mirror of
https://github.com/Llewellynvdm/starship.git
synced 2024-06-12 13:22:20 +00:00
feat(aws): support aws sso with automatic authentication refresh (#5170)
* feat(aws): support aws sso with automatic authentication refresh * docs(aws): add sso_session for profile detection
This commit is contained in:
parent
20e251f261
commit
297176b0b8
|
@ -356,7 +356,7 @@ format = '$all$directory$character'
|
||||||
The `aws` module shows the current AWS region and profile and an expiration timer when using temporary credentials.
|
The `aws` module shows the current AWS region and profile and an expiration timer when using temporary credentials.
|
||||||
The output of the module uses the `AWS_REGION`, `AWS_DEFAULT_REGION`, and `AWS_PROFILE` env vars and the `~/.aws/config` and `~/.aws/credentials` files as required.
|
The output of the module uses the `AWS_REGION`, `AWS_DEFAULT_REGION`, and `AWS_PROFILE` env vars and the `~/.aws/config` and `~/.aws/credentials` files as required.
|
||||||
|
|
||||||
The module will display a profile only if its credentials are present in `~/.aws/credentials` or if a `credential_process` or `sso_start_url` are defined in `~/.aws/config`. Alternatively, having any of the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, or `AWS_SESSION_TOKEN` env vars defined will also suffice.
|
The module will display a profile only if its credentials are present in `~/.aws/credentials` or if a `credential_process`, `sso_start_url`, or `sso_session` are defined in `~/.aws/config`. Alternatively, having any of the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, or `AWS_SESSION_TOKEN` env vars defined will also suffice.
|
||||||
If the option `force_display` is set to `true`, all available information will be displayed even if no credentials per the conditions above are detected.
|
If the option `force_display` is set to `true`, all available information will be displayed even if no credentials per the conditions above are detected.
|
||||||
|
|
||||||
When using [aws-vault](https://github.com/99designs/aws-vault) the profile
|
When using [aws-vault](https://github.com/99designs/aws-vault) the profile
|
||||||
|
|
|
@ -174,6 +174,7 @@ fn has_credential_process_or_sso(
|
||||||
|
|
||||||
Some(
|
Some(
|
||||||
config_section.contains_key("credential_process")
|
config_section.contains_key("credential_process")
|
||||||
|
|| config_section.contains_key("sso_session")
|
||||||
|| config_section.contains_key("sso_start_url")
|
|| config_section.contains_key("sso_start_url")
|
||||||
|| credential_section?.contains_key("credential_process")
|
|| credential_section?.contains_key("credential_process")
|
||||||
|| credential_section?.contains_key("sso_start_url"),
|
|| credential_section?.contains_key("sso_start_url"),
|
||||||
|
@ -996,7 +997,7 @@ credential_process = /opt/bin/awscreds-for-tests
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn sso_set() -> io::Result<()> {
|
fn sso_legacy_set() -> io::Result<()> {
|
||||||
let dir = tempfile::tempdir()?;
|
let dir = tempfile::tempdir()?;
|
||||||
let config_path = dir.path().join("config");
|
let config_path = dir.path().join("config");
|
||||||
let mut file = File::create(&config_path)?;
|
let mut file = File::create(&config_path)?;
|
||||||
|
@ -1026,6 +1027,40 @@ sso_role_name = <AWS-ROLE-NAME>
|
||||||
dir.close()
|
dir.close()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn sso_set() -> io::Result<()> {
|
||||||
|
let dir = tempfile::tempdir()?;
|
||||||
|
let config_path = dir.path().join("config");
|
||||||
|
let mut config = File::create(&config_path)?;
|
||||||
|
config.write_all(
|
||||||
|
"[profile astronauts]
|
||||||
|
sso_session = my-sso
|
||||||
|
sso_account_id = 123456789011
|
||||||
|
sso_role_name = readOnly
|
||||||
|
region = us-west-2
|
||||||
|
output = json
|
||||||
|
|
||||||
|
[sso-session my-sso]
|
||||||
|
sso_region = us-east-1
|
||||||
|
sso_start_url = https://starship.rs/sso
|
||||||
|
sso_registration_scopes = sso:account:access
|
||||||
|
"
|
||||||
|
.as_bytes(),
|
||||||
|
)?;
|
||||||
|
|
||||||
|
let actual = ModuleRenderer::new("aws")
|
||||||
|
.env("AWS_CONFIG_FILE", config_path.to_string_lossy().as_ref())
|
||||||
|
.env("AWS_PROFILE", "astronauts")
|
||||||
|
.collect();
|
||||||
|
let expected = Some(format!(
|
||||||
|
"on {}",
|
||||||
|
Color::Yellow.bold().paint("☁️ astronauts (us-west-2) ")
|
||||||
|
));
|
||||||
|
|
||||||
|
assert_eq!(expected, actual);
|
||||||
|
dir.close()
|
||||||
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn access_key_env_var_set() {
|
fn access_key_env_var_set() {
|
||||||
let actual = ModuleRenderer::new("aws")
|
let actual = ModuleRenderer::new("aws")
|
||||||
|
|
Loading…
Reference in New Issue
Block a user