feat(ec2): Allow using ec2 profile as creds (canonical#412)

TheRealFalcon · web-flow · commit 1a5109dc9006 · 2024-10-22T08:27:37.000-05:00
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1!10.2.0
+1!10.3.0
diff --git a/docs/clouds/ec2.md b/docs/clouds/ec2.md
@@ -4,7 +4,8 @@ The following page documents the AWS EC2 cloud integration in pycloudlib.
 
 ## Credentials
 
-To access EC2 requires users to have an access key id and secret access key. These should be set in pycloudlib.toml.
+To access EC2 requires users to have either an access key id and secret access key or a profile using SSO.
+These should be set in pycloudlib.toml.
 
 ### AWS Dotfile (Deprecated)
 
@@ -25,13 +26,14 @@ region = us-west-2
 
 ### Passed Directly (Deprecated)
 
-The credential and region information can also be provided directly when initializing the EC2 object:
+The credential, region,and profile information can also be provided directly when initializing the EC2 object:
 
 ```python
 ec2 = pycloudlib.EC2(
     access_key_id='KEY_VALUE',
     secret_access_key='KEY_VALUE',
-    region='us-west-2'
+    region='us-west-2',
+    profile="work",
 )
 ```
 
diff --git a/pycloudlib.toml.template b/pycloudlib.toml.template
@@ -24,10 +24,15 @@ tenant_id = ""
 # key_name = ""  # Defaults to your username if not set
 
 [ec2]
-# Most values can be found in ~/.aws/credentials or ~/.aws/config
-access_key_id = ""  # in ~/.aws/credentials
-secret_access_key = ""  # in ~/.aws/credentials
 region = ""  # in ~/.aws/config
+# If 'aws configure sso' has been run, 'profile' should be the only credentials needed
+profile = ""  # in ~/.aws/config
+
+# If profile is given, these are not necessary.
+# They can be found in ~/.aws/credentials or ~/.aws/config
+# access_key_id = ""  # in ~/.aws/credentials
+# secret_access_key = ""  # in ~/.aws/credentials
+
 # public_key_path = "/root/id_rsa.pub"
 # private_key_path = ""  # Defaults to 'public_key_path' without the '.pub'
 # key_name = ""  # can be found with `aws ec2 describe-key-pairs`
@@ -72,7 +77,7 @@ config_path = "~/.oci/config"
 availability_domain = ""  # Likely in ~/.oci/oci_cli_rc
 compartment_id = ""  # Likely in ~/.oci/oci_cli_rc
 # region = "us-phoenix-1"  # will use region from oci config file if not specified
-# profile = "DEFAULT" # will use default profile from oci config file if not specified 
+# profile = "DEFAULT" # will use default profile from oci config file if not specified
 # public_key_path = "~/.ssh/id_rsa.pub"
 # private_key_path = ""  # Defaults to 'public_key_path' without the '.pub'
 # key_name = ""  # Defaults to your username if not set
diff --git a/pycloudlib/ec2/cloud.py b/pycloudlib/ec2/cloud.py
@@ -11,11 +11,7 @@
 from pycloudlib.ec2.instance import EC2Instance
 from pycloudlib.ec2.util import _get_session, _tag_resource
 from pycloudlib.ec2.vpc import VPC
-from pycloudlib.errors import (
-    CloudSetupError,
-    ImageNotFoundError,
-    PycloudlibError,
-)
+from pycloudlib.errors import CloudSetupError, ImageNotFoundError, PycloudlibError
 from pycloudlib.util import LTS_RELEASES, UBUNTU_RELEASE_VERSION_MAP
 
 # Images before mantic don't have gp3 disk type
@@ -36,6 +32,7 @@ def __init__(
         access_key_id: Optional[str] = None,
         secret_access_key: Optional[str] = None,
         region: Optional[str] = None,
+        profile: Optional[str] = None,
     ):
         """Initialize the connection to EC2.
 
@@ -50,6 +47,7 @@ def __init__(
             access_key_id: user's access key ID
             secret_access_key: user's secret access key
             region: region to login to
+            profile: profile to use from ~/.aws/config
         """
         super().__init__(
             tag,
@@ -59,11 +57,16 @@ def __init__(
         )
         self._log.debug("logging into EC2")
 
+        access_key_id = access_key_id or self.config.get("access_key_id")
+        secret_access_key = secret_access_key or self.config.get("secret_access_key")
+        region = region or self.config.get("region")
+        profile = profile or self.config.get("profile")
         try:
             session = _get_session(
-                access_key_id or self.config.get("access_key_id"),
-                secret_access_key or self.config.get("secret_access_key"),
-                region or self.config.get("region"),
+                access_key_id=access_key_id,
+                secret_access_key=secret_access_key,
+                region=region,
+                profile=profile,
             )
             self.client = session.client("ec2")
             self.resource = session.resource("ec2")
diff --git a/pycloudlib/ec2/util.py b/pycloudlib/ec2/util.py
@@ -44,7 +44,9 @@ def _decode_console_output_as_bytes(parsed, **kwargs):
     parsed["OutputBytes"] = base64.b64decode(orig)
 
 
-def _get_session(access_key_id, secret_access_key, region):
+def _get_session(
+    access_key_id=None, secret_access_key=None, region=None, profile=None
+) -> boto3.Session:
     """Get EC2 session.
 
     Args:
@@ -67,4 +69,5 @@ def _get_session(access_key_id, secret_access_key, region):
         aws_access_key_id=access_key_id,
         aws_secret_access_key=secret_access_key,
         region_name=region,
+        profile_name=profile,
     )
