linux/ohmyzsh
1
0
Fork 0
mirror of https://github.com/ohmyzsh/ohmyzsh.git synced 2025-12-05 01:46:46 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(aws): add SSO login support to acp command

Browse source 
- Add _aws_profile_uses_sso() helper function to detect SSO configuration
- Modify acp() function to automatically perform SSO login when needed
- Support both direct SSO profiles and role profiles with SSO source profiles
- Update README.md to document the new SSO functionality

Fixes #10004
This commit is contained in:
Paul Frederiksen 2025-09-19 09:58:14 -07:00
commit 8d095c1339
2 changed files with 30 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
plugins/aws/README.md
View file

@ -25,7 +25,8 @@ plugins=(... aws)
* `acp [<profile>] [<mfa_token>]`: in addition to `asp` functionality, it actually changes
the profile by assuming the role specified in the `<profile>` configuration. It supports
MFA and sets `$AWS_ACCESS_KEY_ID`, `$AWS_SECRET_ACCESS_KEY` and `$AWS_SESSION_TOKEN`, if
obtained. It requires the roles to be configured as per the
obtained. It automatically detects and performs SSO login for profiles that use AWS SSO,
including source profiles used for role assumption. It requires the roles to be configured as per the
[official guide](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html).
Run `acp` without arguments to clear the profile.

28
plugins/aws/aws.plugin.zsh
View file

@ -98,6 +98,27 @@ function acp() {
local profile="$1"
local mfa_token="$2"
# Check if profile uses SSO and perform SSO login if needed
if _aws_profile_uses_sso "$profile"; then
echo "Profile '$profile' uses SSO. Performing SSO login..."
aws sso login --profile "$profile"
if [[ $? -ne 0 ]]; then
echo "${fg[red]}SSO login failed for profile '$profile'${reset_color}" >&2
return 1
fi
else
# Check if source profile uses SSO (for role assumption)
local source_profile="$(aws configure get source_profile --profile $profile)"
if [[ -n "$source_profile" ]] && _aws_profile_uses_sso "$source_profile"; then
echo "Source profile '$source_profile' uses SSO. Performing SSO login..."
aws sso login --profile "$source_profile"
if [[ $? -ne 0 ]]; then
echo "${fg[red]}SSO login failed for source profile '$source_profile'${reset_color}" >&2
return 1
fi
fi
fi
# Get fallback credentials for if the aws command fails or no command is run
local aws_access_key_id="$(aws configure get aws_access_key_id --profile $profile)"
local aws_secret_access_key="$(aws configure get aws_secret_access_key --profile $profile)"
@ -244,6 +265,13 @@ function aws_profiles() {
grep --color=never -Eo '\[.*\]' "${AWS_CONFIG_FILE:-$HOME/.aws/config}" | sed -E 's/^[[:space:]]*\[(profile)?[[:space:]]*([^[:space:]]+)\][[:space:]]*$/\2/g'
}
# Check if a profile uses SSO
function _aws_profile_uses_sso() {
local profile="$1"
local sso_start_url="$(aws configure get sso_start_url --profile $profile 2>/dev/null)"
[[ -n "$sso_start_url" ]]
}
function _aws_regions() {
reply=($(aws_regions))
}