lob / aws-creds Goto Github PK

This repo needs some docs, especially since it's public.

The only way to install aws-creds right now is to manually build a binary.

It'd be much nicer to have releases with pre-built binaries using a script that looks something like this:

#!/bin/bash

# Need to use an older version of go for this release
export PATH=/usr/local/opt/[email protected]/bin:$PATH

# Only supporting amd64 for now
export GOARCH=amd64

# Hard-coding version, could derive from tag
export VERSION=v1.0.6

# Build for all major platforms
for os in $(echo darwin windows linux); do
    # Set the OS for this build
    export GOOS=$os

    # Set the binary name
    export AWS_CREDS_BIN=aws-creds_${VERSION}_${GOOS}_${GOARCH}

    # Debugging output
    echo "Building ${AWS_CREDS_BIN}"

    # Build the binary
    go build \
        -o bin/${AWS_CREDS_BIN} \
        -ldflags "-s -w -X github.com/lob/aws-creds/cmd.version=${VERSION}";
done

# Build shasum file
echo "Building checksums file"
pushd bin
    shasum -a 256 aws-creds_${VERSION}_* > aws-creds_$VERSION.sha256sum
popd

echo "Done"

A few problems with this are that MacOS doesn't like this at all and in fact it bars users from running binaries downloaded form GitHub built this way.

• Figure out how to successfully build valid MacOS/Linux/Windows binaries.
• Document how to build the release artifacts.
• Add the release artifact builder to the repo.
• Automate build + release steps.

Headless users of aws-creds on Linux can not use zalando/go-keyring due to a known issue of gnome-keychain being incompatible in an env with no X11 server / gui.

$ aws-creds -p sandbox
The name org.freedesktop.secrets was not provided by any .service files

Installing gnome-keyring yields

$ sudo apt install gnome-keyring 
$ aws-creds -p sandbox
failed to unlock correct collection '/org/freedesktop/secrets/aliases/default'

There might be a potential workaround using gnome-keyring-daemon like:

$ gnome-keyring-daemon -r -d --unlock

but I found it to be quite brittle on WSL2, asking once and failing to prompt on subsequent re-runs of aws-creds

It would be really helpful if we can disable the keyring functionality in pkg/cmd/refresh.go by setting a flag in $HOME/.aws-creds/config or with a -p/-a argument from the cli like: aws-creds -a --no-keyring for one-off's.

nit: if the user specifies a duration that's too long it'll print an error, but there's no context about which env is the problem. Maybe check to see if the dur is over 12hrs or just put something like fmt.Fprintln(os.Stderr, "Failed to get creds for " + profile.Name) on line 54 (the error channel will print context at the end...not great but better than nothing ¯\_(ツ)_/¯)

Originally posted by @kpflum-lob in #30 (comment)

I built and installed on ubuntu
I have this error when I run aws-creds
dbus: couldn't determine address of session bus

Hi, cool tool! Been looking for something like this, might like to use it or at least take inspiration from it.

Please add a license so I may do so!