Skip to content

Commit

Permalink
Support SSO and CA Bundle parameters in credentials file (#1795)
Browse files Browse the repository at this point in the history
  • Loading branch information
skmcgrail authored Aug 9, 2022
1 parent fefa06d commit bcb2653
Show file tree
Hide file tree
Showing 5 changed files with 38 additions and 1 deletion.
8 changes: 8 additions & 0 deletions .changelog/6a9e3da6a75c41fd9efef3fdf2355f48.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"id": "6a9e3da6-a75c-41fd-9efe-f3fdf2355f48",
"type": "feature",
"description": "Adds support for the following settings in the `~/.aws/credentials` file: `sso_account_id`, `sso_region`, `sso_role_name`, `sso_start_url`, and `ca_bundle`.",
"modules": [
"config"
]
}
6 changes: 5 additions & 1 deletion config/shared_config.go
Original file line number Diff line number Diff line change
Expand Up @@ -463,7 +463,6 @@ type LoadSharedConfigOptions struct {
//
// You can read more about shared config and credentials file location at
// https://docs.aws.amazon.com/credref/latest/refdocs/file-location.html#file-location
//
func LoadSharedConfigProfile(ctx context.Context, profile string, optFns ...func(*LoadSharedConfigOptions)) (SharedConfig, error) {
var option LoadSharedConfigOptions
for _, fn := range optFns {
Expand Down Expand Up @@ -680,6 +679,11 @@ func mergeSections(dst, src ini.Sections) error {
useFIPSEndpointKey,
defaultsModeKey,
retryModeKey,
ssoAccountIDKey,
ssoRegionKey,
ssoRoleNameKey,
ssoStartURL,
caBundleKey,
}
for i := range stringKeys {
if err := mergeStringKey(&srcSection, &dstSection, sectionName, stringKeys[i]); err != nil {
Expand Down
15 changes: 15 additions & 0 deletions config/shared_config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -591,6 +591,11 @@ func TestNewSharedConfig(t *testing.T) {
Profile: "merged_profiles",
RoleARN: "creds_profile_arn",
RoleDurationSeconds: aws.Duration(1023 * time.Second),
SSOAccountID: "0123456789",
SSORegion: "us-west-2",
SSORoleName: "CredProfileRole",
SSOStartURL: "https://my-sso-cred-profile-role.awsapps.com/start",
CustomCABundle: "/path/to/bundle.b",
},
},
"merged profiles across config files": {
Expand All @@ -601,6 +606,11 @@ func TestNewSharedConfig(t *testing.T) {
Profile: "merged_profiles",
RoleARN: "config_profile_arn",
RoleDurationSeconds: aws.Duration(3601 * time.Second),
SSOAccountID: "1234567890",
SSORegion: "us-east-1",
SSORoleName: "ConfigProfileRole",
SSOStartURL: "https://my-sso-config-profile-role.awsapps.com/start",
CustomCABundle: "/path/to/bundle.a",
},
},
"merged profiles across credentials files": {
Expand All @@ -611,6 +621,11 @@ func TestNewSharedConfig(t *testing.T) {
Profile: "merged_profiles",
RoleARN: "creds_profile_arn",
RoleDurationSeconds: aws.Duration(1023 * time.Second),
SSOAccountID: "0123456789",
SSORegion: "us-west-2",
SSORoleName: "CredProfileRole",
SSOStartURL: "https://my-sso-cred-profile-role.awsapps.com/start",
CustomCABundle: "/path/to/bundle.b",
},
},
}
Expand Down
5 changes: 5 additions & 0 deletions config/testdata/shared_config
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,11 @@ duration_seconds = 3601
[profile merged_profiles]
duration_seconds = 3601
role_arn = config_profile_arn
sso_start_url = https://my-sso-config-profile-role.awsapps.com/start
sso_region = us-east-1
sso_account_id = 1234567890
sso_role_name = ConfigProfileRole
ca_bundle = /path/to/bundle.a

[profile short_profile_name_first]
region = short_profile_name_first_short
Expand Down
5 changes: 5 additions & 0 deletions config/testdata/shared_credentials
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,8 @@ region = eu-west-3
[merged_profiles]
duration_seconds = 1023
role_arn = creds_profile_arn
sso_start_url = https://my-sso-cred-profile-role.awsapps.com/start
sso_region = us-west-2
sso_account_id = 0123456789
sso_role_name = CredProfileRole
ca_bundle = /path/to/bundle.b

0 comments on commit bcb2653

Please sign in to comment.