Using config/credential profiles with chef-provisioning-aws


#1

Hi,

Is there a way to tell chef-provisioning-aws driver to use a profile rather
than the default from config/credentials files? I tried

with_driver aws:test1

where test1 is my profile, but that didn’t work.

Regards,
Christine


#2

I am using environmental variables and when I specify CHEF_DRIVER=aws:test1 it uses my profile - does that work for you? If so, I’m guessing it is a bug with with_driver.

What version of chef-provisioning-aws are you using? The ChefDK?

-T

On Jan 29, 2015, at 1:39 PM, Christine Draper christine_draper@thirdwaveinsights.com wrote:

Hi,

Is there a way to tell chef-provisioning-aws driver to use a profile rather than the default from config/credentials files? I tried

with_driver aws:test1

where test1 is my profile, but that didn’t work.

Regards,
Christine


#3

This is not working on Master with chef-provisioning-aws last I checked.
You will need to clone down this branch to get that to work…

https://github.com/chef/chef-provisioning-aws/tree/profile_things

On Thu, Jan 29, 2015 at 1:39 PM, Christine Draper <
christine_draper@thirdwaveinsights.com> wrote:

Hi,

Is there a way to tell chef-provisioning-aws driver to use a profile
rather than the default from config/credentials files? I tried

with_driver aws:test1

where test1 is my profile, but that didn’t work.

Regards,
Christine

Scott Ford

Consulting Engineer

(415) 763-2270 – f lauck@opscode.comords@getchef.com – *my: *Linkedin
http://www.linkedin.com/pub/scott-ford/15/47a/6ab/ Twitter
https://twitter.com/sford422

CHEF

GETCHEF.COM http://www.getchef.com/

TM

getchef.com http://www.getchef.com/ Blog
http://www.opscode.com/blog/ Facebook
https://www.facebook.com/getchefdotcom Twitter
https://twitter.com/chef Youtube https://www.youtube.com/getchef


#4

Looks like the functionality was added to master here:


and it’s in the latest version.

On Thu, Jan 29, 2015 at 5:27 PM, Scott Ford fords@getchef.com wrote:

This is not working on Master with chef-provisioning-aws last I checked.
You will need to clone down this branch to get that to work…

https://github.com/chef/chef-provisioning-aws/tree/profile_things

On Thu, Jan 29, 2015 at 1:39 PM, Christine Draper <
christine_draper@thirdwaveinsights.com> wrote:

Hi,

Is there a way to tell chef-provisioning-aws driver to use a profile
rather than the default from config/credentials files? I tried

with_driver aws:test1

where test1 is my profile, but that didn’t work.

Regards,
Christine

Scott Ford

Consulting Engineer

(415) 763-2270 <%28415%29%20763-2270> – f lauck@opscode.com
ords@getchef.com – *my: *Linkedin
http://www.linkedin.com/pub/scott-ford/15/47a/6ab/ Twitter
https://twitter.com/sford422

CHEF

GETCHEF.COM http://www.getchef.com/

TM

getchef.com http://www.getchef.com/ Blog
http://www.opscode.com/blog/ Facebook
https://www.facebook.com/getchefdotcom Twitter
https://twitter.com/chef Youtube https://www.youtube.com/getchef


#5

Hmm… I must be doing something stupid somewhere. Doesnt work for me with
the env variable either.

I’ve tried with both the 0.1.3 version that’s in ChefDK 0.3.6, and with
0.2.1 (because I needed subnets).

On Thu, Jan 29, 2015 at 4:20 PM, Tyler Ball tball@chef.io wrote:

I am using environmental variables and when I specify
CHEF_DRIVER=aws:test1 it uses my profile - does that work for you? If so,
I’m guessing it is a bug with with_driver.

What version of chef-provisioning-aws are you using? The ChefDK?

-T

On Jan 29, 2015, at 1:39 PM, Christine Draper <
christine_draper@thirdwaveinsights.com> wrote:

Hi,

Is there a way to tell chef-provisioning-aws driver to use a profile
rather than the default from config/credentials files? I tried

with_driver aws:test1

where test1 is my profile, but that didn’t work.

