Support SSO and CA Bundle parameters in credentials file

aws · Aug 9, 2022 · e070438 · e070438
1 parent de69d46
commit e070438
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 1 deletion.
diff --git a/config/shared_config.go b/config/shared_config.go
@@ -463,7 +463,6 @@ type LoadSharedConfigOptions struct {
 //
 // You can read more about shared config and credentials file location at
 // https://docs.aws.amazon.com/credref/latest/refdocs/file-location.html#file-location
-//
 func LoadSharedConfigProfile(ctx context.Context, profile string, optFns ...func(*LoadSharedConfigOptions)) (SharedConfig, error) {
 	var option LoadSharedConfigOptions
 	for _, fn := range optFns {
@@ -680,6 +679,11 @@ func mergeSections(dst, src ini.Sections) error {
 			useFIPSEndpointKey,
 			defaultsModeKey,
 			retryModeKey,
+			ssoAccountIDKey,
+			ssoRegionKey,
+			ssoRoleNameKey,
+			ssoStartURL,
+			caBundleKey,
 		}
 		for i := range stringKeys {
 			if err := mergeStringKey(&srcSection, &dstSection, sectionName, stringKeys[i]); err != nil {

diff --git a/config/shared_config_test.go b/config/shared_config_test.go
@@ -591,6 +591,11 @@ func TestNewSharedConfig(t *testing.T) {
 				Profile:             "merged_profiles",
 				RoleARN:             "creds_profile_arn",
 				RoleDurationSeconds: aws.Duration(1023 * time.Second),
+				SSOAccountID:        "0123456789",
+				SSORegion:           "us-west-2",
+				SSORoleName:         "CredProfileRole",
+				SSOStartURL:         "https://my-sso-cred-profile-role.awsapps.com/start",
+				CustomCABundle:      "/path/to/bundle.b",
 			},
 		},
 		"merged profiles across config files": {
@@ -601,6 +606,11 @@ func TestNewSharedConfig(t *testing.T) {
 				Profile:             "merged_profiles",
 				RoleARN:             "config_profile_arn",
 				RoleDurationSeconds: aws.Duration(3601 * time.Second),
+				SSOAccountID:        "1234567890",
+				SSORegion:           "us-east-1",
+				SSORoleName:         "ConfigProfileRole",
+				SSOStartURL:         "https://my-sso-config-profile-role.awsapps.com/start",
+				CustomCABundle:      "/path/to/bundle.a",
 			},
 		},
 		"merged profiles across credentials files": {
@@ -611,6 +621,11 @@ func TestNewSharedConfig(t *testing.T) {
 				Profile:             "merged_profiles",
 				RoleARN:             "creds_profile_arn",
 				RoleDurationSeconds: aws.Duration(1023 * time.Second),
+				SSOAccountID:        "0123456789",
+				SSORegion:           "us-west-2",
+				SSORoleName:         "CredProfileRole",
+				SSOStartURL:         "https://my-sso-cred-profile-role.awsapps.com/start",
+				CustomCABundle:      "/path/to/bundle.b",
 			},
 		},
 	}

diff --git a/config/testdata/shared_config b/config/testdata/shared_config
@@ -19,6 +19,11 @@ duration_seconds = 3601
 [profile merged_profiles]
 duration_seconds = 3601
 role_arn = config_profile_arn
+sso_start_url = https://my-sso-config-profile-role.awsapps.com/start
+sso_region = us-east-1
+sso_account_id = 1234567890
+sso_role_name = ConfigProfileRole
+ca_bundle = /path/to/bundle.a
 
 [profile short_profile_name_first]
 region = short_profile_name_first_short

diff --git a/config/testdata/shared_credentials b/config/testdata/shared_credentials
@@ -22,3 +22,8 @@ region = eu-west-3
 [merged_profiles]
 duration_seconds = 1023
 role_arn = creds_profile_arn
+sso_start_url = https://my-sso-cred-profile-role.awsapps.com/start
+sso_region = us-west-2
+sso_account_id = 0123456789
+sso_role_name = CredProfileRole
+ca_bundle = /path/to/bundle.b