From e3c9da72c79b444c0b0ca2ccbd7e420f48716077 Mon Sep 17 00:00:00 2001
From: Mark Woods <mwoods.online.ie@gmail.com>
Date: Sat, 13 Jun 2020 09:42:41 +0100
Subject: [PATCH] Reload credentials before writing to avoid clashes

The credentials file is currently read once in main, and then those
credentials are stored in memory and used as the basis for writing to
the credentials file when update_credentials_file is eventually called.

This allows lots of time for other processes to write to the credentials
file, and awsmfa then obliterates those changes when it writes the file.

There is no easy way to ensure that multiple processes co-operate, but
we can at least reduce the timeframe for clashes, and this commit does
that by simply reloading the credentials before updating and writing.
---
 awsmfa/__main__.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/awsmfa/__main__.py b/awsmfa/__main__.py
index 207d10e..d5e0b44 100755
--- a/awsmfa/__main__.py
+++ b/awsmfa/__main__.py
@@ -363,6 +363,8 @@ def find_mfa_for_user(user_specified_serial, botocore_session, boto3_session):
 
 def update_credentials_file(filename, target_profile, source_profile,
                             credentials, new_access_key):
+    # reload credentials before writing to avoid conflicts with other processes
+    credentials.read(filename)
     if target_profile != source_profile:
         credentials.remove_section(target_profile)
         # Hack: Python 2's implementation of ConfigParser rejects new sections