1
0
mirror of https://github.com/Llewellynvdm/starship.git synced 2024-11-28 15:56:28 +00:00

feat(aws): add a fallback for expiration key (#4455)

* feat(aws): add a fallback for `expiration`

* fix(aws): intermittent test failures

- extend the time range from `-2s,0s` to `-5s,+2s`

* fix: `docs/config/README.md` readability

Co-authored-by: David Knaack <davidkna@users.noreply.github.com>

Co-authored-by: David Knaack <davidkna@users.noreply.github.com>
This commit is contained in:
Liang Yun Gong 2022-10-16 00:16:07 +08:00 committed by GitHub
parent 865e68da3a
commit 5a2c85d078
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 54 additions and 40 deletions

View File

@ -328,6 +328,9 @@ When using [AWSume](https://awsu.me) the profile
is read from the `AWSUME_PROFILE` env var and the credentials expiration is read from the `AWSUME_PROFILE` env var and the credentials expiration
date is read from the `AWSUME_EXPIRATION` env var. date is read from the `AWSUME_EXPIRATION` env var.
When using [saml2aws](https://github.com/Versent/saml2aws) the expiration information obtained from `~/.aws/credentials`
falls back to the `x_security_token_expires` key.
### Options ### Options
| Option | Default | Description | | Option | Default | Description |

View File

@ -131,8 +131,10 @@ fn get_credentials_duration(
let creds = get_creds(context, aws_creds)?; let creds = get_creds(context, aws_creds)?;
let section = get_profile_creds(creds, aws_profile)?; let section = get_profile_creds(creds, aws_profile)?;
section let expiration_keys = ["expiration", "x_security_token_expires"];
.get("expiration") expiration_keys
.iter()
.find_map(|expiration_key| section.get(expiration_key))
.and_then(|expiration| DateTime::parse_from_rfc3339(expiration).ok()) .and_then(|expiration| DateTime::parse_from_rfc3339(expiration).ok())
}?; }?;
@ -655,17 +657,20 @@ credential_process = /opt/bin/awscreds-retriever
let expiration_date = now_plus_half_hour.to_rfc3339_opts(chrono::SecondsFormat::Secs, true); let expiration_date = now_plus_half_hour.to_rfc3339_opts(chrono::SecondsFormat::Secs, true);
let expiration_keys = ["expiration", "x_security_token_expires"];
expiration_keys.iter().for_each(|key| {
file.write_all( file.write_all(
format!( format!(
"[astronauts] "[astronauts]
aws_access_key_id=dummy aws_access_key_id=dummy
aws_secret_access_key=dummy aws_secret_access_key=dummy
expiration={} {}={}
", ",
expiration_date key, expiration_date
) )
.as_bytes(), .as_bytes(),
)?; )
.unwrap();
let actual = ModuleRenderer::new("aws") let actual = ModuleRenderer::new("aws")
.env("AWS_PROFILE", "astronauts") .env("AWS_PROFILE", "astronauts")
@ -691,8 +696,10 @@ expiration={}
); );
// In principle, "30m" should be correct. However, bad luck in scheduling // In principle, "30m" should be correct. However, bad luck in scheduling
// on shared runners may delay it. Allow for up to 2 seconds of delay. // on shared runners may delay it.
let possible_values = ["30m", "29m59s", "29m58s"]; let possible_values = [
"30m2s", "30m1s", "30m", "29m59s", "29m58s", "29m57s", "29m56s", "29m55s",
];
let possible_values = possible_values.map(|duration| { let possible_values = possible_values.map(|duration| {
let segment_colored = format!("☁️ astronauts (ap-northeast-2) [{}] ", duration); let segment_colored = format!("☁️ astronauts (ap-northeast-2) [{}] ", duration);
Some(format!( Some(format!(
@ -701,7 +708,11 @@ expiration={}
)) ))
}); });
assert!(possible_values.contains(&actual)); assert!(
possible_values.contains(&actual),
"time is not in range: {actual:?}"
);
});
dir.close() dir.close()
} }