Clojurians Log v2
babashka
We (@jeroenvandijk, @rahul080327, @valtteri and myself) are happy to announce the babashka aws pod! Access AWS directly from babashka scripts with virtually no startup time, accessing all the services that the Cognitect aws-api lib provides access to. https://github.com/babashka/pod-babashka-aws
Is there a way to launch a babashka .CLJ file like a normal bash file? ./my-clj-script.sh I'm asking because I would like to run a BB script in our TeamCity and you can enter some bash in the UI so that would make it easy to use there.
@nha yes, use a shebang: #!/usr/bin/env bb
Nice! That should work :simple_smile: thanks
@borkdude I assume aws pod doesn't support custom credential providers, right?
@jeroenvandijk is working on that https://github.com/babashka/pod-babashka-aws/pull/16
@lukaszkorecki If you have specific examples please leave a comment with your usecase
@jeroenvandijk We have 2 custom providers which I'm planning to open source at some point - AWS SSO profile and Fargate+ECS, neither are supported out of the box in aws-api, the implementation is fairly straightforward but since both reify CredentialsProvider, I'd assume it's not possible to pull off in BB (it might, I don't know)
@lukaszkorecki Jeroen is adding a credentials_process provider, which lets you hook into a process which grabs the credentials for you, returned as json
That might also help
Ah, neat!
which can be another bb script, possibly ;)
it totally can - both providers are pretty simple (couple of HTTP requests and parsing JSON files)
Do you happen to use Okta @lukaszkorecki?
I started implementing support for reify CredentialsProvider but it’s a bit tricky so maybe not worth it if there are other options
We delegate to G-Suite as the iDP, but it should be the same - credentials obtained via aws sso login are not dependent on the idp I think
Cool 🙂 I didn’t try aws sso yet. Was using Okta before sso came out, but I guess similar indeed
When I set it up it was "just" SAML, so you can definitely use Okta
it's pretty neat, as we have effectively stopped using aws credentials locally, don't have to use creds to login to the console
and with some hackery even works with Terraform
BUT, most (if not all) AWS SDKs do not work with sso as the credential source
(yet, I'm sure they will catch up)
even when wrapped in a credential_process?
if that provides credentials via standard env vars, then it should work as expected
but, these expire within 15m to an hour (I think it's configurable)
so you need something to constantly refresh them
aws-cli and aws-sdk seem to work properly with credential_process is my experience. I do have a custom wrapper to manage expirations
here you go, extracted from our private lib: https://gist.github.com/lukaszkorecki/120008f7832e23702e94f4205b8e3df5
awesome thanks!
assumes that aws cli v2 is configured, you can do aws sso login --profile=whatever and call the AWS APIs
Does it make sense to make a thread for this discussion?
(I personally don't mind)
Sorry, yes! Also I thought this is #aws channel 🤦
No worries. Let's continue here :)
Added you to our "babashka-aws" group discussion
What’s the recommended way to parse a date in Babashka e.g. “2021-01-06T17:27:27Z” in order to get #inst “2021-01-06T17:27:27Z”
the java.time API
I think?
ah yeah, good one. was struggling with java.util.date 😅
This also works:
user=> #inst "2021-01-06T17:27:27Z"
#inst "2021-01-06T17:27:27.000-00:00"Ah I see:
user=> (java.time.ZonedDateTime/parse "2021-01-06T17:27:27Z")
#object[java.time.ZonedDateTime 0x42c2631c "2021-01-06T17:27:27Z"]thanks!
You might want java.time.Instant instead of java.time.ZonedDateTime. The latter carries around a timezone with it.
$ bb -e '(java.time.Instant/parse "2021-01-06T17:27:27Z")'
#object[java.time.Instant 0x608e84f "2021-01-06T17:27:27Z"]yeah, works
I made a dev channel for pod-babashka-aws-dev which is by invite, let me know if you're interested and I'll add you. This is only for dev discussions. Normal usage questions can go here.