Regards,
Christine


#6

It seems that there may be a bug in the profile support. Whatever profile
name I put in to the driver, it appears to be running with the credentials
of the first profile in the file.

On Thu, Jan 29, 2015 at 4:42 PM, Christine Draper <
christine_draper@thirdwaveinsights.com> wrote:

Hmm… I must be doing something stupid somewhere. Doesnt work for me with
the env variable either.

I’ve tried with both the 0.1.3 version that’s in ChefDK 0.3.6, and with
0.2.1 (because I needed subnets).

On Thu, Jan 29, 2015 at 4:20 PM, Tyler Ball tball@chef.io wrote:

I am using environmental variables and when I specify
CHEF_DRIVER=aws:test1 it uses my profile - does that work for you? If so,
I’m guessing it is a bug with with_driver.

What version of chef-provisioning-aws are you using? The ChefDK?

-T

On Jan 29, 2015, at 1:39 PM, Christine Draper <
christine_draper@thirdwaveinsights.com> wrote:

Hi,

Is there a way to tell chef-provisioning-aws driver to use a profile
rather than the default from config/credentials files? I tried

with_driver aws:test1

where test1 is my profile, but that didn’t work.

Regards,
Christine


#7

Possibly stupid question: do the profiles other than the default one
start with ‘profile’ (e.g. ‘[profile test1]’) in the credentials file
(the AWS credentials file is weird in that the default profile is just
[default], but others are [profile profilename])? Also, do your
alternate profiles with with the aws command line tools and the
–profile option or other non-chef-provisioning tools?

On Thu, Jan 29, 2015 at 10:21 PM, Christine Draper
christine_draper@thirdwaveinsights.com wrote:

It seems that there may be a bug in the profile support. Whatever profile
name I put in to the driver, it appears to be running with the credentials
of the first profile in the file.

On Thu, Jan 29, 2015 at 4:42 PM, Christine Draper
christine_draper@thirdwaveinsights.com wrote:

Hmm… I must be doing something stupid somewhere. Doesnt work for me with
the env variable either.

I’ve tried with both the 0.1.3 version that’s in ChefDK 0.3.6, and with
0.2.1 (because I needed subnets).

On Thu, Jan 29, 2015 at 4:20 PM, Tyler Ball tball@chef.io wrote:

I am using environmental variables and when I specify
CHEF_DRIVER=aws:test1 it uses my profile - does that work for you? If so,
I’m guessing it is a bug with with_driver.

What version of chef-provisioning-aws are you using? The ChefDK?

-T

On Jan 29, 2015, at 1:39 PM, Christine Draper
christine_draper@thirdwaveinsights.com wrote:

Hi,

Is there a way to tell chef-provisioning-aws driver to use a profile
rather than the default from config/credentials files? I tried

with_driver aws:test1

where test1 is my profile, but that didn’t work.

Regards,
Christine


#8

Hi,

There are no stupid questions. I am a relative AWS API and
chef-provisioning newbie, and quite willing to believe its my configuration
problem!.

I have [profile profilename] in .config, but I am using .credentials for
the keys where I understand the format is just [profilename] (the aws
commands dont work if I use [profile profilename] in .credentials). I
have verified that I can create a vpc using --profile with aws ec2
create_vpc (and it fails when I don’t use --profile, as the default
credentials don’t have authority).

I’ve also tried moving the credentials into .config, but that doesn’t
help.

The most alarming behaviour is if I have no default in credentials, and put
the authorized users credentials first, that’s what it uses.

Regards,
Christine

On Fri, Jan 30, 2015 at 9:59 AM, Mark Harrison mharrison@chef.io wrote:

Possibly stupid question: do the profiles other than the default one
start with ‘profile’ (e.g. ‘[profile test1]’) in the credentials file
(the AWS credentials file is weird in that the default profile is just
[default], but others are [profile profilename])? Also, do your
alternate profiles with with the aws command line tools and the
–profile option or other non-chef-provisioning tools?

