ryan
February 14, 2024, 5:46pm
1
The awsmp snap is a tool to create and manage aws marketplace offerings. For that, access to the marketplace API is required. The configuration/credentials to have access is stored under $HOME/.aws . That’s why awspub requires read access to the trio of files located there. The plug looks like:
dot-aws-config:
interface: personal-files
read:
- $HOME/.aws/config
dot-aws-credentials:
interface: personal-files
read:
- $HOME/.aws/credentials
dot-aws-models:
interface: personal-files
read:
- $HOME/.aws/models
The full snapcraft file can be found here
Also see here for previous discussion on another tool with identical permissions for more context if needed.
Given the purpose of this snap (to manage products on the AWS marketplace), read access to these locations seems entirely appropriate and expected.
+1 from me for the following use of personal-files for awsmp:
dot-aws-config:
interface: personal-files
read:
- $HOME/.aws/config
dot-aws-credentials:
interface: personal-files
read:
- $HOME/.aws/credentials
dot-aws-models:
interface: personal-files
read:
- $HOME/.aws/models
I agree with @alexmurray .
+1 also from me for granting awsmp auto-connection to the requested personal-files interfaces
ryan
February 29, 2024, 2:52pm
4
Hi all,
Is there anything else that I need to do here, or any other approvals necessary?
Thanks
cav
March 4, 2024, 2:22am
5
+2 votes for and 0 against. Granting auto-connection of the requested personal-files interfaces to awsmp. This is now live.
