tower-cli icon indicating copy to clipboard operation
tower-cli copied to clipboard

Published 20 hours ago verified publisher icon seqeralabs

Automatically use cloud native credentials where appropriate

Open drpatelh opened this issue 2 years ago • 0 comments

The current behaviour requires that cloud creadentials i.e. --access-key and --secret-key need to be provided manually at the moment as highlighted in the help below:

$ tw credentials create aws --help

Usage: tw credentials create aws [OPTIONS]

Create new AWS workspace credentials

Options:
* -n, --name=<name>                       Credentials name
  -a, --access-key=<accessKey>            The AWS access key required to access the desired service
  -s, --secret-key=<secretKey>            The AWS secret key required to access the desired service
  -r, --assume-role-arn=<assumeRoleArn>   The IAM role to access the AWS resources. It should be a fully qualified AWS role ARN.
  -h, --help                              Show this help message and exit.
  -V, --version                           Print version information and exit.

Would it be possible to check if these credentials already exist in the standard location ~/.aws/credentials and use a named profile defined in that file instead of manually specifying them?

So what I am thinking is that you can skip the tw credentials create aws step if you have a ~/.aws/credentials and use that instead for tw credentials list.

Some pseudo-docs for this would read as:

If you have already defined credentials in `~/.aws/credentials` then these will be loaded automatically.
You can check if these have been found as expected by running `tw credentials list`.
Alternatively, you can manually create the credentials using `tw credentials create aws` as outlined below:

This is what ~/.aws/credentials looks like and so credentials with --name=boss and --name=jesus will be available to downstream tw commands.

$ cat ~/.aws/credentials

[boss]
aws_access_key_id = XXXXXXXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

[jesus]
aws_access_key_id = XXXXXXXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

As a result of this, and in general it may also make sense to change tw credentials create aws -> tw credentials add aws as suggested by @pditommaso because we won't always need to create credentials. Will create a separate issue for this.

drpatelh avatar Nov 12 '21 09:11 drpatelh