diff --git a/CHANGELOG.md b/CHANGELOG.md index 8b203bd..e0824b6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,22 @@ +# 2.1.0 + +* Add support for environment variables +* Use first value from list of AWS profiles + +# 2.0.2 + +* Fix Python 3 issue with auto generated SSH keys + +# 2.0.1 + +* Upgrade boto-source-profile-mfa to fix python2 issue + +# 2.0.0 + +* Auto generate SSH keys when one is not provided +* Avoid sending SSM run command when there is no document specified +* Use boto-source-profile-mfa for AWS credentials + # 1.8.0 * Add support for Session Manager diff --git a/README.md b/README.md index c7b71a6..a82608f 100644 --- a/README.md +++ b/README.md @@ -97,6 +97,18 @@ aws { } ``` +The `profile_name` can optionally be defined as a list, and the first non-empty value will be used. This allows overriding the value with an environment variable. + +```js +aws { + /* + If the PRODUCTION_AWS_PROFILE environment variable is set, then use + the value of that variable. Otherwise, use the "production" profile. + */ + profile_name = ["${env.PRODUCTION_AWS_PROFILE}", "production"] +} +``` + ### `bastion {}` Instances in a private subnet might require a "bastion" or "jump" host. If the `bastion` block is defined, ssha will use it to find a bastion host to use when SSHing into any non-bastion host. @@ -338,6 +350,16 @@ iam group developers { } ``` +## Environment variables + +Environment variables can be accessed with the `env` object. If an environment variable is not set, it will result in an empty string. + +```js +ssh { + username = "${env.SSH_USERNAME}" +} +``` + ## Contributing If you have an idea for a new feature, please submit an issue first to confirm whether a pull request would be accepted. diff --git a/ssha/__init__.py b/ssha/__init__.py index 668c344..a33997d 100644 --- a/ssha/__init__.py +++ b/ssha/__init__.py @@ -1 +1 @@ -__version__ = '2.0.2' +__version__ = '2.1.0' diff --git a/ssha/config.py b/ssha/config.py index 104c11f..f4fee71 100644 --- a/ssha/config.py +++ b/ssha/config.py @@ -25,6 +25,17 @@ _tempfiles = {} +class EnvironmentVariables(dict): + def __init__(self): + self.update(os.environ) + + def get(self, key, default=""): + try: + return self[key] + except KeyError: + return default + + def _exec(command): return subprocess.check_output(command, shell=True).strip().decode('utf-8') @@ -35,7 +46,9 @@ def _get(key, default=None): value = value.get(key) if not value: break - return value or default + if value is not None: + return value + return default def _get_ssh_config(key): @@ -181,6 +194,9 @@ def load(name): if group in iam_group_specific_settings: update(iam_group_specific_settings[group]) + # Add environment variables. + add('env', EnvironmentVariables()) + # Default to SSH's default user. if not _get('ssh.username'): user = _get_ssh_config('user') @@ -239,6 +255,19 @@ def load(name): _tempfiles['host_keys_file'] = tempfile.NamedTemporaryFile(suffix='-ssha-known-hosts') add('ssm.host_keys_file', _tempfiles['host_keys_file'].name) + # To support configs like this: + # aws { profile_name = ["${env.AWS_PROFILE}", "dev"] } + # If "aws.profile_name" is a list, then find the first non-empty + # value and override the value with that. + aws_profile_names = get('aws.profile_name') + if isinstance(aws_profile_names, list): + for aws_profile_name in aws_profile_names: + if aws_profile_name: + break + else: + aws_profile_name = None + add("aws.profile_name", aws_profile_name) + def names(): ssha_settings = settings.all().get('ssha') or {}