On Thu, Jan 29, 2015 at 10:21 PM, Christine Draper
christine_draper@thirdwaveinsights.com wrote:

It seems that there may be a bug in the profile support. Whatever
profile
name I put in to the driver, it appears to be running with the
credentials
of the first profile in the file.

On Thu, Jan 29, 2015 at 4:42 PM, Christine Draper
christine_draper@thirdwaveinsights.com wrote:

Hmm… I must be doing something stupid somewhere. Doesnt work for me
with

the env variable either.

I’ve tried with both the 0.1.3 version that’s in ChefDK 0.3.6, and with
0.2.1 (because I needed subnets).

On Thu, Jan 29, 2015 at 4:20 PM, Tyler Ball tball@chef.io wrote:

I am using environmental variables and when I specify
CHEF_DRIVER=aws:test1 it uses my profile - does that work for you? If
so,

I’m guessing it is a bug with with_driver.

What version of chef-provisioning-aws are you using? The ChefDK?

-T

On Jan 29, 2015, at 1:39 PM, Christine Draper
christine_draper@thirdwaveinsights.com wrote:

Hi,

Is there a way to tell chef-provisioning-aws driver to use a profile
rather than the default from config/credentials files? I tried

with_driver aws:test1

where test1 is my profile, but that didn’t work.

Regards,
Christine


#9

Interesting. You’re right about it being just profilename in the
credentials file vs config (today I learned…), and as far as I can
see in the code
(https://github.com/chef/chef-provisioning-aws/blob/master/lib/chef/provisioning/aws_driver/credentials.rb#L37)
it does treat them correctly.

I think the behavior you’re seeing about it picking the first set of
credentials if there is no default is caused by this:


but that’s still implying that it isn’t picking up your profilename.

Hopefully someone smarter than me can work out why that’s happening.

On Fri, Jan 30, 2015 at 12:41 PM, Christine Draper
christine_draper@thirdwaveinsights.com wrote:

Hi,

There are no stupid questions. I am a relative AWS API and chef-provisioning
newbie, and quite willing to believe its my configuration problem!.

I have [profile profilename] in .config, but I am using .credentials for the
keys where I understand the format is just [profilename] (the aws commands
dont work if I use [profile profilename] in .credentials). I have verified
that I can create a vpc using --profile with aws ec2 create_vpc (and it
fails when I don’t use --profile, as the default credentials don’t have
authority).

I’ve also tried moving the credentials into .config, but that doesn’t help.

The most alarming behaviour is if I have no default in credentials, and put
the authorized users credentials first, that’s what it uses.

Regards,
Christine

On Fri, Jan 30, 2015 at 9:59 AM, Mark Harrison mharrison@chef.io wrote:

Possibly stupid question: do the profiles other than the default one
start with ‘profile’ (e.g. ‘[profile test1]’) in the credentials file
(the AWS credentials file is weird in that the default profile is just
[default], but others are [profile profilename])? Also, do your
alternate profiles with with the aws command line tools and the
–profile option or other non-chef-provisioning tools?

On Thu, Jan 29, 2015 at 10:21 PM, Christine Draper
christine_draper@thirdwaveinsights.com wrote:

It seems that there may be a bug in the profile support. Whatever
profile
name I put in to the driver, it appears to be running with the
credentials
of the first profile in the file.

On Thu, Jan 29, 2015 at 4:42 PM, Christine Draper
christine_draper@thirdwaveinsights.com wrote:

Hmm… I must be doing something stupid somewhere. Doesnt work for me
with
the env variable either.

I’ve tried with both the 0.1.3 version that’s in ChefDK 0.3.6, and with
0.2.1 (because I needed subnets).

On Thu, Jan 29, 2015 at 4:20 PM, Tyler Ball tball@chef.io wrote:

I am using environmental variables and when I specify
CHEF_DRIVER=aws:test1 it uses my profile - does that work for you? If
so,
I’m guessing it is a bug with with_driver.

What version of chef-provisioning-aws are you using? The ChefDK?

-T

On Jan 29, 2015, at 1:39 PM, Christine Draper
christine_draper@thirdwaveinsights.com wrote:

Hi,

Is there a way to tell chef-provisioning-aws driver to use a profile
rather than the default from config/credentials files? I tried

with_driver aws:test1

where test1 is my profile, but that didn’t work.

