aws-toolkit-vscode icon indicating copy to clipboard operation
aws-toolkit-vscode copied to clipboard

Published 20 hours ago verified publisher icon aws

Connected Execution: Set AWS_PROFILE for use by VSCode terminal, source control, etc.

Open jvargh opened this issue 4 years ago • 7 comments

When using VSCODE Source control to push code changes, it always goes to system associated with Default user profile, even thought AWS Toolkit has been changed to use a custom profile i.e C1

Steps to reproduce the behavior:

  1. change from command pallete > AWS: Connect to AWS to use C1 profile, which has working keys in credentials file
  2. from VSCODE Source control commit changes and push and it always goes to system associated with default profile not the currently set C1 profile
  • OS: Win10
  • Visual Studio Code Version: v1.50
  • AWS Toolkit Version: 1.15.0 2020-10-06

jvargh avatar Oct 14 '20 03:10 jvargh

2. from VSCODE Source control commit

Can you expand on what this means exactly?

  • Are you commiting via right-click in the VCS tree?
  • Are you running a command (what is the exact name of the command)?
    • I do not see a Commit changes command in VSCode. I have a Git: Commit command, but that does not involve AWS credentials.

Are you connected to AWS CodeCommit? What component or extension are you using for that? Can you link to a doc or other resource.

justinmk3 avatar Oct 14 '20 20:10 justinmk3

  1. from VSCODE Source control commit

Can you expand on what this means exactly?

you get to it by clicking the 'Source Control' icon in the palette

  • Are you commiting via right-click in the VCS tree?

No. from '...', drop down and 'Push' is selected. Prior to this changes are committed by adding Message and clicking the check arrow icon. On selecting Push it pushes to the profile 'default' even though using ' AWS: Connect to AWS' was used to select custom C1 profile

  • Are you running a command (what is the exact name of the command)?

No commands. Just using UI causes the failure as per above. However on CLI setting 'set AWS_PROFILE=c1' and 'git push' is the only way it pushes changes to the right repo

  • I do not see a Commit changes command in VSCode. I have a Git: Commit command, but that does not involve AWS credentials.

Clicking the check arrow icon after entering commit message in text box is the Commit method used.

Are you connected to AWS CodeCommit? What component or extension are you using for that? Can you link to a doc or other resource.

Yes, using CodeCommit and after a git clone using SSH. As mentioned on CLI using git push works but not from the 'Source Control' toolbar picking Push. Hope this helps

jvargh avatar Oct 14 '20 22:10 jvargh

on CLI setting 'set AWS_PROFILE=c1' and 'git push' is the only way it pushes changes to the right repo ... using CodeCommit and after a git clone using SSH

Now I understand. Does your gitconfig have a credential.helper like this (doc):

[credential]
    helper = !aws codecommit credential-helper $@
    UserHttpPath = true

Workarounds

  • this article shows how to use git's includeIf directive. But that requires setting up filepath patterns for each project.
  • alternatively, create a project-local .git/config file with a credential helper that sets --profile: 
    [credential]
  # Note the --profile switch
  helper = !aws --profile C1 codecommit credential-helper $@
  UseHttpPath = true

Summary

  • To achieve the request to change the behavior of vscode's builtin "Git" support, the Toolkit would need to globally update the vscode environment (AWS_PROFILE, etc.).
    • Risks:
      • could confuse other extensions/components
      • could be unwanted by some users who launch VSCode from the CLI via code command (which inherits the environment from the invoking shell).
        • mitigation: if AWS_* env vars are present at startup, show a prompt / make the behavior configurable.
  • Also useful for VSCode Terminal, so CLI commands like aws and sam running in Terminal would use the current AWS Toolkit credentials. https://github.com/aws/aws-toolkit-vscode/issues/693
    • supported by ExtensionContext.environmentVariableCollection
  • Related stackoverflow post with similar "Connected Terminal/Exception" use-case: https://stackoverflow.com/questions/71703683/

justinmk3 avatar Oct 14 '20 23:10 justinmk3

.gitconfig didn't have that entry but ideally it should work when 'select an AWS credential profile' on profile selection that profile should be applied. Did also invoke from CLI via 'code .' where the custom profile was set, but it wasn't inherited into the UI.

jvargh avatar Oct 15 '20 00:10 jvargh

Related feature in AWS Toolkit for JetBrains:

  • https://github.com/aws/aws-toolkit-jetbrains/pull/2644
  • https://github.com/aws/aws-toolkit-jetbrains/issues/3650

Related VSCode feature: "Terminal profies"

  • https://code.visualstudio.com/updates/v1_56#_profile-improvements
  • https://code.visualstudio.com/updates/v1_55#_terminal-profiles

justinmk3 avatar Mar 31 '21 20:03 justinmk3

  • To achieve this feature-request, the Toolkit would need to globally update VSCode's environment, setting env vars such as AWS_PROFILE.

This should not be the case. For one off commands, like the use cases called out in #1609 the tool kit can spawn a subshell with the explicit environment to be used, (e.g. ENV=<temporary file with env definitions> /bin/sh -c 'command to execute' or with BASH_ENV is using the Bourne Again Shell/BASH ¹).

There is also a second mechanism where a value can be overridden for the duration of a single command by prefixing the command with the environment variable ². Speaking from personal experience, this is how I regularly use all of the AWS command line tools. For example:

$ AWS_PROFILE=integration aws ec2 modify-volume --size 150 --volume-id vol-1234567890abcdef0

or

$ AWS_PROFILE=staging AWS_DEFAULT_REGION=us-west-2 aws s3 mb s3://c8b853c5
make_bucket: c8b853c5

These mechanisms work for all of the documented AWS CLI environment variables. These mechanisms have been found to be portable across POSIX shell implementations.

In the event that there is reticence to go this route there is also the env utility formally specified in IEEE standard 1003.1-2017 (a revision of IEEE standard 1003.1-2008): https://pubs.opengroup.org/onlinepubs/9699919799/utilities/env.html

¹: As per man 1 bash (section INVOCATION): ²: ENVIRONMENT

brianredbeard avatar May 15 '21 21:05 brianredbeard

For one off commands, like the use cases called out in #1609 the tool kit can spawn a subshell

Yes, that works for terminal-like cases. So this issue was renamed to "Connected Execution" in sympathy with https://github.com/aws/aws-toolkit-jetbrains/pull/2644

justinmk3 avatar May 17 '21 18:05 justinmk3