Toolkit: support profiles #517
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This adds support for AWS profiles to the CDK toolkit. At the same time, it overhauls how the AWS SDK is configured. The configuration via environment variables set at just the right time is removed, and we reimplement some parts of the SDK in an AWS CLI-compatible way to get a consistent view on the account ID and region based on the provided configuration. Fixes a bug in the AWS STS call where it would do two default credential lookups (down to one now). Fixes #480.
eladb
approved these changes
Aug 7, 2018
packages/aws-cdk/bin/cdk.ts
Outdated
| @@ -49,6 +46,7 @@ async function parseCommandLineArguments() { | |||
| .option('ignore-errors', { type: 'boolean', default: false, desc: 'Ignores synthesis errors, which will likely produce an invalid output' }) | |||
| .option('json', { type: 'boolean', alias: 'j', desc: 'Use JSON output instead of YAML' }) | |||
| .option('verbose', { type: 'boolean', alias: 'v', desc: 'Show debug logs' }) | |||
| .option('profile', { type: 'string', desc: 'Use the indicated AWS profile' }) | |||
There was a problem hiding this comment.
“...to obtain information for the default environment”
packages/aws-cdk/bin/cdk.ts
Outdated
| const aws = new SDK(); | ||
| const aws = new SDK(argv.profile); | ||
| // tslint:disable-next-line:no-console | ||
| console.log("Account: ", await aws.defaultAccount(), " region: ", aws.defaultRegion()); |
packages/aws-cdk/lib/api/util/sdk.ts
Outdated
| // Find the package.json from the main toolkit | ||
| const pkg = (require.main as any).require('../package.json'); | ||
| this.userAgent = `${pkg.name}/${pkg.version}`; | ||
|
|
||
| // tslint:disable-next-line:no-console | ||
| console.log(new Error().stack); |
packages/aws-cdk/lib/api/util/sdk.ts
Outdated
| console.log(new Error().stack); | ||
|
|
||
| // tslint:disable-next-line:no-console | ||
| console.log('Profile', profile); |
packages/aws-cdk/lib/api/util/sdk.ts
Outdated
| const configFile = new SharedIniFile(toCheck.shift()); | ||
| const section = configFile.getProfile(profile); | ||
| region = section && section.region; | ||
| } |
packages/aws-cdk/lib/api/util/sdk.ts
Outdated
| * variables to be used to determine the region. | ||
| */ | ||
| function getCLICompatibleDefaultRegion(profile: string | undefined): string | undefined { | ||
| let region = process.env.AWS_REGION || process.env.AMAZON_REGION || |
There was a problem hiding this comment.
I’d move this just before the loop so it’s clear that these take precedence
| * A reimplementation of JS AWS SDK's SharedIniFile class | ||
| * | ||
| * We need that class to parse the ~/.aws/config file to determine the correct | ||
| * region at runtime, but unfortunately it is private upstream. |
There was a problem hiding this comment.
Mention that we are using an undocumented api in the js sdk to actually parse the ini file
There was a problem hiding this comment.
I definitely wanted to open an issue, but I'd like to land this first so that I can point them to the code and say "see, this is what we've had to do to work around the API deficiencies".
Pointing to code is easier than describing :)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds support for AWS profiles to the CDK toolkit.
At the same time, it overhauls how the AWS SDK is configured. The
configuration via environment variables set at just the right time
is removed, and we reimplement some parts of the SDK in an
AWS CLI-compatible way to get a consistent view on the account ID
and region based on the provided configuration.
Fixes a bug in the AWS STS call where it would do two default
credential lookups (down to one now).
Fixes #480.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license.