Regards,
Christine


#10

My ruby’s so-so, but doesnt:


mean its only looking for “profile profilename” or “default”?

I may try putting credentials back in .config - seems like that should
work. Maybe I did something wrong last time I tried that.

Christine

On Fri, Jan 30, 2015 at 12:42 PM, Mark Harrison mharrison@chef.io wrote:

Interesting. You’re right about it being just profilename in the
credentials file vs config (today I learned…), and as far as I can
see in the code
(
https://github.com/chef/chef-provisioning-aws/blob/master/lib/chef/provisioning/aws_driver/credentials.rb#L37
)
it does treat them correctly.

I think the behavior you’re seeing about it picking the first set of
credentials if there is no default is caused by this:

https://github.com/chef/chef-provisioning-aws/blob/master/lib/chef/provisioning/aws_driver/credentials.rb#L22
but that’s still implying that it isn’t picking up your profilename.

Hopefully someone smarter than me can work out why that’s happening.

On Fri, Jan 30, 2015 at 12:41 PM, Christine Draper
christine_draper@thirdwaveinsights.com wrote:

Hi,

There are no stupid questions. I am a relative AWS API and
chef-provisioning
newbie, and quite willing to believe its my configuration problem!.

I have [profile profilename] in .config, but I am using .credentials for
the
keys where I understand the format is just [profilename] (the aws
commands
dont work if I use [profile profilename] in .credentials). I have
verified
that I can create a vpc using --profile with aws ec2 create_vpc (and it
fails when I don’t use --profile, as the default credentials don’t have
authority).

I’ve also tried moving the credentials into .config, but that doesn’t
help.

The most alarming behaviour is if I have no default in credentials, and
put
the authorized users credentials first, that’s what it uses.

Regards,
Christine

On Fri, Jan 30, 2015 at 9:59 AM, Mark Harrison mharrison@chef.io
wrote:

Possibly stupid question: do the profiles other than the default one
start with ‘profile’ (e.g. ‘[profile test1]’) in the credentials file
(the AWS credentials file is weird in that the default profile is just
[default], but others are [profile profilename])? Also, do your
alternate profiles with with the aws command line tools and the
–profile option or other non-chef-provisioning tools?

On Thu, Jan 29, 2015 at 10:21 PM, Christine Draper
christine_draper@thirdwaveinsights.com wrote:

It seems that there may be a bug in the profile support. Whatever
profile
name I put in to the driver, it appears to be running with the
credentials
of the first profile in the file.

On Thu, Jan 29, 2015 at 4:42 PM, Christine Draper
christine_draper@thirdwaveinsights.com wrote:

Hmm… I must be doing something stupid somewhere. Doesnt work for me
with
the env variable either.

I’ve tried with both the 0.1.3 version that’s in ChefDK 0.3.6, and
with

0.2.1 (because I needed subnets).

On Thu, Jan 29, 2015 at 4:20 PM, Tyler Ball tball@chef.io wrote:

I am using environmental variables and when I specify
CHEF_DRIVER=aws:test1 it uses my profile - does that work for you?
If

so,
I’m guessing it is a bug with with_driver.

What version of chef-provisioning-aws are you using? The ChefDK?

-T

On Jan 29, 2015, at 1:39 PM, Christine Draper
christine_draper@thirdwaveinsights.com wrote:

Hi,

Is there a way to tell chef-provisioning-aws driver to use a
profile

rather than the default from config/credentials files? I tried

with_driver aws:test1

where test1 is my profile, but that didn’t work.

Regards,
Christine


#11

Yes. However, there’s another method below that one,
load_credentials_ini, that loads from ~/.aws/credentials, and that
appears to be looking for [profilename] directly. The load_inis method
(called by the load_default method towards the bottom) loads both the
contents of ~/.aws/config and ~/.aws/credentials using the two
load_config_ini and load_credentials_ini files, and then merges the
results.

