From 5f890f05826c77b0b0e85a5c915b98396dc1ec54 Mon Sep 17 00:00:00 2001 From: Sven Marnach Date: Fri, 10 Sep 2021 18:33:29 +0200 Subject: [PATCH 1/2] Unset environment variables more consistently. --- mozilla_aws_cli/login.py | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/mozilla_aws_cli/login.py b/mozilla_aws_cli/login.py index 74b5553..1e97508 100644 --- a/mozilla_aws_cli/login.py +++ b/mozilla_aws_cli/login.py @@ -38,6 +38,16 @@ "SecretAccessKey": "AWS_SECRET_ACCESS_KEY", "SessionToken": "AWS_SESSION_TOKEN", } +# List of environment variables that will be cleared if they are not set. +ENV_VARIABLE_NAMES = [ + "AWS_ACCESS_KEY_ID", + "AWS_PROFILE", + "AWS_SECRET_ACCESS_KEY", + "AWS_SECURITY_TOKEN", + "AWS_SESSION_EXPIRATION", + "AWS_SESSION_TOKEN", + "AWS_SHARED_CREDENTIALS_FILE", +] class Login: @@ -414,13 +424,9 @@ def print_output(self): if self.output == "envvar": output_map.update( - {ENV_VARIABLE_NAME_MAP[x]: self.credentials[x] - for x in self.credentials - if x in ENV_VARIABLE_NAME_MAP}) - output_map.update({ - "AWS_PROFILE": None, - "AWS_SHARED_CREDENTIALS_FILE": None, - "MAWS_PROMPT": self.display_name}) + {var: self.credentials.get(key) + for key, var in ENV_VARIABLE_NAME_MAP.item()}) + output_map["MAWS_PROMPT"] = self.display_name elif self.output == "shared": # Write the credentials path = write_aws_shared_credentials( @@ -431,18 +437,13 @@ def print_output(self): "AWS_PROFILE": self.profile_name, "AWS_SHARED_CREDENTIALS_FILE": path, "MAWS_PROMPT": self.display_name}) - output_map.update({ - x: None for x in ENV_VARIABLE_NAME_MAP.values()}) elif self.output == "awscli": # Call into aws a bunch of times if write_aws_cli_credentials(self.profile_name, self.credentials): output_map.update({ "AWS_PROFILE": self.profile_name, - "AWS_SHARED_CREDENTIALS_FILE": None, "MAWS_PROMPT": self.display_name}) - output_map.update({ - x: None for x in ENV_VARIABLE_NAME_MAP.values()}) else: logger.error("Unable to write credentials with aws-cli.") elif self.output == "boto": @@ -476,6 +477,8 @@ def print_output(self): self.role_arn) if self.print_role_arn else None if output_map and self.print_output_map: + for name in ENV_VARIABLE_NAMES: + output_map.setdefault(name, None) print(output_set_env_vars(output_map, message)) if self.web_console or self.print_url: From 0a3f3b0f769fc90bf895d64bd877685bf165f4fa Mon Sep 17 00:00:00 2001 From: Sven Marnach Date: Mon, 13 Sep 2021 11:46:18 +0200 Subject: [PATCH 2/2] Further clean up code to generate environment variables. --- mozilla_aws_cli/login.py | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/mozilla_aws_cli/login.py b/mozilla_aws_cli/login.py index 1e97508..27101b6 100644 --- a/mozilla_aws_cli/login.py +++ b/mozilla_aws_cli/login.py @@ -425,8 +425,7 @@ def print_output(self): if self.output == "envvar": output_map.update( {var: self.credentials.get(key) - for key, var in ENV_VARIABLE_NAME_MAP.item()}) - output_map["MAWS_PROMPT"] = self.display_name + for key, var in ENV_VARIABLE_NAME_MAP.items()}) elif self.output == "shared": # Write the credentials path = write_aws_shared_credentials( @@ -435,15 +434,12 @@ def print_output(self): if path: output_map.update({ "AWS_PROFILE": self.profile_name, - "AWS_SHARED_CREDENTIALS_FILE": path, - "MAWS_PROMPT": self.display_name}) + "AWS_SHARED_CREDENTIALS_FILE": path}) elif self.output == "awscli": # Call into aws a bunch of times if write_aws_cli_credentials(self.profile_name, self.credentials): - output_map.update({ - "AWS_PROFILE": self.profile_name, - "MAWS_PROMPT": self.display_name}) + output_map["AWS_PROFILE"] = self.profile_name else: logger.error("Unable to write credentials with aws-cli.") elif self.output == "boto": @@ -470,15 +466,13 @@ def print_output(self): raise ValueError( "Output setting unknown : {}".format(self.output)) - if 'ExpirationSeconds' in self.credentials: - output_map['AWS_SESSION_EXPIRATION'] = self.credentials['ExpirationSeconds'] - - message = "Environment variables set for role {}".format( - self.role_arn) if self.print_role_arn else None - - if output_map and self.print_output_map: + if self.print_output_map: + output_map['AWS_SESSION_EXPIRATION'] = self.credentials.get('ExpirationSeconds') + output_map["MAWS_PROMPT"] = self.display_name for name in ENV_VARIABLE_NAMES: output_map.setdefault(name, None) + message = "Environment variables set for role {}".format( + self.role_arn) if self.print_role_arn else None print(output_set_env_vars(output_map, message)) if self.web_console or self.print_url: