mirror of
https://github.com/ohmyzsh/ohmyzsh.git
synced 2024-12-12 20:21:02 +01:00
fix(aws): allow for profile switch w/o MFA configured (#9924)
This commit is contained in:
parent
e4f6f1698d
commit
23f9348e2c
1 changed files with 35 additions and 35 deletions
|
@ -62,47 +62,47 @@ function acp() {
|
||||||
read -r sess_duration
|
read -r sess_duration
|
||||||
fi
|
fi
|
||||||
mfa_opt=(--serial-number "$mfa_serial" --token-code "$mfa_token" --duration-seconds "${sess_duration:-3600}")
|
mfa_opt=(--serial-number "$mfa_serial" --token-code "$mfa_token" --duration-seconds "${sess_duration:-3600}")
|
||||||
|
fi
|
||||||
|
|
||||||
# Now see whether we need to just MFA for the current role, or assume a different one
|
# Now see whether we need to just MFA for the current role, or assume a different one
|
||||||
local role_arn="$(aws configure get role_arn --profile $profile)"
|
local role_arn="$(aws configure get role_arn --profile $profile)"
|
||||||
local sess_name="$(aws configure get role_session_name --profile $profile)"
|
local sess_name="$(aws configure get role_session_name --profile $profile)"
|
||||||
|
|
||||||
if [[ -n "$role_arn" ]]; then
|
if [[ -n "$role_arn" ]]; then
|
||||||
# Means we need to assume a specified role
|
# Means we need to assume a specified role
|
||||||
aws_command=(aws sts assume-role --role-arn "$role_arn" "${mfa_opt[@]}")
|
aws_command=(aws sts assume-role --role-arn "$role_arn" "${mfa_opt[@]}")
|
||||||
|
|
||||||
# Check whether external_id is configured to use while assuming the role
|
# Check whether external_id is configured to use while assuming the role
|
||||||
local external_id="$(aws configure get external_id --profile $profile)"
|
local external_id="$(aws configure get external_id --profile $profile)"
|
||||||
if [[ -n "$external_id" ]]; then
|
if [[ -n "$external_id" ]]; then
|
||||||
aws_command+=(--external-id "$external_id")
|
aws_command+=(--external-id "$external_id")
|
||||||
fi
|
|
||||||
|
|
||||||
# Get source profile to use to assume role
|
|
||||||
local source_profile="$(aws configure get source_profile --profile $profile)"
|
|
||||||
if [[ -z "$sess_name" ]]; then
|
|
||||||
sess_name="${source_profile:-profile}"
|
|
||||||
fi
|
|
||||||
aws_command+=(--profile="${source_profile:-profile}" --role-session-name "${sess_name}")
|
|
||||||
|
|
||||||
echo "Assuming role $role_arn using profile ${source_profile:-profile}"
|
|
||||||
else
|
|
||||||
# Means we only need to do MFA
|
|
||||||
aws_command=(aws sts get-session-token --profile="$profile" "${mfa_opt[@]}")
|
|
||||||
echo "Obtaining session token for profile $profile"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Format output of aws command for easier processing
|
# Get source profile to use to assume role
|
||||||
aws_command+=(--query '[Credentials.AccessKeyId,Credentials.SecretAccessKey,Credentials.SessionToken]' --output text)
|
local source_profile="$(aws configure get source_profile --profile $profile)"
|
||||||
|
if [[ -z "$sess_name" ]]; then
|
||||||
# Run the aws command to obtain credentials
|
sess_name="${source_profile:-profile}"
|
||||||
local -a credentials
|
|
||||||
credentials=(${(ps:\t:)"$(${aws_command[@]})"})
|
|
||||||
|
|
||||||
if [[ -n "$credentials" ]]; then
|
|
||||||
aws_access_key_id="${credentials[1]}"
|
|
||||||
aws_secret_access_key="${credentials[2]}"
|
|
||||||
aws_session_token="${credentials[3]}"
|
|
||||||
fi
|
fi
|
||||||
|
aws_command+=(--profile="${source_profile:-profile}" --role-session-name "${sess_name}")
|
||||||
|
|
||||||
|
echo "Assuming role $role_arn using profile ${source_profile:-profile}"
|
||||||
|
else
|
||||||
|
# Means we only need to do MFA
|
||||||
|
aws_command=(aws sts get-session-token --profile="$profile" "${mfa_opt[@]}")
|
||||||
|
echo "Obtaining session token for profile $profile"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Format output of aws command for easier processing
|
||||||
|
aws_command+=(--query '[Credentials.AccessKeyId,Credentials.SecretAccessKey,Credentials.SessionToken]' --output text)
|
||||||
|
|
||||||
|
# Run the aws command to obtain credentials
|
||||||
|
local -a credentials
|
||||||
|
credentials=(${(ps:\t:)"$(${aws_command[@]})"})
|
||||||
|
|
||||||
|
if [[ -n "$credentials" ]]; then
|
||||||
|
aws_access_key_id="${credentials[1]}"
|
||||||
|
aws_secret_access_key="${credentials[2]}"
|
||||||
|
aws_session_token="${credentials[3]}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Switch to AWS profile
|
# Switch to AWS profile
|
||||||
|
|
Loading…
Reference in a new issue