Support alternate AWS profiles

CHANGELOG.md

@@ -1,3 +1,22 @@
+# 2.1.0
+
+* Add support for environment variables
+* Use first value from list of AWS profiles
+
+# 2.0.2
+
+* Fix Python 3 issue with auto generated SSH keys
+
+# 2.0.1
+
+* Upgrade boto-source-profile-mfa to fix python2 issue
+
+# 2.0.0
+
+* Auto generate SSH keys when one is not provided
+* Avoid sending SSM run command when there is no document specified
+* Use boto-source-profile-mfa for AWS credentials
+
 # 1.8.0
 
 * Add support for Session Manager

README.md

@@ -97,6 +97,18 @@ aws {
 }
 ```
 
+The `profile_name` can optionally be defined as a list, and the first non-empty value will be used. This allows overriding the value with an environment variable.
+
+```js
+aws {
+  /*
+  If the PRODUCTION_AWS_PROFILE environment variable is set, then use
+  the value of that variable. Otherwise, use the "production" profile.
+  */
+  profile_name = ["${env.PRODUCTION_AWS_PROFILE}", "production"]
+}
+```
+
 ### `bastion {}`
 
 Instances in a private subnet might require a "bastion" or "jump" host. If the `bastion` block is defined, ssha will use it to find a bastion host to use when SSHing into any non-bastion host.
@@ -338,6 +350,16 @@ iam group developers {
 }
 ```
 
+## Environment variables
+
+Environment variables can be accessed with the `env` object. If an environment variable is not set, it will result in an empty string.
+
+```js
+ssh {
+  username = "${env.SSH_USERNAME}"
+}
+```
+
 ## Contributing
 
 If you have an idea for a new feature, please submit an issue first to confirm whether a pull request would be accepted.

ssha/__init__.py

@@ -1 +1 @@
-__version__ = '2.0.2'
+__version__ = '2.1.0'

ssha/config.py

@@ -25,6 +25,17 @@
 _tempfiles = {}
 
 
+class EnvironmentVariables(dict):
+    def __init__(self):
+        self.update(os.environ)
+
+    def get(self, key, default=""):
+        try:
+            return self[key]
+        except KeyError:
+            return default
+
+
 def _exec(command):
     return subprocess.check_output(command, shell=True).strip().decode('utf-8')
 
@@ -35,7 +46,9 @@ def _get(key, default=None):
         value = value.get(key)
         if not value:
             break
-    return value or default
+    if value is not None:
+        return value
+    return default
 
 
 def _get_ssh_config(key):
@@ -181,6 +194,9 @@ def load(name):
             if group in iam_group_specific_settings:
                 update(iam_group_specific_settings[group])
 
+    # Add environment variables.
+    add('env', EnvironmentVariables())
+
     # Default to SSH's default user.
     if not _get('ssh.username'):
         user = _get_ssh_config('user')
@@ -239,6 +255,19 @@ def load(name):
         _tempfiles['host_keys_file'] = tempfile.NamedTemporaryFile(suffix='-ssha-known-hosts')
         add('ssm.host_keys_file', _tempfiles['host_keys_file'].name)
 
+    # To support configs like this:
+    #  aws { profile_name = ["${env.AWS_PROFILE}", "dev"] }
+    # If "aws.profile_name" is a list, then find the first non-empty
+    # value and override the value with that.
+    aws_profile_names = get('aws.profile_name')
+    if isinstance(aws_profile_names, list):
+        for aws_profile_name in aws_profile_names:
+            if aws_profile_name:
+                break
+        else:
+            aws_profile_name = None
+        add("aws.profile_name", aws_profile_name)
+
 
 def names():
     ssha_settings = settings.all().get('ssha') or {}