1
0
mirror of https://github.com/Llewellynvdm/starship.git synced 2024-12-25 19:21:08 +00:00

feat(aws): support aws sso with automatic authentication refresh (#5170)

* feat(aws): support aws sso with automatic authentication refresh

* docs(aws): add sso_session for profile detection
This commit is contained in:
kensasongko 2023-05-09 12:53:45 +07:00 committed by GitHub
parent 20e251f261
commit 297176b0b8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 37 additions and 2 deletions

View File

@ -356,7 +356,7 @@ format = '$all$directory$character'
The `aws` module shows the current AWS region and profile and an expiration timer when using temporary credentials.
The output of the module uses the `AWS_REGION`, `AWS_DEFAULT_REGION`, and `AWS_PROFILE` env vars and the `~/.aws/config` and `~/.aws/credentials` files as required.
The module will display a profile only if its credentials are present in `~/.aws/credentials` or if a `credential_process` or `sso_start_url` are defined in `~/.aws/config`. Alternatively, having any of the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, or `AWS_SESSION_TOKEN` env vars defined will also suffice.
The module will display a profile only if its credentials are present in `~/.aws/credentials` or if a `credential_process`, `sso_start_url`, or `sso_session` are defined in `~/.aws/config`. Alternatively, having any of the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, or `AWS_SESSION_TOKEN` env vars defined will also suffice.
If the option `force_display` is set to `true`, all available information will be displayed even if no credentials per the conditions above are detected.
When using [aws-vault](https://github.com/99designs/aws-vault) the profile

View File

@ -174,6 +174,7 @@ fn has_credential_process_or_sso(
Some(
config_section.contains_key("credential_process")
|| config_section.contains_key("sso_session")
|| config_section.contains_key("sso_start_url")
|| credential_section?.contains_key("credential_process")
|| credential_section?.contains_key("sso_start_url"),
@ -996,7 +997,7 @@ credential_process = /opt/bin/awscreds-for-tests
}
#[test]
fn sso_set() -> io::Result<()> {
fn sso_legacy_set() -> io::Result<()> {
let dir = tempfile::tempdir()?;
let config_path = dir.path().join("config");
let mut file = File::create(&config_path)?;
@ -1026,6 +1027,40 @@ sso_role_name = <AWS-ROLE-NAME>
dir.close()
}
#[test]
fn sso_set() -> io::Result<()> {
let dir = tempfile::tempdir()?;
let config_path = dir.path().join("config");
let mut config = File::create(&config_path)?;
config.write_all(
"[profile astronauts]
sso_session = my-sso
sso_account_id = 123456789011
sso_role_name = readOnly
region = us-west-2
output = json
[sso-session my-sso]
sso_region = us-east-1
sso_start_url = https://starship.rs/sso
sso_registration_scopes = sso:account:access
"
.as_bytes(),
)?;
let actual = ModuleRenderer::new("aws")
.env("AWS_CONFIG_FILE", config_path.to_string_lossy().as_ref())
.env("AWS_PROFILE", "astronauts")
.collect();
let expected = Some(format!(
"on {}",
Color::Yellow.bold().paint("☁️ astronauts (us-west-2) ")
));
assert_eq!(expected, actual);
dir.close()
}
#[test]
fn access_key_env_var_set() {
let actual = ModuleRenderer::new("aws")