Hi everyone, I’m one of the developer behind lookauth-lite https://snapcraft.io/lookauth-lite/listing, I would like to request classic confinement as lookauth is a tool that manages AWS credentials and permissions for the user by manipulating the credential file in .aws folder which is typically installed in the user’s home directory.
In general this tool needs the same permission levels of AWS cli which is already deployed in classic confinement.
Thanks in advance for any notice,
Alessandro
@reviewers and @beSharp, This might be covered by a personal-files interface, though the credentials are seemingly shared among several applications so it might be incorrect use of that interface. Alternatively we could look to adding an AWS credentials interface similar to the ssh-keys interface?
Yes this is one of the reason we would like to maintain the solution as simple as possible, also because many additional libraries read or manage the credentials’ chain in different ways.
I think this app should be given the classic permissions, i use the deb version but the snap version is impossible to use since it does not rewrite the aws credentials file correctly.
This app makes basically the same actions of the aws cli, it should be deployed in classic mode just like the aws cli from snapcraft.
As @lucyllewy says above, the need to access or manage ~/.aws is not sufficient reason to grant classic confinement and instead this is better served by a personal-files interface for write to ~/.aws - however since lookauth-lite is not a clear owner of this path this may be problematic to grant auto-connection for (although the description of lookauth-lite does make it clear that the snap is used to manage AWS credentials etc so perhaps this would be sufficient).
@beSharp could you please see if a personal-files declaration as described above is sufficient for lookauth-lite and we can then perhaps look at changing this request from classic confinement to auto-connection of personal-files instead?
@beSharp I am removing this request from our queue but will re-add it if you can provide the requested information.
