Browse code
add helper function to read the deprecated credentials format
Taras Postument authored on 2018/05/08 18:51:15Showing 1 changed files
| ... | ... |
@@ -25,10 +25,10 @@ except ImportError: |
| 25 | 25 |
import locale |
| 26 | 26 |
|
| 27 | 27 |
try: |
| 28 |
- from configparser import NoOptionError, NoSectionError, ConfigParser as PyConfigParser |
|
| 28 |
+ from configparser import NoOptionError, NoSectionError, MissingSectionHeaderError, ConfigParser as PyConfigParser |
|
| 29 | 29 |
except ImportError: |
| 30 | 30 |
# Python2 fallback code |
| 31 |
- from ConfigParser import NoOptionError, NoSectionError, ConfigParser as PyConfigParser |
|
| 31 |
+ from ConfigParser import NoOptionError, NoSectionError, MissingSectionHeaderError, ConfigParser as PyConfigParser |
|
| 32 | 32 |
|
| 33 | 33 |
try: |
| 34 | 34 |
unicode |
| ... | ... |
@@ -290,37 +290,61 @@ class Config(object): |
| 290 | 290 |
config = PyConfigParser() |
| 291 | 291 |
|
| 292 | 292 |
debug("Reading AWS credentials from %s" % (aws_credential_file))
|
| 293 |
- config.read(aws_credential_file) |
|
| 293 |
+ try: |
|
| 294 |
+ config.read(aws_credential_file) |
|
| 295 |
+ except MissingSectionHeaderError: |
|
| 296 |
+ # if header is missing, this could be deprecated credentials file format |
|
| 297 |
+ # as described here: https://blog.csanchez.org/2011/05/ |
|
| 298 |
+ # then do the hacky-hack and add default header |
|
| 299 |
+ # to be able to readt he file with PyConfigParser() |
|
| 300 |
+ config_string = None |
|
| 301 |
+ with open(aws_credential_file, 'r') as f: |
|
| 302 |
+ config_string = '[default]\n' + f.read() |
|
| 303 |
+ config.read_string(config_string.decode('utf-8'))
|
|
| 304 |
+ |
|
| 294 | 305 |
|
| 295 | 306 |
profile = config_unicodise(os.environ.get('AWS_PROFILE', "default"))
|
| 296 |
- |
|
| 297 | 307 |
debug("Using AWS profile '%s'" % (profile))
|
| 298 | 308 |
|
| 299 |
- # trying to read aws_access_key_id from credentials file |
|
| 300 |
- try: |
|
| 301 |
- profile_access_key = config.get(profile, 'aws_access_key_id') |
|
| 302 |
- debug('Setting "aws_access_key_id" from file %s as "access_key"' % (aws_credential_file))
|
|
| 309 |
+ # get_key - helper function to read the aws profile credentials |
|
| 310 |
+ # including the legacy ones as described here: https://blog.csanchez.org/2011/05/ |
|
| 311 |
+ def get_key(profile, key, legacy_key, print_warning=True): |
|
| 312 |
+ result = None |
|
| 313 |
+ |
|
| 314 |
+ try: |
|
| 315 |
+ result = config.get(profile, key) |
|
| 316 |
+ except NoOptionError as e: |
|
| 317 |
+ if print_warning: |
|
| 318 |
+ warning("Couldn't find key '%s' for the AWS Profile '%s' in the credentials file '%s'" % (e.option, e.section, aws_credential_file))
|
|
| 319 |
+ if legacy_key: |
|
| 320 |
+ try: |
|
| 321 |
+ key = legacy_key |
|
| 322 |
+ profile = "default" |
|
| 323 |
+ result = config.get(profile, key) |
|
| 324 |
+ warning( |
|
| 325 |
+ "Legacy configuratin key '%s' used, " % (key) + |
|
| 326 |
+ "please use the standartized config format as described here: " + |
|
| 327 |
+ "https://aws.amazon.com/blogs/security/a-new-and-standardized-way-to-manage-credentials-in-the-aws-sdks/" |
|
| 328 |
+ ) |
|
| 329 |
+ except NoOptionError as e: |
|
| 330 |
+ pass |
|
| 331 |
+ |
|
| 332 |
+ if result: |
|
| 333 |
+ debug("Found the configuration option '%s' for the AWS Profile '%s' in the credentials file %s" % (key, profile, aws_credential_file))
|
|
| 334 |
+ return result |
|
| 335 |
+ |
|
| 336 |
+ profile_access_key = get_key(profile, "aws_access_key_id", "AWSAccessKeyId") |
|
| 337 |
+ if profile_access_key: |
|
| 303 | 338 |
Config().update_option('access_key', config_unicodise(profile_access_key))
|
| 304 |
- except NoOptionError as e: |
|
| 305 |
- warning("Couldn't find key '%s' for the AWS Profile '%s' in the credentials file '%s'" % (e.option, e.section, aws_credential_file))
|
|
| 306 |
- pass # treat each key as optional |
|
| 307 | 339 |
|
| 308 |
- # trying to read aws_secret_access_key from credentials file |
|
| 309 |
- try: |
|
| 310 |
- profile_secret_key = config.get(profile, 'aws_secret_access_key') |
|
| 311 |
- debug('Setting "aws_secret_access_key" from file %s as "secret_key"' % (aws_credential_file))
|
|
| 340 |
+ profile_secret_key = get_key(profile, "aws_secret_access_key", "AWSSecretKey") |
|
| 341 |
+ if profile_secret_key: |
|
| 312 | 342 |
Config().update_option('secret_key', config_unicodise(profile_secret_key))
|
| 313 |
- except NoOptionError as e: |
|
| 314 |
- warning("Couldn't find key '%s' for the AWS Profile '%s' in the credentials file '%s'" % (e.option, e.section, aws_credential_file))
|
|
| 315 |
- pass # treat each key as optional |
|
| 316 | 343 |
|
| 317 |
- # trying to read aws_session_token from credentials file |
|
| 318 |
- try: |
|
| 319 |
- profile_access_token = config.get(profile, 'aws_session_token') |
|
| 320 |
- debug('Setting "aws_session_token" from file {} as "access_token"'.format(aws_credential_file))
|
|
| 344 |
+ profile_access_token = get_key(profile, "aws_session_token", None, False) |
|
| 345 |
+ if profile_access_token: |
|
| 321 | 346 |
Config().update_option('access_token', config_unicodise(profile_access_token))
|
| 322 |
- except NoOptionError: |
|
| 323 |
- pass # do nothing, because "access_token" is optional |
|
| 347 |
+ |
|
| 324 | 348 |
except IOError as e: |
| 325 | 349 |
warning("%d accessing credentials file %s" % (e.errno, aws_credential_file))
|
| 326 | 350 |
except NoSectionError as e: |