Skip to content

Commit

Permalink
Reload credentials before writing to avoid clashes
Browse files Browse the repository at this point in the history
The credentials file is currently read once in main, and then those
credentials are stored in memory and used as the basis for writing to
the credentials file when update_credentials_file is eventually called.

This allows lots of time for other processes to write to the credentials
file, and awsmfa then obliterates those changes when it writes the file.

There is no easy way to ensure that multiple processes co-operate, but
we can at least reduce the timeframe for clashes, and this commit does
that by simply reloading the credentials before updating and writing.
  • Loading branch information
mmrwoods committed Jun 19, 2020
1 parent 4d3565c commit 3fef374
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions awsmfa/__main__.py
Original file line number Diff line number Diff line change
Expand Up @@ -363,6 +363,8 @@ def find_mfa_for_user(user_specified_serial, botocore_session, boto3_session):

def update_credentials_file(filename, target_profile, source_profile,
credentials, new_access_key):
# reload credentials before writing to avoid conflicts with other processes
credentials.read(filename)
if target_profile != source_profile:
credentials.remove_section(target_profile)
# Hack: Python 2's implementation of ConfigParser rejects new sections
Expand Down

0 comments on commit 3fef374

Please sign in to comment.