kevinheyer/bootstrap-vz
1
0
Fork 0
mirror of https://github.com/kevingruesser/bootstrap-vz.git synced 2025-08-24 07:26:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #423 from CMeza99/use-profiles-sts

Browse source 
add ability to use profile for ec2 provider
This commit is contained in:
Anders Ingemann 2018-01-24 17:24:35 +01:00 committed by GitHub
commit 71ba58327c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 38 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
bootstrapvz/providers/ec2/README.rst
View file

@ -20,8 +20,10 @@ Manifest settings
Credentials Credentials
~~~~~~~~~~~ ~~~~~~~~~~~
The AWS credentials can be configured in two ways: Via the manifest or The AWS credentials can be configured via the manifest or through
through environment variables. To bootstrap S3 backed instances you will environment variables. If using EBS backing, credentials can not be included to
allow `boto3 <http://boto3.readthedocs.io/en/latest/guide/configuration.html>`__
to discover it's credentials. To bootstrap S3 backed instances you will
need a user certificate and a private key in addition to the access key need a user certificate and a private key in addition to the access key
and secret key, which are needed for bootstraping EBS backed instances. and secret key, which are needed for bootstraping EBS backed instances.
@ -31,11 +33,11 @@ under the ``provider`` section.
- ``access-key``: AWS access-key. - ``access-key``: AWS access-key.
May also be supplied via the environment variable May also be supplied via the environment variable
``$AWS_ACCESS_KEY`` ``$AWS_ACCESS_KEY``
``required for EBS & S3 backing`` ``required for S3 backing``
- ``secret-key``: AWS secret-key. - ``secret-key``: AWS secret-key.
May also be supplied via the environment variable May also be supplied via the environment variable
``$AWS_SECRET_KEY`` ``$AWS_SECRET_KEY``
``required for EBS & S3 backing`` ``required for S3 backing``
- ``certificate``: Path to the AWS user certificate. Used for - ``certificate``: Path to the AWS user certificate. Used for
uploading the image to an S3 bucket. uploading the image to an S3 bucket.
May also be supplied via the environment variable May also be supplied via the environment variable
@ -62,6 +64,24 @@ Example:
access-key: AFAKEACCESSKEYFORAWS access-key: AFAKEACCESSKEYFORAWS
secret-key: thes3cr3tkeyf0ryourawsaccount/FS4d8Qdva secret-key: thes3cr3tkeyf0ryourawsaccount/FS4d8Qdva
Profile
~~~~~~~
A profile from the `boto3 shared credentials files <http://boto3.readthedocs.io/en/latest/guide/configuration.html#shared-credentials-file>`__
can be declared rather than needing to enter credentials into the
manifest.
- ``profile``: AWS configuration profile.
Example:
.. code-block:: yaml
---
provider:
name: ec2
credentials:
profile: Default
Virtualization Virtualization
~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~

1
bootstrapvz/providers/ec2/manifest-schema.yml
View file

@ -10,6 +10,7 @@ properties:
type: object type: object
properties: properties:
description: {type: string} description: {type: string}
profile: {type: string}
credentials: credentials:
type: object type: object
properties: properties:

23
bootstrapvz/providers/ec2/tasks/connection.py
View file

@ -47,13 +47,20 @@ class GetCredentials(Task):
def provider_key(key): def provider_key(key):
return key.replace('-', '_') return key.replace('-', '_')
import boto.provider provider_args = {
provider = boto.provider.Provider('aws') 'profile_name': manifest.provider.get('profile', None)}
from boto3 import Session
if provider_args.get('profile_name', None):
if provider_args.get('profile_name') not in Session().available_profiles:
raise RuntimeError((
'Profile specified was not found: {}'.format(provider_args.get('profile_name'))))
provider = Session(**provider_args).get_credentials().get_frozen_credentials()
if all(getattr(provider, provider_key(key)) is not None for key in keys): if all(getattr(provider, provider_key(key)) is not None for key in keys):
for key in keys: for key in keys:
creds[key] = getattr(provider, provider_key(key)) creds[key] = getattr(provider, provider_key(key))
if hasattr(provider, 'security_token'): if hasattr(provider, 'token'):
creds['security-token'] = provider.security_token creds['security-token'] = provider.token
return creds return creds
raise RuntimeError(('No ec2 credentials found, they must all be specified ' raise RuntimeError(('No ec2 credentials found, they must all be specified '
'exclusively via environment variables or through the manifest.')) 'exclusively via environment variables or through the manifest.'))
@ -72,10 +79,6 @@ class Connect(Task):
'aws_secret_access_key': info.credentials['secret-key'] 'aws_secret_access_key': info.credentials['secret-key']
} }
if 'security-token' in info.credentials: connect_args['aws_session_token'] = info.credentials.get('security-token', None)
connect_args['security_token'] = info.credentials['security-token']
info._ec2['connection'] = boto3.Session(info._ec2['region'], info._ec2['connection'] = boto3.client('ec2', region_name=info._ec2['region'], **connect_args)
info.credentials['access-key'],
info.credentials['secret-key'])
info._ec2['connection'] = boto3.client('ec2', region_name=info._ec2['region'])