linux/ohmyzsh
1
0
Fork 0
mirror of https://github.com/ohmyzsh/ohmyzsh.git synced 2025-12-05 01:46:46 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge 8d095c1339 into e9fc134236

Browse source
This commit is contained in:
Paul Frederiksen 2025-12-02 10:06:52 -03:00 committed by GitHub
commit 32e623b509
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 30 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
plugins/aws/README.md
View file

@ -25,7 +25,8 @@ plugins=(... aws)
* `acp [<profile>] [<mfa_token>]`: in addition to `asp` functionality, it actually changes
the profile by assuming the role specified in the `<profile>` configuration. It supports
MFA and sets `$AWS_ACCESS_KEY_ID`, `$AWS_SECRET_ACCESS_KEY` and `$AWS_SESSION_TOKEN`, if
obtained. It requires the roles to be configured as per the
obtained. It automatically detects and performs SSO login for profiles that use AWS SSO,
including source profiles used for role assumption. It requires the roles to be configured as per the
[official guide](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html).
Run `acp` without arguments to clear the profile.

28
plugins/aws/aws.plugin.zsh
View file

@ -98,6 +98,27 @@ function acp() {
local profile="$1"
local mfa_token="$2"
# Check if profile uses SSO and perform SSO login if needed
if _aws_profile_uses_sso "$profile"; then
echo "Profile '$profile' uses SSO. Performing SSO login..."
aws sso login --profile "$profile"
if [[ $? -ne 0 ]]; then
echo "${fg[red]}SSO login failed for profile '$profile'${reset_color}" >&2
return 1
fi
else
# Check if source profile uses SSO (for role assumption)
local source_profile="$(aws configure get source_profile --profile $profile)"
if [[ -n "$source_profile" ]] && _aws_profile_uses_sso "$source_profile"; then
echo "Source profile '$source_profile' uses SSO. Performing SSO login..."
aws sso login --profile "$source_profile"
if [[ $? -ne 0 ]]; then
echo "${fg[red]}SSO login failed for source profile '$source_profile'${reset_color}" >&2
return 1
fi
fi
fi
# Get fallback credentials for if the aws command fails or no command is run
local aws_access_key_id="$(aws configure get aws_access_key_id --profile $profile)"
local aws_secret_access_key="$(aws configure get aws_secret_access_key --profile $profile)"
@ -244,6 +265,13 @@ function aws_profiles() {
grep --color=never -Eo '\[.*\]' "${AWS_CONFIG_FILE:-$HOME/.aws/config}" | sed -E 's/^[[:space:]]*\[(profile)?[[:space:]]*([^[:space:]]+)\][[:space:]]*$/\2/g'
}
# Check if a profile uses SSO
function _aws_profile_uses_sso() {
local profile="$1"
local sso_start_url="$(aws configure get sso_start_url --profile $profile 2>/dev/null)"
[[ -n "$sso_start_url" ]]
}
function _aws_regions() {
reply=($(aws_regions))
}