1
0
mirror of https://github.com/Llewellynvdm/starship.git synced 2024-12-25 03:16:01 +00:00

feat(aws): Adds support for AWS_CREDENTIAL_EXPIRATION environment variable (#5002)

feat(aws): supports AWS_CREDENTIAL_EXPIRATION environment variable

Adds support for the AWS_CREDENTIAL_EXPIRATION environment variable
which was adopted as the standard way to set the expiration for
temporary credentials. The existing AWS_SESSION_EXPIRATION environment
variable is not dropped for backwards compatibility.

See https://github.com/aws/aws-cli/pull/7398
This commit is contained in:
Harry Hodge 2023-03-20 20:56:12 +00:00 committed by GitHub
parent 58d401acef
commit 74ce7fdbee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 32 additions and 23 deletions

View File

@ -1775,7 +1775,7 @@
"definitions": {
"AwsConfig": {
"title": "AWS",
"description": "The `aws` module shows the current AWS region and profile and an expiration timer when using temporary credentials. The output of the module uses the `AWS_REGION`, `AWS_DEFAULT_REGION`, and `AWS_PROFILE` env vars and the `~/.aws/config` and `~/.aws/credentials` files as required.\n\nThe module will display a profile only if its credentials are present in `~/.aws/credentials` or if a `credential_process` or `sso_start_url` are defined in `~/.aws/config`. Alternatively, having any of the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, or `AWS_SESSION_TOKEN` env vars defined will also suffice. If the option `force_display` is set to `true`, all available information will be displayed even if no credentials per the conditions above are detected.\n\nWhen using [aws-vault](https://github.com/99designs/aws-vault) the profile is read from the `AWS_VAULT` env var and the credentials expiration date is read from the `AWS_SESSION_EXPIRATION` env var.\n\nWhen using [awsu](https://github.com/kreuzwerker/awsu) the profile is read from the `AWSU_PROFILE` env var.\n\nWhen using [`AWSume`](https://awsu.me) the profile is read from the `AWSUME_PROFILE` env var and the credentials expiration date is read from the `AWSUME_EXPIRATION` env var.",
"description": "The `aws` module shows the current AWS region and profile and an expiration timer when using temporary credentials. The output of the module uses the `AWS_REGION`, `AWS_DEFAULT_REGION`, and `AWS_PROFILE` env vars and the `~/.aws/config` and `~/.aws/credentials` files as required.\n\nThe module will display a profile only if its credentials are present in `~/.aws/credentials` or if a `credential_process` or `sso_start_url` are defined in `~/.aws/config`. Alternatively, having any of the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, or `AWS_SESSION_TOKEN` env vars defined will also suffice. If the option `force_display` is set to `true`, all available information will be displayed even if no credentials per the conditions above are detected.\n\nWhen using [aws-vault](https://github.com/99designs/aws-vault) the profile is read from the `AWS_VAULT` env var and the credentials expiration date is read from the `AWS_SESSION_EXPIRATION` or `AWS_CREDENTIAL_EXPIRATION` var.\n\nWhen using [awsu](https://github.com/kreuzwerker/awsu) the profile is read from the `AWSU_PROFILE` env var.\n\nWhen using [`AWSume`](https://awsu.me) the profile is read from the `AWSUME_PROFILE` env var and the credentials expiration date is read from the `AWSUME_EXPIRATION` env var.",
"type": "object",
"properties": {
"format": {

View File

@ -18,7 +18,8 @@ use std::collections::HashMap;
///
/// When using [aws-vault](https://github.com/99designs/aws-vault) the profile
/// is read from the `AWS_VAULT` env var and the credentials expiration date
/// is read from the `AWS_SESSION_EXPIRATION` env var.
/// is read from the `AWS_SESSION_EXPIRATION` or `AWS_CREDENTIAL_EXPIRATION`
/// var.
///
/// When using [awsu](https://github.com/kreuzwerker/awsu) the profile
/// is read from the `AWSU_PROFILE` env var.

View File

@ -121,7 +121,11 @@ fn get_credentials_duration(
aws_profile: Option<&Profile>,
aws_creds: &AwsCredsFile,
) -> Option<i64> {
let expiration_env_vars = ["AWS_SESSION_EXPIRATION", "AWSUME_EXPIRATION"];
let expiration_env_vars = [
"AWS_CREDENTIAL_EXPIRATION",
"AWS_SESSION_EXPIRATION",
"AWSUME_EXPIRATION",
];
let expiration_date = if let Some(expiration_date) = expiration_env_vars
.iter()
.find_map(|env_var| context.get_env(env_var))
@ -636,28 +640,32 @@ credential_process = /opt/bin/awscreds-retriever
fn expiration_date_set() {
use chrono::{DateTime, NaiveDateTime, SecondsFormat, Utc};
let now_plus_half_hour: DateTime<Utc> = chrono::DateTime::from_utc(
NaiveDateTime::from_timestamp_opt(chrono::Local::now().timestamp() + 1800, 0).unwrap(),
Utc,
);
let expiration_env_vars = ["AWS_SESSION_EXPIRATION", "AWS_CREDENTIAL_EXPIRATION"];
expiration_env_vars.iter().for_each(|env_var| {
let now_plus_half_hour: DateTime<Utc> = chrono::DateTime::from_utc(
NaiveDateTime::from_timestamp_opt(chrono::Local::now().timestamp() + 1800, 0)
.unwrap(),
Utc,
);
let actual = ModuleRenderer::new("aws")
.env("AWS_PROFILE", "astronauts")
.env("AWS_REGION", "ap-northeast-2")
.env("AWS_ACCESS_KEY_ID", "dummy")
.env(
"AWS_SESSION_EXPIRATION",
now_plus_half_hour.to_rfc3339_opts(SecondsFormat::Secs, true),
)
.collect();
let expected = Some(format!(
"on {}",
Color::Yellow
.bold()
.paint("☁️ astronauts (ap-northeast-2) [30m] ")
));
let actual = ModuleRenderer::new("aws")
.env("AWS_PROFILE", "astronauts")
.env("AWS_REGION", "ap-northeast-2")
.env("AWS_ACCESS_KEY_ID", "dummy")
.env(
env_var,
now_plus_half_hour.to_rfc3339_opts(SecondsFormat::Secs, true),
)
.collect();
let expected = Some(format!(
"on {}",
Color::Yellow
.bold()
.paint("☁️ astronauts (ap-northeast-2) [30m] ")
));
assert_eq!(expected, actual);
assert_eq!(expected, actual);
});
}
#[test]