Unset environment variables more consistently.

mozilla_aws_cli/login.py

@@ -38,6 +38,16 @@
     "SecretAccessKey": "AWS_SECRET_ACCESS_KEY",
     "SessionToken": "AWS_SESSION_TOKEN",
 }
+# List of environment variables that will be cleared if they are not set.
+ENV_VARIABLE_NAMES = [
+    "AWS_ACCESS_KEY_ID",
+    "AWS_PROFILE",
+    "AWS_SECRET_ACCESS_KEY",
+    "AWS_SECURITY_TOKEN",
+    "AWS_SESSION_EXPIRATION",
+    "AWS_SESSION_TOKEN",
+    "AWS_SHARED_CREDENTIALS_FILE",
+]
 
 
 class Login:
@@ -414,13 +424,8 @@ def print_output(self):
 
             if self.output == "envvar":
                 output_map.update(
-                    {ENV_VARIABLE_NAME_MAP[x]: self.credentials[x]
-                     for x in self.credentials
-                     if x in ENV_VARIABLE_NAME_MAP})
-                output_map.update({
-                    "AWS_PROFILE": None,
-                    "AWS_SHARED_CREDENTIALS_FILE": None,
-                    "MAWS_PROMPT": self.display_name})
+                    {var: self.credentials.get(key)
+                     for key, var in ENV_VARIABLE_NAME_MAP.items()})
             elif self.output == "shared":
                 # Write the credentials
                 path = write_aws_shared_credentials(
@@ -429,20 +434,12 @@ def print_output(self):
                 if path:
                     output_map.update({
                         "AWS_PROFILE": self.profile_name,
-                        "AWS_SHARED_CREDENTIALS_FILE": path,
-                        "MAWS_PROMPT": self.display_name})
-                    output_map.update({
-                        x: None for x in ENV_VARIABLE_NAME_MAP.values()})
+                        "AWS_SHARED_CREDENTIALS_FILE": path})
             elif self.output == "awscli":
                 # Call into aws a bunch of times
                 if write_aws_cli_credentials(self.profile_name,
                                              self.credentials):
-                    output_map.update({
-                        "AWS_PROFILE": self.profile_name,
-                        "AWS_SHARED_CREDENTIALS_FILE": None,
-                        "MAWS_PROMPT": self.display_name})
-                    output_map.update({
-                        x: None for x in ENV_VARIABLE_NAME_MAP.values()})
+                    output_map["AWS_PROFILE"] = self.profile_name
                 else:
                     logger.error("Unable to write credentials with aws-cli.")
             elif self.output == "boto":
@@ -469,13 +466,13 @@ def print_output(self):
                 raise ValueError(
                     "Output setting unknown : {}".format(self.output))
 
-            if 'ExpirationSeconds' in self.credentials:
-                output_map['AWS_SESSION_EXPIRATION'] = self.credentials['ExpirationSeconds']
-
-            message = "Environment variables set for role {}".format(
-                self.role_arn) if self.print_role_arn else None
-
-            if output_map and self.print_output_map:
+            if self.print_output_map:
+                output_map['AWS_SESSION_EXPIRATION'] = self.credentials.get('ExpirationSeconds')
+                output_map["MAWS_PROMPT"] = self.display_name
+                for name in ENV_VARIABLE_NAMES:
+                    output_map.setdefault(name, None)
+                message = "Environment variables set for role {}".format(
+                    self.role_arn) if self.print_role_arn else None
                 print(output_set_env_vars(output_map, message))
 
             if self.web_console or self.print_url: