mirror of
https://github.com/Llewellynvdm/starship.git
synced 2024-12-25 19:21:08 +00:00
feat(aws): support aws sso with automatic authentication refresh (#5170)
* feat(aws): support aws sso with automatic authentication refresh * docs(aws): add sso_session for profile detection
This commit is contained in:
parent
20e251f261
commit
297176b0b8
@ -356,7 +356,7 @@ format = '$all$directory$character'
|
||||
The `aws` module shows the current AWS region and profile and an expiration timer when using temporary credentials.
|
||||
The output of the module uses the `AWS_REGION`, `AWS_DEFAULT_REGION`, and `AWS_PROFILE` env vars and the `~/.aws/config` and `~/.aws/credentials` files as required.
|
||||
|
||||
The module will display a profile only if its credentials are present in `~/.aws/credentials` or if a `credential_process` or `sso_start_url` are defined in `~/.aws/config`. Alternatively, having any of the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, or `AWS_SESSION_TOKEN` env vars defined will also suffice.
|
||||
The module will display a profile only if its credentials are present in `~/.aws/credentials` or if a `credential_process`, `sso_start_url`, or `sso_session` are defined in `~/.aws/config`. Alternatively, having any of the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, or `AWS_SESSION_TOKEN` env vars defined will also suffice.
|
||||
If the option `force_display` is set to `true`, all available information will be displayed even if no credentials per the conditions above are detected.
|
||||
|
||||
When using [aws-vault](https://github.com/99designs/aws-vault) the profile
|
||||
|
@ -174,6 +174,7 @@ fn has_credential_process_or_sso(
|
||||
|
||||
Some(
|
||||
config_section.contains_key("credential_process")
|
||||
|| config_section.contains_key("sso_session")
|
||||
|| config_section.contains_key("sso_start_url")
|
||||
|| credential_section?.contains_key("credential_process")
|
||||
|| credential_section?.contains_key("sso_start_url"),
|
||||
@ -996,7 +997,7 @@ credential_process = /opt/bin/awscreds-for-tests
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn sso_set() -> io::Result<()> {
|
||||
fn sso_legacy_set() -> io::Result<()> {
|
||||
let dir = tempfile::tempdir()?;
|
||||
let config_path = dir.path().join("config");
|
||||
let mut file = File::create(&config_path)?;
|
||||
@ -1026,6 +1027,40 @@ sso_role_name = <AWS-ROLE-NAME>
|
||||
dir.close()
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn sso_set() -> io::Result<()> {
|
||||
let dir = tempfile::tempdir()?;
|
||||
let config_path = dir.path().join("config");
|
||||
let mut config = File::create(&config_path)?;
|
||||
config.write_all(
|
||||
"[profile astronauts]
|
||||
sso_session = my-sso
|
||||
sso_account_id = 123456789011
|
||||
sso_role_name = readOnly
|
||||
region = us-west-2
|
||||
output = json
|
||||
|
||||
[sso-session my-sso]
|
||||
sso_region = us-east-1
|
||||
sso_start_url = https://starship.rs/sso
|
||||
sso_registration_scopes = sso:account:access
|
||||
"
|
||||
.as_bytes(),
|
||||
)?;
|
||||
|
||||
let actual = ModuleRenderer::new("aws")
|
||||
.env("AWS_CONFIG_FILE", config_path.to_string_lossy().as_ref())
|
||||
.env("AWS_PROFILE", "astronauts")
|
||||
.collect();
|
||||
let expected = Some(format!(
|
||||
"on {}",
|
||||
Color::Yellow.bold().paint("☁️ astronauts (us-west-2) ")
|
||||
));
|
||||
|
||||
assert_eq!(expected, actual);
|
||||
dir.close()
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn access_key_env_var_set() {
|
||||
let actual = ModuleRenderer::new("aws")
|
||||
|
Loading…
Reference in New Issue
Block a user