fix(aws): accept sso credentials (#3718)
This commit is contained in:
parent
bae16b525d
commit
d7308203a9
|
@ -272,7 +272,7 @@ format = "$all$directory$character"
|
||||||
## AWS
|
## AWS
|
||||||
|
|
||||||
The `aws` module shows the current AWS region and profile when
|
The `aws` module shows the current AWS region and profile when
|
||||||
credentials or a `credential_process` have been setup. This is based on
|
credentials, a `credential_process` or a `sso_start_url` have been setup. This is based on
|
||||||
`AWS_REGION`, `AWS_DEFAULT_REGION`, and `AWS_PROFILE` env var with
|
`AWS_REGION`, `AWS_DEFAULT_REGION`, and `AWS_PROFILE` env var with
|
||||||
`~/.aws/config` file. This module also shows an expiration timer when using temporary
|
`~/.aws/config` file. This module also shows an expiration timer when using temporary
|
||||||
credentials.
|
credentials.
|
||||||
|
|
|
@ -119,8 +119,15 @@ fn alias_name(name: Option<String>, aliases: &HashMap<String, &str>) -> Option<S
|
||||||
.or(name)
|
.or(name)
|
||||||
}
|
}
|
||||||
|
|
||||||
fn get_credential_process(context: &Context, aws_profile: Option<&Profile>) -> Option<String> {
|
fn has_credential_process_or_sso(context: &Context, aws_profile: Option<&Profile>) -> bool {
|
||||||
let contents = read_file(get_config_file_path(context)?).ok()?;
|
let fp = match get_config_file_path(context) {
|
||||||
|
Some(fp) => fp,
|
||||||
|
None => return false,
|
||||||
|
};
|
||||||
|
let contents = match read_file(fp) {
|
||||||
|
Ok(contents) => contents,
|
||||||
|
Err(_) => return false,
|
||||||
|
};
|
||||||
|
|
||||||
let profile_line = if let Some(aws_profile) = aws_profile {
|
let profile_line = if let Some(aws_profile) = aws_profile {
|
||||||
format!("[profile {}]", aws_profile)
|
format!("[profile {}]", aws_profile)
|
||||||
|
@ -128,15 +135,12 @@ fn get_credential_process(context: &Context, aws_profile: Option<&Profile>) -> O
|
||||||
"[default]".to_string()
|
"[default]".to_string()
|
||||||
};
|
};
|
||||||
|
|
||||||
let cred_proc_line = contents
|
contents
|
||||||
.lines()
|
.lines()
|
||||||
.skip_while(|line| line != &profile_line)
|
.skip_while(|line| line != &profile_line)
|
||||||
.skip(1)
|
.skip(1)
|
||||||
.take_while(|line| !line.starts_with('['))
|
.take_while(|line| !line.starts_with('['))
|
||||||
.find(|line| line.starts_with("credential_process"))?;
|
.any(|line| line.starts_with("credential_process") || line.starts_with("sso_start_url"))
|
||||||
|
|
||||||
let cred_proc = cred_proc_line.split('=').nth(1)?.trim();
|
|
||||||
Some(cred_proc.to_string())
|
|
||||||
}
|
}
|
||||||
|
|
||||||
fn get_defined_credentials(context: &Context, aws_profile: Option<&Profile>) -> Option<String> {
|
fn get_defined_credentials(context: &Context, aws_profile: Option<&Profile>) -> Option<String> {
|
||||||
|
@ -182,7 +186,7 @@ pub fn module<'a>(context: &'a Context) -> Option<Module<'a>> {
|
||||||
}
|
}
|
||||||
|
|
||||||
// only display if credential_process is defined or has valid credentials
|
// only display if credential_process is defined or has valid credentials
|
||||||
if get_credential_process(context, aws_profile.as_ref()).is_none()
|
if !has_credential_process_or_sso(context, aws_profile.as_ref())
|
||||||
&& get_defined_credentials(context, aws_profile.as_ref()).is_none()
|
&& get_defined_credentials(context, aws_profile.as_ref()).is_none()
|
||||||
{
|
{
|
||||||
return None;
|
return None;
|
||||||
|
@ -844,6 +848,37 @@ credential_process = /opt/bin/awscreds-retriever
|
||||||
dir.close()
|
dir.close()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn sso_set() -> io::Result<()> {
|
||||||
|
let dir = tempfile::tempdir()?;
|
||||||
|
let config_path = dir.path().join("config");
|
||||||
|
let mut file = File::create(&config_path)?;
|
||||||
|
|
||||||
|
file.write_all(
|
||||||
|
"[default]
|
||||||
|
region = ap-northeast-2
|
||||||
|
sso_start_url = https://starship.rs/sso
|
||||||
|
sso_region = <SSO-Default-Region>
|
||||||
|
sso_account_id = <AWS ACCOUNT ID>
|
||||||
|
sso_role_name = <AWS-ROLE-NAME>
|
||||||
|
"
|
||||||
|
.as_bytes(),
|
||||||
|
)?;
|
||||||
|
|
||||||
|
file.sync_all()?;
|
||||||
|
|
||||||
|
let actual = ModuleRenderer::new("aws")
|
||||||
|
.env("AWS_CONFIG_FILE", config_path.to_string_lossy().as_ref())
|
||||||
|
.collect();
|
||||||
|
let expected = Some(format!(
|
||||||
|
"on {}",
|
||||||
|
Color::Yellow.bold().paint("☁️ (ap-northeast-2) ")
|
||||||
|
));
|
||||||
|
|
||||||
|
assert_eq!(expected, actual);
|
||||||
|
dir.close()
|
||||||
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn access_key_env_var_set() {
|
fn access_key_env_var_set() {
|
||||||
let actual = ModuleRenderer::new("aws")
|
let actual = ModuleRenderer::new("aws")
|
||||||
|
|
Loading…
Reference in New Issue