feat(aws): accept aws mfa tokencode on `acp` cli call (#10130)

Co-authored-by: Mike Mattice <mmattice@reliant.io>
pull/10602/head
Mike Mattice 2022-01-19 08:58:34 -06:00 committed by GitHub
parent 22c11da108
commit fe9d87d6dc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 7 deletions

View File

@ -16,10 +16,10 @@ plugins=(... aws)
Run `asp` without arguments to clear the profile.
* `asp [<profile>] login`: If AWS SSO has been configured in your aws profile, it will run the `aws sso login` command following profile selection.
* `acp [<profile>]`: in addition to `asp` functionality, it actually changes the profile by
assuming the role specified in the `<profile>` configuration. It supports MFA and sets
`$AWS_ACCESS_KEY_ID`, `$AWS_SECRET_ACCESS_KEY` and `$AWS_SESSION_TOKEN`, if obtained. It
requires the roles to be configured as per the
* `acp [<profile>] [<mfa_token>]`: in addition to `asp` functionality, it actually changes
the profile by assuming the role specified in the `<profile>` configuration. It supports
MFA and sets `$AWS_ACCESS_KEY_ID`, `$AWS_SECRET_ACCESS_KEY` and `$AWS_SESSION_TOKEN`, if
obtained. It requires the roles to be configured as per the
[official guide](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html).
Run `acp` without arguments to clear the profile.

View File

@ -45,6 +45,7 @@ function acp() {
fi
local profile="$1"
local mfa_token="$2"
# Get fallback credentials for if the aws command fails or no command is run
local aws_access_key_id="$(aws configure get aws_access_key_id --profile $profile)"
@ -58,9 +59,10 @@ function acp() {
if [[ -n "$mfa_serial" ]]; then
local -a mfa_opt
local mfa_token
echo -n "Please enter your MFA token for $mfa_serial: "
read -r mfa_token
if [[ -z "$mfa_token" ]]; then
echo -n "Please enter your MFA token for $mfa_serial: "
read -r mfa_token
fi
if [[ -z "$sess_duration" ]]; then
echo -n "Please enter the session duration in seconds (900-43200; default: 3600, which is the default maximum for a role): "
read -r sess_duration