public async Task <AWSCredentials> ResolveAWSCredentials(string profileName, string lastUsedProfileName)
{
AWSCredentials credentials;
var chain = new CredentialProfileStoreChain();
if (!string.IsNullOrEmpty(profileName))
{
if (chain.TryGetAWSCredentials(profileName, out credentials) &&
await CanLoadCredentials(credentials))
{
_toolInteractiveService.WriteLine($"Configuring AWS Credentials from Profile {profileName}.");
return(credentials);
}
}
if (!string.IsNullOrEmpty(lastUsedProfileName) &&
chain.TryGetAWSCredentials(lastUsedProfileName, out credentials) &&
await CanLoadCredentials(credentials))
{
_toolInteractiveService.WriteLine($"Configuring AWS Credentials with previous configured profile value {lastUsedProfileName}.");
return(credentials);
}
try
{
credentials = FallbackCredentialsFactory.GetCredentials();
if (await CanLoadCredentials(credentials))
{
_toolInteractiveService.WriteLine("Configuring AWS Credentials using AWS SDK credential search.");
return(credentials);
}
}
catch (AmazonServiceException)
{
// FallbackCredentialsFactory throws an exception if no credentials are found. Burying exception because if no credentials are found
// we want to continue and ask the user to select a profile.
}
var sharedCredentials = new SharedCredentialsFile();
if (sharedCredentials.ListProfileNames().Count == 0)
{
_toolInteractiveService.WriteErrorLine("Unable to resolve AWS credentials to access AWS.");
throw new NoAWSCredentialsFoundException();
}
var consoleUtilities = new ConsoleUtilities(_toolInteractiveService);
var selectedProfileName = consoleUtilities.AskUserToChoose(sharedCredentials.ListProfileNames(), "Select AWS Credentials Profile", null);
if (!chain.TryGetAWSCredentials(selectedProfileName, out credentials) ||
!(await CanLoadCredentials(credentials)))
{
_toolInteractiveService.WriteErrorLine($"Unable to create AWS credentials for profile {selectedProfileName}.");
throw new NoAWSCredentialsFoundException();
}
return(credentials);
}
public async Task <AWSCredentials> ResolveAWSCredentials(string?profileName, string?lastUsedProfileName = null)
{
async Task <AWSCredentials> Resolve()
{
var chain = new CredentialProfileStoreChain();
if (!string.IsNullOrEmpty(profileName) && chain.TryGetAWSCredentials(profileName, out var profileCredentials) &&
// Skip checking CanLoadCredentials for AssumeRoleAWSCredentials because it might require an MFA token and the callback hasn't been setup yet.
(profileCredentials is AssumeRoleAWSCredentials || await CanLoadCredentials(profileCredentials)))
{
_toolInteractiveService.WriteLine($"Configuring AWS Credentials from Profile {profileName}.");
return(profileCredentials);
}
if (!string.IsNullOrEmpty(lastUsedProfileName) &&
chain.TryGetAWSCredentials(lastUsedProfileName, out var lastUsedCredentials) &&
await CanLoadCredentials(lastUsedCredentials))
{
_toolInteractiveService.WriteLine($"Configuring AWS Credentials with previous configured profile value {lastUsedProfileName}.");
return(lastUsedCredentials);
}
try
{
var fallbackCredentials = FallbackCredentialsFactory.GetCredentials();
if (await CanLoadCredentials(fallbackCredentials))
{
_toolInteractiveService.WriteLine("Configuring AWS Credentials using AWS SDK credential search.");
return(fallbackCredentials);
}
}
catch (AmazonServiceException)
{
// FallbackCredentialsFactory throws an exception if no credentials are found. Burying exception because if no credentials are found
// we want to continue and ask the user to select a profile.
}
var sharedCredentials = new SharedCredentialsFile();
if (sharedCredentials.ListProfileNames().Count == 0)
{
throw new NoAWSCredentialsFoundException("Unable to resolve AWS credentials to access AWS.");
}
var selectedProfileName = _consoleUtilities.AskUserToChoose(sharedCredentials.ListProfileNames(), "Select AWS Credentials Profile", null);
if (chain.TryGetAWSCredentials(selectedProfileName, out var selectedProfileCredentials) &&
(await CanLoadCredentials(selectedProfileCredentials)))
{
return(selectedProfileCredentials);
}
throw new NoAWSCredentialsFoundException($"Unable to create AWS credentials for profile {selectedProfileName}.");
}
var credentials = await Resolve();
if (credentials is AssumeRoleAWSCredentials assumeRoleAWSCredentials)
{
var assumeOptions = assumeRoleAWSCredentials.Options;
assumeOptions.MfaTokenCodeCallback = new AssumeRoleMfaTokenCodeCallback(_toolInteractiveService, _directoryManager, assumeOptions).Execute;
}
return(credentials);
}