On Fri, Jan 30, 2015 at 2:47 PM, Christine Draper
christine_draper@thirdwaveinsights.com wrote:

My ruby’s so-so, but doesnt:
https://github.com/chef/chef-provisioning-aws/blob/master/lib/chef/provisioning/aws_driver/credentials.rb#L49
mean its only looking for “profile profilename” or “default”?

I may try putting credentials back in .config - seems like that should work.
Maybe I did something wrong last time I tried that.

Christine

On Fri, Jan 30, 2015 at 12:42 PM, Mark Harrison mharrison@chef.io wrote:

Interesting. You’re right about it being just profilename in the
credentials file vs config (today I learned…), and as far as I can
see in the code

(https://github.com/chef/chef-provisioning-aws/blob/master/lib/chef/provisioning/aws_driver/credentials.rb#L37)
it does treat them correctly.

I think the behavior you’re seeing about it picking the first set of
credentials if there is no default is caused by this:

https://github.com/chef/chef-provisioning-aws/blob/master/lib/chef/provisioning/aws_driver/credentials.rb#L22
but that’s still implying that it isn’t picking up your profilename.

Hopefully someone smarter than me can work out why that’s happening.

On Fri, Jan 30, 2015 at 12:41 PM, Christine Draper
christine_draper@thirdwaveinsights.com wrote:

Hi,

There are no stupid questions. I am a relative AWS API and
chef-provisioning
newbie, and quite willing to believe its my configuration problem!.

I have [profile profilename] in .config, but I am using .credentials for
the
keys where I understand the format is just [profilename] (the aws
commands
dont work if I use [profile profilename] in .credentials). I have
verified
that I can create a vpc using --profile with aws ec2 create_vpc (and it
fails when I don’t use --profile, as the default credentials don’t have
authority).

I’ve also tried moving the credentials into .config, but that doesn’t
help.

The most alarming behaviour is if I have no default in credentials, and
put
the authorized users credentials first, that’s what it uses.

Regards,
Christine

On Fri, Jan 30, 2015 at 9:59 AM, Mark Harrison mharrison@chef.io
wrote:

Possibly stupid question: do the profiles other than the default one
start with ‘profile’ (e.g. ‘[profile test1]’) in the credentials file
(the AWS credentials file is weird in that the default profile is just
[default], but others are [profile profilename])? Also, do your
alternate profiles with with the aws command line tools and the
–profile option or other non-chef-provisioning tools?

On Thu, Jan 29, 2015 at 10:21 PM, Christine Draper
christine_draper@thirdwaveinsights.com wrote:

It seems that there may be a bug in the profile support. Whatever
profile
name I put in to the driver, it appears to be running with the
credentials
of the first profile in the file.

On Thu, Jan 29, 2015 at 4:42 PM, Christine Draper
christine_draper@thirdwaveinsights.com wrote:

Hmm… I must be doing something stupid somewhere. Doesnt work for me
with
the env variable either.

I’ve tried with both the 0.1.3 version that’s in ChefDK 0.3.6, and
with
0.2.1 (because I needed subnets).

On Thu, Jan 29, 2015 at 4:20 PM, Tyler Ball tball@chef.io wrote:

I am using environmental variables and when I specify
CHEF_DRIVER=aws:test1 it uses my profile - does that work for you?
If
so,
I’m guessing it is a bug with with_driver.

What version of chef-provisioning-aws are you using? The ChefDK?

-T

On Jan 29, 2015, at 1:39 PM, Christine Draper
christine_draper@thirdwaveinsights.com wrote:

Hi,

Is there a way to tell chef-provisioning-aws driver to use a
profile
rather than the default from config/credentials files? I tried

with_driver aws:test1

where test1 is my profile, but that didn’t work.

Regards,
Christine


#12

Mystery partly solved. It seems to be specifically to do with the aws_vpc
resource (possibly with all of the aws-specific resources). It works OK for
machine. I stuck a breakpoint in aws_driver/driver and discovered the
relevant profile code gets called for machine but not for aws_vpc. I think
I’ve got as far as I could on this… hopefully its OK if I raise a bug.

