Skip to content

Commit d989fdc

Browse files
joguSDjoguSD
committed
Pop explicit credentials when switching profiles
1 parent b9975fa commit d989fdc

File tree

2 files changed

+23
-2
lines changed

2 files changed

+23
-2
lines changed

awsshell/app.py

+9-2
Original file line numberDiff line numberDiff line change
@@ -221,7 +221,7 @@ class AWSShell(object):
221221
"""
222222

223223
def __init__(self, completer, model_completer, docs,
224-
input=None, output=None):
224+
env=None, input=None, output=None):
225225
self.completer = completer
226226
self.model_completer = model_completer
227227
self.history = InMemoryHistory()
@@ -232,10 +232,12 @@ def __init__(self, completer, model_completer, docs,
232232
self.refresh_cli = False
233233
self.key_manager = None
234234
self._dot_cmd = DotCommandHandler()
235-
self._env = os.environ.copy()
236235
self._profile = None
237236
self._input = input
238237
self._output = output
238+
self._env = env
239+
if self._env is None:
240+
self._env = os.environ.copy()
239241

240242
# These attrs come from the config file.
241243
self.config_obj = None
@@ -483,6 +485,11 @@ def profile(self, new_profile_name):
483485
# it's worth adding an event system or observers just yet.
484486
# If this gets hard to manage, the complexity of those systems
485487
# would be worth it.
488+
489+
# Remove explicit keys to ensure the profile will be used
490+
self._env.pop('AWS_ACCESS_KEY_ID', None)
491+
self._env.pop('AWS_SECRET_ACCESS_KEY', None)
492+
486493
self._env['AWS_DEFAULT_PROFILE'] = new_profile_name
487494
self.completer.change_profile(new_profile_name)
488495
self._profile = new_profile_name

tests/unit/test_app.py

+14
Original file line numberDiff line numberDiff line change
@@ -109,6 +109,20 @@ def test_delegates_to_complete_changing_profile():
109109
assert shell.profile == 'mynewprofile'
110110

111111

112+
def test_change_profile_pops_explicit_keys():
113+
env = {
114+
'AWS_ACCESS_KEY_ID': 'test',
115+
'AWS_SECRET_ACCESS_KEY': 'test',
116+
}
117+
shell = app.AWSShell(mock.Mock(), mock.Mock(), mock.Mock(), env=env)
118+
shell.profile = 'newprofile'
119+
# ensure the profile is set
120+
assert shell.profile == 'newprofile'
121+
# ensure the credentials are not explicityly set in env
122+
assert env.get('AWS_ACCESS_KEY_ID', None) is None
123+
assert env.get('AWS_SECRET_ACCESS_KEY', None) is None
124+
125+
112126
def test_cd_handler_can_chdir():
113127
chdir = mock.Mock()
114128
handler = app.ChangeDirHandler(chdir=chdir)

0 commit comments

Comments
 (0)