The awspub snap is a tool to publish images (usually local .vmdk files) to EC2. For that, access to the EC2 API is required. And the configuration/credentials to have access is stored under $HOME/.aws . That’s why awspub requires read access to that directory. The plug looks like:
Whilst access to dot directories not owned by the snapped application is not typically granted, it should not be surprising that an application with this name and functionally requires access to aws configuration/credentials. Thus I will be happy to support this request after renaming the interface to fit the convention we typically use in these requests (dot-aws) and vetting the publisher.
That’s all for now, you need to wait during the voting period for other reviewers approval. If you get the required votes, a reviewer will contact you for the vetting and the auto-connection would be granted afterwards
+1 for granting read access to $HOME/.aws via personal-files interface
Since it seems awspub only needs access to config/credential files inside the directory, can you please limit the access to those files instead? So this should be:
Also, can you please:
Clarify in the snap description this is not an official AWS snap but a Canonical one? This should help to prevent any issue with AWS and with snap users.
Describe if possible how awspub is expected to be used/configured? I ask since this snap is not the clear owner of the $HOME/.aws, so in this case, the user voice in allowing the auto-connection is preferable (i.e I vote for only use but not auto-connect unless necessary).