General discussion about Chef

[chef] Re: Re: Re: Re: Re: Re: Re: Re: Using config/credential profiles with chef-provisioning-aws


Chronological Thread 
  • From: Christine Draper < >
  • To:
  • Subject: [chef] Re: Re: Re: Re: Re: Re: Re: Re: Using config/credential profiles with chef-provisioning-aws
  • Date: Fri, 30 Jan 2015 20:57:39 -0600
Mystery partly solved. It seems to be specifically to do with the aws_vpc resource (possibly with all of the aws-specific resources). It works OK for machine. I stuck a breakpoint in aws_driver/driver and discovered the relevant profile code gets called for machine but not for aws_vpc.  I think I've got as far as I could on this... hopefully its OK if I raise a bug.

Christine

On Fri, Jan 30, 2015 at 1:58 PM, Mark Harrison < " target="_blank"> > wrote:
Yes. However, there's another method below that one,
load_credentials_ini, that loads from ~/.aws/credentials, and that
appears to be looking for [profilename] directly. The load_inis method
(called by the load_default method towards the bottom) loads both the
contents of ~/.aws/config and ~/.aws/credentials using the two
load_config_ini and load_credentials_ini files, and then merges the
results.

On Fri, Jan 30, 2015 at 2:47 PM, Christine Draper
< "> > wrote:
> My ruby's so-so, but doesnt:
> https://github.com/chef/chef-provisioning-aws/blob/master/lib/chef/provisioning/aws_driver/credentials.rb#L49
> mean its only looking for "profile profilename" or "default"?
>
> I may try putting credentials back in .config - seems like that should work.
> Maybe I did something wrong last time I tried that.
>
> Christine
>
> On Fri, Jan 30, 2015 at 12:42 PM, Mark Harrison < "> > wrote:
>>
>> Interesting. You're right about it being just profilename in the
>> credentials file vs config (today I learned...), and as far as I can
>> see in the code
>>
>> (https://github.com/chef/chef-provisioning-aws/blob/master/lib/chef/provisioning/aws_driver/credentials.rb#L37)
>> it does treat them correctly.
>>
>> I think the behavior you're seeing about it picking the first set of
>> credentials if there is no default is caused by this:
>>
>> https://github.com/chef/chef-provisioning-aws/blob/master/lib/chef/provisioning/aws_driver/credentials.rb#L22
>> but that's still implying that it isn't picking up your profilename.
>>
>> Hopefully someone smarter than me can work out why that's happening.
>>
>>
>>
>>
>>
>> On Fri, Jan 30, 2015 at 12:41 PM, Christine Draper
>> < "> > wrote:
>> > Hi,
>> >
>> > There are no stupid questions. I am a relative AWS API and
>> > chef-provisioning
>> > newbie, and quite willing to believe its my configuration problem!.
>> >
>> > I have [profile profilename] in .config, but I am using .credentials for
>> > the
>> > keys where I understand the format is just [profilename] (the aws
>> > commands
>> > dont work if I use [profile profilename] in .credentials).   I have
>> > verified
>> > that I can create a vpc using --profile with aws ec2 create_vpc (and it
>> > fails when I don't use --profile, as the default credentials don't have
>> > authority).
>> >
>> > I've also tried moving the credentials into  .config, but that doesn't
>> > help.
>> >
>> > The most alarming behaviour is if I have no default in credentials, and
>> > put
>> > the authorized users credentials first, that's what it uses.
>> >
>> > Regards,
>> > Christine
>> >
>> >
>> >
>> > On Fri, Jan 30, 2015 at 9:59 AM, Mark Harrison < "> >
>> > wrote:
>> >>
>> >> Possibly stupid question: do the profiles other than the default one
>> >> start with 'profile' (e.g. '[profile test1]') in the credentials file
>> >> (the AWS credentials file is weird in that the default profile is just
>> >> [default], but others are [profile profilename])? Also, do your
>> >> alternate profiles with with the aws command line tools and the
>> >> --profile option or other non-chef-provisioning tools?
>> >>
>> >> On Thu, Jan 29, 2015 at 10:21 PM, Christine Draper
>> >> < "> > wrote:
>> >> > It seems that there may be a bug in the profile support.   Whatever
>> >> > profile
>> >> > name I put in to the driver, it appears to be running with the
>> >> > credentials
>> >> > of the first profile in the file.
>> >> >
>> >> > On Thu, Jan 29, 2015 at 4:42 PM, Christine Draper
>> >> > < "> > wrote:
>> >> >>
>> >> >> Hmm.. I must be doing something stupid somewhere. Doesnt work for me
>> >> >> with
>> >> >> the env variable either.
>> >> >>
>> >> >> I've tried with both the 0.1.3 version that's in ChefDK 0.3.6, and
>> >> >> with
>> >> >> 0.2.1 (because I needed subnets).
>> >> >>
>> >> >> On Thu, Jan 29, 2015 at 4:20 PM, Tyler Ball < "> > wrote:
>> >> >>>
>> >> >>> I am using environmental variables and when I specify
>> >> >>> CHEF_DRIVER=aws:test1 it uses my profile - does that work for you?
>> >> >>> If
>> >> >>> so,
>> >> >>> I'm guessing it is a bug with `with_driver`.
>> >> >>>
>> >> >>> What version of chef-provisioning-aws are you using?  The ChefDK?
>> >> >>>
>> >> >>> -T
>> >> >>>
>> >> >>>
>> >> >>> > On Jan 29, 2015, at 1:39 PM, Christine Draper
>> >> >>> > < "> > wrote:
>> >> >>> >
>> >> >>> > Hi,
>> >> >>> >
>> >> >>> > Is there a way to tell chef-provisioning-aws driver to use a
>> >> >>> > profile
>> >> >>> > rather than the default from config/credentials files? I tried
>> >> >>> >
>> >> >>> > with_driver aws:test1
>> >> >>> >
>> >> >>> > where test1 is my profile, but that didn't work.
>> >> >>> >
>> >> >>> > Regards,
>> >> >>> > Christine
>> >> >>>
>> >> >>
>> >> >
>> >
>> >
>
>


Archive powered by MHonArc 2.6.16.

§