Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
adam.huang
Ohmyzsh
Commits
23f9348e
Unverified
Commit
23f9348e
authored
Jul 13, 2021
by
Sergei Shvetsov
Committed by
GitHub
Jul 13, 2021
Browse files
fix(aws): allow for profile switch w/o MFA configured (#9924)
parent
e4f6f169
Changes
1
Hide whitespace changes
Inline
Side-by-side
plugins/aws/aws.plugin.zsh
View file @
23f9348e
...
@@ -62,47 +62,47 @@ function acp() {
...
@@ -62,47 +62,47 @@ function acp() {
read
-r
sess_duration
read
-r
sess_duration
fi
fi
mfa_opt
=(
--serial-number
"
$mfa_serial
"
--token-code
"
$mfa_token
"
--duration-seconds
"
${
sess_duration
:-
3600
}
"
)
mfa_opt
=(
--serial-number
"
$mfa_serial
"
--token-code
"
$mfa_token
"
--duration-seconds
"
${
sess_duration
:-
3600
}
"
)
fi
# Now see whether we need to just MFA for the current role, or assume a different one
# Now see whether we need to just MFA for the current role, or assume a different one
local
role_arn
=
"
$(
aws configure get role_arn
--profile
$profile
)
"
local
role_arn
=
"
$(
aws configure get role_arn
--profile
$profile
)
"
local
sess_name
=
"
$(
aws configure get role_session_name
--profile
$profile
)
"
local
sess_name
=
"
$(
aws configure get role_session_name
--profile
$profile
)
"
if
[[
-n
"
$role_arn
"
]]
;
then
# Means we need to assume a specified role
aws_command
=(
aws sts assume-role
--role-arn
"
$role_arn
"
"
${
mfa_opt
[@]
}
"
)
# Check whether external_id is configured to use while assuming the role
if
[[
-n
"
$role_arn
"
]]
;
then
local
external_id
=
"
$(
aws configure get external_id
--profile
$profile
)
"
# Means we need to assume a specified role
if
[[
-n
"
$external_id
"
]]
;
then
aws_command
=(
aws sts assume-role
--role-arn
"
$role_arn
"
"
${
mfa_opt
[@]
}
"
)
aws_command+
=(
--external-id
"
$external_id
"
)
fi
# Get source profile to use to assume role
# Check whether external_id is configured to use while assuming the role
local
source_profile
=
"
$(
aws configure get source_profile
--profile
$profile
)
"
local
external_id
=
"
$(
aws configure get external_id
--profile
$profile
)
"
if
[[
-z
"
$sess_name
"
]]
;
then
if
[[
-n
"
$external_id
"
]]
;
then
sess_name
=
"
${
source_profile
:-
profile
}
"
aws_command+
=(
--external-id
"
$external_id
"
)
fi
fi
aws_command+
=(
--profile
=
"
${
source_profile
:-
profile
}
"
--role-session-name
"
${
sess_name
}
"
)
echo
"Assuming role
$role_arn
using profile
${
source_profile
:-
profile
}
"
# Get source profile to use to assume role
else
local
source_profile
=
"
$(
aws configure get source_profile
--profile
$profile
)
"
# Means we only need to do MFA
if
[[
-z
"
$sess_name
"
]]
;
then
aws_command
=(
aws sts get-session-token
--profile
=
"
$profile
"
"
${
mfa_opt
[@]
}
"
)
sess_name
=
"
${
source_profile
:-
profile
}
"
echo
"Obtaining session token for profile
$profile
"
fi
fi
aws_command+
=(
--profile
=
"
${
source_profile
:-
profile
}
"
--role-session-name
"
${
sess_name
}
"
)
# Format output of aws command for easier processing
echo
"Assuming role
$role_arn
using profile
${
source_profile
:-
profile
}
"
aws_command+
=(
--query
'[Credentials.AccessKeyId,Credentials.SecretAccessKey,Credentials.SessionToken]'
--output
text
)
else
# Means we only need to do MFA
aws_command
=(
aws sts get-session-token
--profile
=
"
$profile
"
"
${
mfa_opt
[@]
}
"
)
echo
"Obtaining session token for profile
$profile
"
fi
# Run the aws command to obtain credentials
# Format output of aws command for easier processing
local
-a
credentials
aws_command+
=(
--query
'[Credentials.AccessKeyId,Credentials.SecretAccessKey,Credentials.SessionToken]'
--output
text
)
credentials
=(
${
(ps
:
\t
:
)
"
$(
${
aws_command
[@]
}
)
"
}
)
if
[[
-n
"
$credentials
"
]]
;
then
# Run the aws command to obtain credentials
aws_access_key_id
=
"
${
credentials
[1]
}
"
local
-a
credentials
aws_secret_access_key
=
"
${
credentials
[2]
}
"
credentials
=(
${
(ps
:
\t
:
)
"
$(
${
aws_command
[@]
}
)
"
}
)
aws_session_token
=
"
${
credentials
[3]
}
"
fi
if
[[
-n
"
$credentials
"
]]
;
then
aws_access_key_id
=
"
${
credentials
[1]
}
"
aws_secret_access_key
=
"
${
credentials
[2]
}
"
aws_session_token
=
"
${
credentials
[3]
}
"
fi
fi
# Switch to AWS profile
# Switch to AWS profile
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment