Resolves #93: Uses boto3 to find region if possible

[artburkart]

Rather than depending on the partially implemented AWS_DEFAULT_REGION
check, this change makes it so credstash relies more heavily on boto3 to
discover regions. Now we can do things like define an ~/.aws/config
file that looks like this:

[profile work]
region=us-west-2

and run credstash like this:

AWS_PROFILE=work credstash -n arn:aws:iam::000000000000:role/some-role get test

and it will successfully find the correct region

Only in the case where the region is absolutely not found, does
credstash then default to us-east-1. It's slightly backward
incompatible, but I think it's a nice improvement.

[wayne-luminal]

@artburkart Thanks for another PR!

What do you think about dropping a default region from credstash? So I'm thinking the resolution rules would be:

• --region parameter
• Let boto* go through its own rules
• If region is not found raise an exception

What do you think about that?

Thank you for pointing out a backward incompatible change. Given the number of PRs that are outstanding, I'm going through all of them now to create a new major version of credstash that will include backward incompatible changes so it's good to call those out when you see them so they can be documented.

[artburkart]

While I don't think it will impact me personally, it could break backward compatibility for some (maybe many?) of the current users out there. Would there be a way to tell users this is a breaking change?

[wayne-luminal]

What I'd like to do is start following semver conventions for releases. Major version bumps indicate breaking changes or major updates to functionality. Breaking changes would also be documented, probably in the release notes. We could also do beta releases that are usable for some time before committing to a full on release to give folks time to adjust, though that would be a little more overhead.

[artburkart]

okay, I'll make that change then :)

…

On Fri, Oct 27, 2017 at 11:26 AM, wayne-luminal ***@***.***> wrote: What I'd like to do is start following semver conventions for releases. Major version bumps indicate breaking changes or major updates to functionality. Breaking changes would also be documented, probably in the release notes. We could also do beta releases that are usable for some time before committing to a full on release to give folks time to adjust, though that would be a little more overhead. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#180 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAcSqHn8wUv8hPUi2nrZZ1w1OkPQSR_5ks5swfY2gaJpZM4P359t> .

[rubendura]

I’m thinking more and more that removing the default and raising an exception in the worst case is the best option. If there is no default way to get a region let the user know and configure it the way they want, either using boto3 default chain of config or the —region shortcut.

[artburkart]

How soon do you need this? I don't want to hold anyone up if you wanted it yesterday or something like that :)

[rubendura]

Well, I'm no longer using CredStash in any of my projects for various reasons (including that I changed employer), so I don't need it any time soon :P Still, I think this change makes for a better experience overall.

[artburkart]

Heh, I figured it wasn't too urgent for you, since the request was made over a year ago. I was more curious whether there was any urgency on the luminal side of things. :) Regardless, I made the update.

[inhumantsar]

@artburkart @wayne-luminal i'd really like to see this PR implemented. should it be redone from the ground up or is there something we can do to nudge it over the line?

[artburkart]

@inhumantsar – I think the PR is still good as-is, but I'd need to resolve one minor plaintext conflict and get it approved and merged for it to go live.