From 6d96df3c6828161bb9dc922fe45ef35a1ce33771 Mon Sep 17 00:00:00 2001 From: Stefan Richter Date: Sat, 16 Dec 2023 23:20:58 -0800 Subject: [PATCH] feat(aws): Adding the AWS SSO CLI env variable to profile list (#5640) Adding the AWS SSO CLI env variable to profile list Adding support for the profile env variable used by https://github.com/synfinatic/aws-sso-cli --- .github/config-schema.json | 2 +- docs/config/README.md | 3 +++ src/configs/aws.rs | 3 +++ src/modules/aws.rs | 22 +++++++++++++++++++++- 4 files changed, 28 insertions(+), 2 deletions(-) diff --git a/.github/config-schema.json b/.github/config-schema.json index 22b938e0c..a036fddb8 100644 --- a/.github/config-schema.json +++ b/.github/config-schema.json @@ -1847,7 +1847,7 @@ "definitions": { "AwsConfig": { "title": "AWS", - "description": "The `aws` module shows the current AWS region and profile and an expiration timer when using temporary credentials. The output of the module uses the `AWS_REGION`, `AWS_DEFAULT_REGION`, and `AWS_PROFILE` env vars and the `~/.aws/config` and `~/.aws/credentials` files as required.\n\nThe module will display a profile only if its credentials are present in `~/.aws/credentials` or if a `credential_process` or `sso_start_url` are defined in `~/.aws/config`. Alternatively, having any of the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, or `AWS_SESSION_TOKEN` env vars defined will also suffice. If the option `force_display` is set to `true`, all available information will be displayed even if no credentials per the conditions above are detected.\n\nWhen using [aws-vault](https://github.com/99designs/aws-vault) the profile is read from the `AWS_VAULT` env var and the credentials expiration date is read from the `AWS_SESSION_EXPIRATION` or `AWS_CREDENTIAL_EXPIRATION` var.\n\nWhen using [awsu](https://github.com/kreuzwerker/awsu) the profile is read from the `AWSU_PROFILE` env var.\n\nWhen using [`AWSume`](https://awsu.me) the profile is read from the `AWSUME_PROFILE` env var and the credentials expiration date is read from the `AWSUME_EXPIRATION` env var.", + "description": "The `aws` module shows the current AWS region and profile and an expiration timer when using temporary credentials. The output of the module uses the `AWS_REGION`, `AWS_DEFAULT_REGION`, and `AWS_PROFILE` env vars and the `~/.aws/config` and `~/.aws/credentials` files as required.\n\nThe module will display a profile only if its credentials are present in `~/.aws/credentials` or if a `credential_process` or `sso_start_url` are defined in `~/.aws/config`. Alternatively, having any of the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, or `AWS_SESSION_TOKEN` env vars defined will also suffice. If the option `force_display` is set to `true`, all available information will be displayed even if no credentials per the conditions above are detected.\n\nWhen using [aws-vault](https://github.com/99designs/aws-vault) the profile is read from the `AWS_VAULT` env var and the credentials expiration date is read from the `AWS_SESSION_EXPIRATION` or `AWS_CREDENTIAL_EXPIRATION` var.\n\nWhen using [awsu](https://github.com/kreuzwerker/awsu) the profile is read from the `AWSU_PROFILE` env var.\n\nWhen using [`AWSume`](https://awsu.me) the profile is read from the `AWSUME_PROFILE` env var and the credentials expiration date is read from the `AWSUME_EXPIRATION` env var.\n\nWhen using [aws-sso-cli](https://github.com/synfinatic/aws-sso-cli) the profile is read from the `AWS_SSO_PROFILE` env var.", "type": "object", "properties": { "format": { diff --git a/docs/config/README.md b/docs/config/README.md index 0bb393fcb..25b52b0d9 100644 --- a/docs/config/README.md +++ b/docs/config/README.md @@ -383,6 +383,9 @@ date is read from the `AWSUME_EXPIRATION` env var. When using [saml2aws](https://github.com/Versent/saml2aws) the expiration information obtained from `~/.aws/credentials` falls back to the `x_security_token_expires` key. +When using [aws-sso-cli](https://github.com/synfinatic/aws-sso-cli) the profile +is read from the `AWS_SSO_PROFILE` env var. + ### Options | Option | Default | Description | diff --git a/src/configs/aws.rs b/src/configs/aws.rs index 92e981d4d..22be05422 100644 --- a/src/configs/aws.rs +++ b/src/configs/aws.rs @@ -27,6 +27,9 @@ use std::collections::HashMap; /// When using [`AWSume`](https://awsu.me) the profile /// is read from the `AWSUME_PROFILE` env var and the credentials expiration /// date is read from the `AWSUME_EXPIRATION` env var. +/// +/// When using [aws-sso-cli](https://github.com/synfinatic/aws-sso-cli) the profile +/// is read from the `AWS_SSO_PROFILE` env var. pub struct AwsConfig<'a> { /// The format for the module. pub format: &'a str, diff --git a/src/modules/aws.rs b/src/modules/aws.rs index 115c5bbbb..0a5a0176e 100644 --- a/src/modules/aws.rs +++ b/src/modules/aws.rs @@ -97,7 +97,13 @@ fn get_aws_profile_and_region( context: &Context, aws_config: &AwsConfigFile, ) -> (Option, Option) { - let profile_env_vars = ["AWSU_PROFILE", "AWS_VAULT", "AWSUME_PROFILE", "AWS_PROFILE"]; + let profile_env_vars = [ + "AWSU_PROFILE", + "AWS_VAULT", + "AWSUME_PROFILE", + "AWS_PROFILE", + "AWS_SSO_PROFILE", + ]; let region_env_vars = ["AWS_REGION", "AWS_DEFAULT_REGION"]; let profile = profile_env_vars .iter() @@ -414,6 +420,20 @@ mod tests { assert_eq!(expected, actual); } + #[test] + fn profile_set_from_awsssocli() { + let actual = ModuleRenderer::new("aws") + .env("AWS_SSO_PROFILE", "astronauts-awsssocli") + .env("AWS_ACCESS_KEY_ID", "dummy") + .collect(); + let expected = Some(format!( + "on {}", + Color::Yellow.bold().paint("☁️ astronauts-awsssocli ") + )); + + assert_eq!(expected, actual); + } + #[test] fn profile_and_region_set() { let actual = ModuleRenderer::new("aws")