From bcb265367dc5b5ea192e41b0736275869ee817bc Mon Sep 17 00:00:00 2001 From: Sean McGrail <549813+skmcgrail@users.noreply.github.com> Date: Tue, 9 Aug 2022 18:51:56 +0000 Subject: [PATCH] Support SSO and CA Bundle parameters in credentials file (#1795) --- .changelog/6a9e3da6a75c41fd9efef3fdf2355f48.json | 8 ++++++++ config/shared_config.go | 6 +++++- config/shared_config_test.go | 15 +++++++++++++++ config/testdata/shared_config | 5 +++++ config/testdata/shared_credentials | 5 +++++ 5 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 .changelog/6a9e3da6a75c41fd9efef3fdf2355f48.json diff --git a/.changelog/6a9e3da6a75c41fd9efef3fdf2355f48.json b/.changelog/6a9e3da6a75c41fd9efef3fdf2355f48.json new file mode 100644 index 00000000000..3c613def93d --- /dev/null +++ b/.changelog/6a9e3da6a75c41fd9efef3fdf2355f48.json @@ -0,0 +1,8 @@ +{ + "id": "6a9e3da6-a75c-41fd-9efe-f3fdf2355f48", + "type": "feature", + "description": "Adds support for the following settings in the `~/.aws/credentials` file: `sso_account_id`, `sso_region`, `sso_role_name`, `sso_start_url`, and `ca_bundle`.", + "modules": [ + "config" + ] +} \ No newline at end of file diff --git a/config/shared_config.go b/config/shared_config.go index 4c43a165d46..835d71fbc37 100644 --- a/config/shared_config.go +++ b/config/shared_config.go @@ -463,7 +463,6 @@ type LoadSharedConfigOptions struct { // // You can read more about shared config and credentials file location at // https://docs.aws.amazon.com/credref/latest/refdocs/file-location.html#file-location -// func LoadSharedConfigProfile(ctx context.Context, profile string, optFns ...func(*LoadSharedConfigOptions)) (SharedConfig, error) { var option LoadSharedConfigOptions for _, fn := range optFns { @@ -680,6 +679,11 @@ func mergeSections(dst, src ini.Sections) error { useFIPSEndpointKey, defaultsModeKey, retryModeKey, + ssoAccountIDKey, + ssoRegionKey, + ssoRoleNameKey, + ssoStartURL, + caBundleKey, } for i := range stringKeys { if err := mergeStringKey(&srcSection, &dstSection, sectionName, stringKeys[i]); err != nil { diff --git a/config/shared_config_test.go b/config/shared_config_test.go index 5293bf561e2..cecc9ba2f88 100644 --- a/config/shared_config_test.go +++ b/config/shared_config_test.go @@ -591,6 +591,11 @@ func TestNewSharedConfig(t *testing.T) { Profile: "merged_profiles", RoleARN: "creds_profile_arn", RoleDurationSeconds: aws.Duration(1023 * time.Second), + SSOAccountID: "0123456789", + SSORegion: "us-west-2", + SSORoleName: "CredProfileRole", + SSOStartURL: "https://my-sso-cred-profile-role.awsapps.com/start", + CustomCABundle: "/path/to/bundle.b", }, }, "merged profiles across config files": { @@ -601,6 +606,11 @@ func TestNewSharedConfig(t *testing.T) { Profile: "merged_profiles", RoleARN: "config_profile_arn", RoleDurationSeconds: aws.Duration(3601 * time.Second), + SSOAccountID: "1234567890", + SSORegion: "us-east-1", + SSORoleName: "ConfigProfileRole", + SSOStartURL: "https://my-sso-config-profile-role.awsapps.com/start", + CustomCABundle: "/path/to/bundle.a", }, }, "merged profiles across credentials files": { @@ -611,6 +621,11 @@ func TestNewSharedConfig(t *testing.T) { Profile: "merged_profiles", RoleARN: "creds_profile_arn", RoleDurationSeconds: aws.Duration(1023 * time.Second), + SSOAccountID: "0123456789", + SSORegion: "us-west-2", + SSORoleName: "CredProfileRole", + SSOStartURL: "https://my-sso-cred-profile-role.awsapps.com/start", + CustomCABundle: "/path/to/bundle.b", }, }, } diff --git a/config/testdata/shared_config b/config/testdata/shared_config index 742c2fa0f49..0680a759dab 100644 --- a/config/testdata/shared_config +++ b/config/testdata/shared_config @@ -19,6 +19,11 @@ duration_seconds = 3601 [profile merged_profiles] duration_seconds = 3601 role_arn = config_profile_arn +sso_start_url = https://my-sso-config-profile-role.awsapps.com/start +sso_region = us-east-1 +sso_account_id = 1234567890 +sso_role_name = ConfigProfileRole +ca_bundle = /path/to/bundle.a [profile short_profile_name_first] region = short_profile_name_first_short diff --git a/config/testdata/shared_credentials b/config/testdata/shared_credentials index 99ee1925645..2f86e10e0ac 100644 --- a/config/testdata/shared_credentials +++ b/config/testdata/shared_credentials @@ -22,3 +22,8 @@ region = eu-west-3 [merged_profiles] duration_seconds = 1023 role_arn = creds_profile_arn +sso_start_url = https://my-sso-cred-profile-role.awsapps.com/start +sso_region = us-west-2 +sso_account_id = 0123456789 +sso_role_name = CredProfileRole +ca_bundle = /path/to/bundle.b