...
|
...
|
@@ -25,10 +25,10 @@ except ImportError:
|
25
|
25
|
import locale
|
26
|
26
|
|
27
|
27
|
try:
|
28
|
|
- from configparser import NoOptionError, NoSectionError, ConfigParser as PyConfigParser
|
|
28
|
+ from configparser import NoOptionError, NoSectionError, MissingSectionHeaderError, ConfigParser as PyConfigParser
|
29
|
29
|
except ImportError:
|
30
|
30
|
# Python2 fallback code
|
31
|
|
- from ConfigParser import NoOptionError, NoSectionError, ConfigParser as PyConfigParser
|
|
31
|
+ from ConfigParser import NoOptionError, NoSectionError, MissingSectionHeaderError, ConfigParser as PyConfigParser
|
32
|
32
|
|
33
|
33
|
try:
|
34
|
34
|
unicode
|
...
|
...
|
@@ -290,37 +290,61 @@ class Config(object):
|
290
|
290
|
config = PyConfigParser()
|
291
|
291
|
|
292
|
292
|
debug("Reading AWS credentials from %s" % (aws_credential_file))
|
293
|
|
- config.read(aws_credential_file)
|
|
293
|
+ try:
|
|
294
|
+ config.read(aws_credential_file)
|
|
295
|
+ except MissingSectionHeaderError:
|
|
296
|
+ # if header is missing, this could be deprecated credentials file format
|
|
297
|
+ # as described here: https://blog.csanchez.org/2011/05/
|
|
298
|
+ # then do the hacky-hack and add default header
|
|
299
|
+ # to be able to readt he file with PyConfigParser()
|
|
300
|
+ config_string = None
|
|
301
|
+ with open(aws_credential_file, 'r') as f:
|
|
302
|
+ config_string = '[default]\n' + f.read()
|
|
303
|
+ config.read_string(config_string.decode('utf-8'))
|
|
304
|
+
|
294
|
305
|
|
295
|
306
|
profile = config_unicodise(os.environ.get('AWS_PROFILE', "default"))
|
296
|
|
-
|
297
|
307
|
debug("Using AWS profile '%s'" % (profile))
|
298
|
308
|
|
299
|
|
- # trying to read aws_access_key_id from credentials file
|
300
|
|
- try:
|
301
|
|
- profile_access_key = config.get(profile, 'aws_access_key_id')
|
302
|
|
- debug('Setting "aws_access_key_id" from file %s as "access_key"' % (aws_credential_file))
|
|
309
|
+ # get_key - helper function to read the aws profile credentials
|
|
310
|
+ # including the legacy ones as described here: https://blog.csanchez.org/2011/05/
|
|
311
|
+ def get_key(profile, key, legacy_key, print_warning=True):
|
|
312
|
+ result = None
|
|
313
|
+
|
|
314
|
+ try:
|
|
315
|
+ result = config.get(profile, key)
|
|
316
|
+ except NoOptionError as e:
|
|
317
|
+ if print_warning:
|
|
318
|
+ warning("Couldn't find key '%s' for the AWS Profile '%s' in the credentials file '%s'" % (e.option, e.section, aws_credential_file))
|
|
319
|
+ if legacy_key:
|
|
320
|
+ try:
|
|
321
|
+ key = legacy_key
|
|
322
|
+ profile = "default"
|
|
323
|
+ result = config.get(profile, key)
|
|
324
|
+ warning(
|
|
325
|
+ "Legacy configuratin key '%s' used, " % (key) +
|
|
326
|
+ "please use the standartized config format as described here: " +
|
|
327
|
+ "https://aws.amazon.com/blogs/security/a-new-and-standardized-way-to-manage-credentials-in-the-aws-sdks/"
|
|
328
|
+ )
|
|
329
|
+ except NoOptionError as e:
|
|
330
|
+ pass
|
|
331
|
+
|
|
332
|
+ if result:
|
|
333
|
+ debug("Found the configuration option '%s' for the AWS Profile '%s' in the credentials file %s" % (key, profile, aws_credential_file))
|
|
334
|
+ return result
|
|
335
|
+
|
|
336
|
+ profile_access_key = get_key(profile, "aws_access_key_id", "AWSAccessKeyId")
|
|
337
|
+ if profile_access_key:
|
303
|
338
|
Config().update_option('access_key', config_unicodise(profile_access_key))
|
304
|
|
- except NoOptionError as e:
|
305
|
|
- warning("Couldn't find key '%s' for the AWS Profile '%s' in the credentials file '%s'" % (e.option, e.section, aws_credential_file))
|
306
|
|
- pass # treat each key as optional
|
307
|
339
|
|
308
|
|
- # trying to read aws_secret_access_key from credentials file
|
309
|
|
- try:
|
310
|
|
- profile_secret_key = config.get(profile, 'aws_secret_access_key')
|
311
|
|
- debug('Setting "aws_secret_access_key" from file %s as "secret_key"' % (aws_credential_file))
|
|
340
|
+ profile_secret_key = get_key(profile, "aws_secret_access_key", "AWSSecretKey")
|
|
341
|
+ if profile_secret_key:
|
312
|
342
|
Config().update_option('secret_key', config_unicodise(profile_secret_key))
|
313
|
|
- except NoOptionError as e:
|
314
|
|
- warning("Couldn't find key '%s' for the AWS Profile '%s' in the credentials file '%s'" % (e.option, e.section, aws_credential_file))
|
315
|
|
- pass # treat each key as optional
|
316
|
343
|
|
317
|
|
- # trying to read aws_session_token from credentials file
|
318
|
|
- try:
|
319
|
|
- profile_access_token = config.get(profile, 'aws_session_token')
|
320
|
|
- debug('Setting "aws_session_token" from file {} as "access_token"'.format(aws_credential_file))
|
|
344
|
+ profile_access_token = get_key(profile, "aws_session_token", None, False)
|
|
345
|
+ if profile_access_token:
|
321
|
346
|
Config().update_option('access_token', config_unicodise(profile_access_token))
|
322
|
|
- except NoOptionError:
|
323
|
|
- pass # do nothing, because "access_token" is optional
|
|
347
|
+
|
324
|
348
|
except IOError as e:
|
325
|
349
|
warning("%d accessing credentials file %s" % (e.errno, aws_credential_file))
|
326
|
350
|
except NoSectionError as e:
|