Support for parsing both config and credentials files #2939
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 2 commits
June 7, 2024 04:07
…iles; continue to support custom config file override
…, and update private methods to use it
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue #, if available: #2794
Description of changes:
AWS CLI as well as
boto3implementation handle config & credentials files by reading the contents of both and consolidating them into a single associative array, prior to doing any processing.aws-sdk-php, on the other hand, only reads in one file when processing. This causes an issue when using assumed roles while organizing credentials the way recommended in the AWS CLI docs (the "IAM Role" tab here).The current
aws-sdk-phpimplementation looks like it has set up a workaround to the situation by allowing a specific filename to be passed into several of the functions, so that the developer can choose between the config or credentials file. However this would not work in the aforementioned situation where data is split between both files.Note that
aws-sdk-phpdoes actually have a segment of code which combines the files into a single associative array; however there are a few issues:WebIdentity Credentials; it cannot be used by regular configuration fileboto3)AWS_CONFIG_FILEenvironment variable which can be used to override the~/.aws/configfile path. (Note this issue seems to be present in many other locations as well)This PR has two commits:
CredentialProvider::loadProfiles()with a call to the multi-ini-file handlerCredentialProvider::loadDefaultProfiles(). It also updates the latter to fix the two additional issues mentioned above. There was an additional modification added to handle the legacy filename workaround.TokenProvider/SsoTokenProvider. Additionally it updates theCredentialProvider::ini(),CredentialProvider::process()andCredentialProvider::sso()functions to support a null value for the filename override.By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.