it?
That's a good question, not what I know of and might need to check. Though aws-cli has supported it nicely (from a quick glance, seems like since 1.16.73 thanks to this https://github.com/boto/botocore/pull/1600, so my gut feeling is boto3 would support it too, but haven't tested)
I would consider this a feature, not a bugfix for the changelog entry.
Sounds good @jstewmon π thanks
Could I kindly confirm if there's any other thing you want me to clarify on this please @AllanFly120, hope the above is clear enough?
Hey guys, last ping of the year please, any feedbacks/updates on this tiny? π
Codecov Report
Merging #2909 into master will increase coverage by
0.00%. The diff coverage is100.00%.
@@ Coverage Diff @@
## master #2909 +/- ##
=======================================
Coverage 96.96% 96.96%
=======================================
Files 300 300
Lines 8992 8993 +1
Branches 1677 1678 +1
=======================================
+ Hits 8719 8720 +1
Misses 273 273
| Impacted Files | Coverage Ξ | |
|---|---|---|
| lib/credentials/shared_ini_file_credentials.js | 97.64% <100.00%> (+0.02%) |
:arrow_up: |
Continue to review full report at Codecov.
Legend - Click here to learn more
Ξ = absolute <relative> (impact),ΓΈ = not affected,? = missing dataPowered by Codecov. Last update fd804e1...64d57c8. Read the comment docs.
Just done @ajredniwja, thanks for encouraging :+1: anything else needs to be done and who could review this long pending tiny one please?
AWS CodeBuild CI Report
- CodeBuild project: sdk-v2-github
- Commit ID: 64d57c84dbd8629bd3eb5a49a1914058937a2c61
- Result: FAILED
- Build Logs (available for 30 days)
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository
Kindly ping on this 1+ yo small PR friends π any suggestions who can review it pls?
Hey guys π it's going to be the 2 year anniversary for this small PR soon, any chance I can get at least some feedback on what you think we should do with this? Cheers
+1
Botocore already supports this https://github.com/boto/boto3/blob/master/CHANGELOG.rst#1962 , and Ruby SDK as well https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-core/CHANGELOG.md#3630-2019-08-15
Hey guys, ping on this simple yet very long pending one π @AllanZhengYP could you please suggest if this can get reviewed and/or who can review it? @aws/aws-sdk-js-team @trivikr maybe?
Greetings! Weβre closing this issue because it has been open a long time and hasnβt been updated in a while and may not be getting the attention it deserves. We encourage you to check if this is still an issue in the latest release and if you find that this is still a problem, please feel free to comment or open a new issue.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hey friends, it's 2023 now, with the change still looks relevant tho it hasn't received any feedback so far.
@ajredniwja @AllanZhengYP, unless I'm mistaken, all questions have been addressed, just wondering if you guys have any suggestion on how to move this trivial change forward?