Allow token to be passed as env var along with password #262
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cunhafinrix
approved these changes
Feb 1, 2023
I wanted better integration with [AWS cli support for external processes](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html) so I have made this change to allow 2FA tokens to be passed as an env var too. I tried to follow the patterns for password, but it might need some polish. This allows me to do: ``` export AZURE_VERIFICATION_CODE=$(oathtool --totp --base32 $SECRET) ``` as part of a script that immediately then runs this tool. I can _then_ configure AWS cli to use this overall script automatically on expiry: ``` credential_process=/path/to/script ``` To make this integrate nicely, I also had to make some extra changes: - Use `console.error` not `console.log` for all information-only output. - Add a single `console.log` to echo out the credentials as JSON at the end. - Add a `--print` flag to enable the stdout behaviour to prevent the default behaviour where it writes the file. This avoids two methods trying to write the same file. This arguably makes the change do more than one thing so maybe it could be split. I thought it was worth getting feedback before I do any more though.
avengerpenguin
force-pushed
the
aws-cli-integration
branch
from
011e9ea
to
d8b64ed
Compare
cunhafinrix
approved these changes
Feb 3, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I wanted better integration with AWS cli support for external processes so I have made this change to allow 2FA tokens to be passed as an env var too. I tried to follow the patterns for password, but it might need some polish.
This allows me to do:
as part of a script that immediately then runs this tool.
I can then configure AWS cli to use this overall script automatically on expiry:
To make this integrate nicely, I also had to make some extra changes:
Use
console.errornotconsole.logfor all information-only output.Add a single
console.logto echo out the credentials as JSON at the end.The 2nd point should probably be a flag to switch between the original version (where it writes the credentials file for you) vs. this mode where it merely writes the credentials so as to compose with AWS cli's external process support.
This arguably makes the change do more than one thing so maybe it could be split up or at least have that flag added. I thought it was worth getting feedback before I do any more though.