Skip to content

GitLab

Unverified Commit 852a4409 authored by Maksym's avatar Maksym Committed by GitHub
Browse files

aws: split setting profile from changing profile (#9402) 

the change to assume a role when it is specified in configuration broke some workflows. This fix addresses that

Fixes #9394
parent 39c79493
Hide whitespace changes
Inline Side-by-side
plugins/aws/README.md
View file @ 852a4409
...@@ -15,6 +15,13 @@ plugins=(... aws) ...@@ -15,6 +15,13 @@ plugins=(... aws)
It also sets `$AWS_EB_PROFILE` to `<profile>` for the Elastic Beanstalk CLI. It also sets `$AWS_EB_PROFILE` to `<profile>` for the Elastic Beanstalk CLI.
Run `asp` without arguments to clear the profile. Run `asp` without arguments to clear the profile.
* `acp [<profile>]`: in addition to `asp` functionality, it actually changes the profile by
assuming the role specified in the `<profile>` configuration. It supports MFA and sets
`$AWS_ACCESS_KEY_ID`, `$AWS_SECRET_ACCESS_KEY` and `$AWS_SESSION_TOKEN`, if obtained. It
requires the roles to be configured as per the
[official guide](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html).
Run `acp` without arguments to clear the profile.
* `agp`: gets the current value of `$AWS_PROFILE`. * `agp`: gets the current value of `$AWS_PROFILE`.
* `aws_change_access_key`: changes the AWS access key of a profile. * `aws_change_access_key`: changes the AWS access key of a profile.
......
plugins/aws/aws.plugin.zsh
View file @ 852a4409
...@@ -4,6 +4,27 @@ function agp() { ...@@ -4,6 +4,27 @@ function agp() {
# AWS profile selection # AWS profile selection
function asp() { function asp() {
if [[ -z "$1" ]]; then
unset AWS_DEFAULT_PROFILE AWS_PROFILE AWS_EB_PROFILE
echo AWS profile cleared.
return
fi
local -a available_profiles
available_profiles=($(aws_profiles))
if [[ -z "${available_profiles[(r)$1]}" ]]; then
echo "${fg[red]}Profile '$1' not found in '${AWS_CONFIG_FILE:-$HOME/.aws/config}'" >&2
echo "Available profiles: ${(j:, :)available_profiles:-no profiles found}${reset_color}" >&2
return 1
fi
export AWS_DEFAULT_PROFILE=$1
export AWS_PROFILE=$1
export AWS_EB_PROFILE=$1
}
# AWS profile switch
function acp() {
if [[ -z "$1" ]]; then if [[ -z "$1" ]]; then
unset AWS_DEFAULT_PROFILE AWS_PROFILE AWS_EB_PROFILE AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN unset AWS_DEFAULT_PROFILE AWS_PROFILE AWS_EB_PROFILE AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN
echo AWS profile cleared. echo AWS profile cleared.
...@@ -34,7 +55,7 @@ function asp() { ...@@ -34,7 +55,7 @@ function asp() {
echo "Please enter the session duration in seconds (900-43200; default: 3600, which is the default maximum for a role):" echo "Please enter the session duration in seconds (900-43200; default: 3600, which is the default maximum for a role):"
read sess_duration read sess_duration
if [[ -z $sess_duration ]]; then if [[ -z $sess_duration ]]; then
sess_duration = 3600 sess_duration="3600"
fi fi
mfa_opt="--serial-number $mfa_serial --token-code $mfa_token --duration-seconds $sess_duration" mfa_opt="--serial-number $mfa_serial --token-code $mfa_token --duration-seconds $sess_duration"
fi fi
...@@ -100,6 +121,7 @@ function _aws_profiles() { ...@@ -100,6 +121,7 @@ function _aws_profiles() {
reply=($(aws_profiles)) reply=($(aws_profiles))
} }
compctl -K _aws_profiles asp aws_change_access_key compctl -K _aws_profiles asp aws_change_access_key
compctl -K _aws_profiles acp aws_change_access_key
# AWS prompt # AWS prompt
function aws_prompt_info() { function aws_prompt_info() {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment