From 26202bfeb08fb700b11a92aeda9c522176070c21 Mon Sep 17 00:00:00 2001
From: Hans Donner <h.donner@bizzdesign.com>
Date: Thu, 28 Jul 2022 08:32:16 +0200
Subject: [PATCH] feat(aws): add sso

---
 plugins/aws/aws.plugin.zsh | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/plugins/aws/aws.plugin.zsh b/plugins/aws/aws.plugin.zsh
index 2167f552c..7e2ea1bf0 100644
--- a/plugins/aws/aws.plugin.zsh
+++ b/plugins/aws/aws.plugin.zsh
@@ -52,8 +52,25 @@ function acp() {
   local aws_secret_access_key="$(aws configure get aws_secret_access_key --profile $profile)"
   local aws_session_token="$(aws configure get aws_session_token --profile $profile)"
 
+  # Are we using SSO?
+  local sso_start_url="$(aws configure get sso_start_url --profile $profile)"
+  if [[ -n "sso_start_url" ]]; then
+    # And is the session still valid?
+    aws sts get-caller-identity --profile $profile > /dev/null
+    if [ $? -ne 0 ]; then
+      aws sso login --profile $profile
+    fi
+    if [ $? -eq 0 ]; then
+      export AWS_DEFAULT_PROFILE="$profile"
+      export AWS_PROFILE="$profile"
+      export AWS_EB_PROFILE="$profile"
+      unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN
+      echo "Switched to AWS Profile: $profile"
+      return
+    fi
+  fi
 
-  # First, if the profile has MFA configured, lets get the token and session duration
+  # If the profile has MFA configured, lets get the token and session duration
   local mfa_serial="$(aws configure get mfa_serial --profile $profile)"
   local sess_duration="$(aws configure get duration_seconds --profile $profile)"