Christine

On Fri, Jan 30, 2015 at 1:58 PM, Mark Harrison mharrison@chef.io wrote:

Yes. However, there’s another method below that one,
load_credentials_ini, that loads from ~/.aws/credentials, and that
appears to be looking for [profilename] directly. The load_inis method
(called by the load_default method towards the bottom) loads both the
contents of ~/.aws/config and ~/.aws/credentials using the two
load_config_ini and load_credentials_ini files, and then merges the
results.

On Fri, Jan 30, 2015 at 2:47 PM, Christine Draper
christine_draper@thirdwaveinsights.com wrote:

My ruby’s so-so, but doesnt:

https://github.com/chef/chef-provisioning-aws/blob/master/lib/chef/provisioning/aws_driver/credentials.rb#L49

mean its only looking for “profile profilename” or “default”?

I may try putting credentials back in .config - seems like that should
work.
Maybe I did something wrong last time I tried that.

Christine

On Fri, Jan 30, 2015 at 12:42 PM, Mark Harrison mharrison@chef.io
wrote:

Interesting. You’re right about it being just profilename in the
credentials file vs config (today I learned…), and as far as I can
see in the code

(
https://github.com/chef/chef-provisioning-aws/blob/master/lib/chef/provisioning/aws_driver/credentials.rb#L37
)

it does treat them correctly.

I think the behavior you’re seeing about it picking the first set of
credentials if there is no default is caused by this:

https://github.com/chef/chef-provisioning-aws/blob/master/lib/chef/provisioning/aws_driver/credentials.rb#L22

but that’s still implying that it isn’t picking up your profilename.

Hopefully someone smarter than me can work out why that’s happening.

On Fri, Jan 30, 2015 at 12:41 PM, Christine Draper
christine_draper@thirdwaveinsights.com wrote:

Hi,

There are no stupid questions. I am a relative AWS API and
chef-provisioning
newbie, and quite willing to believe its my configuration problem!.

I have [profile profilename] in .config, but I am using .credentials
for

the
keys where I understand the format is just [profilename] (the aws
commands
dont work if I use [profile profilename] in .credentials). I have
verified
that I can create a vpc using --profile with aws ec2 create_vpc (and
it

fails when I don’t use --profile, as the default credentials don’t
have

authority).

I’ve also tried moving the credentials into .config, but that doesn’t
help.

The most alarming behaviour is if I have no default in credentials,
and

put
the authorized users credentials first, that’s what it uses.

Regards,
Christine

On Fri, Jan 30, 2015 at 9:59 AM, Mark Harrison mharrison@chef.io
wrote:

Possibly stupid question: do the profiles other than the default one
start with ‘profile’ (e.g. ‘[profile test1]’) in the credentials file
(the AWS credentials file is weird in that the default profile is
just

[default], but others are [profile profilename])? Also, do your
alternate profiles with with the aws command line tools and the
–profile option or other non-chef-provisioning tools?

On Thu, Jan 29, 2015 at 10:21 PM, Christine Draper
christine_draper@thirdwaveinsights.com wrote:

It seems that there may be a bug in the profile support. Whatever
profile
name I put in to the driver, it appears to be running with the
credentials
of the first profile in the file.

On Thu, Jan 29, 2015 at 4:42 PM, Christine Draper
christine_draper@thirdwaveinsights.com wrote:

Hmm… I must be doing something stupid somewhere. Doesnt work for
me

with
the env variable either.

I’ve tried with both the 0.1.3 version that’s in ChefDK 0.3.6, and
with
0.2.1 (because I needed subnets).

On Thu, Jan 29, 2015 at 4:20 PM, Tyler Ball tball@chef.io
wrote:

I am using environmental variables and when I specify
CHEF_DRIVER=aws:test1 it uses my profile - does that work for
you?

If
so,
I’m guessing it is a bug with with_driver.

What version of chef-provisioning-aws are you using? The ChefDK?

-T

On Jan 29, 2015, at 1:39 PM, Christine Draper
christine_draper@thirdwaveinsights.com wrote:

Hi,

Is there a way to tell chef-provisioning-aws driver to use a
profile
rather than the default from config/credentials files? I tried

with_driver aws:test1

where test1 is my profile, but that didn’t work.

Regards,
Christine