From ce836647e5e8b11246e2ef7069001287dc7cdd2b Mon Sep 17 00:00:00 2001
From: Roman Danyk <17525890+RomanDanyk@users.noreply.github.com>
Date: Thu, 19 Nov 2020 18:24:09 +0200
Subject: [PATCH] feat(aws): respect optional parameters from the AWS CLI
 config file (#9453)

---
 plugins/aws/aws.plugin.zsh | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/plugins/aws/aws.plugin.zsh b/plugins/aws/aws.plugin.zsh
index ef435fe3b..e1566b113 100644
--- a/plugins/aws/aws.plugin.zsh
+++ b/plugins/aws/aws.plugin.zsh
@@ -50,32 +50,39 @@ function acp() {
 
   # First, if the profile has MFA configured, lets get the token and session duration
   local mfa_serial="$(aws configure get mfa_serial --profile $profile)"
+  local sess_duration="$(aws configure get duration_seconds --profile $profile)"
 
   if [[ -n "$mfa_serial" ]]; then
     local -a mfa_opt
-    local mfa_token sess_duration
+    local mfa_token
     echo -n "Please enter your MFA token for $mfa_serial: "
     read -r mfa_token
-    echo -n "Please enter the session duration in seconds (900-43200; default: 3600, which is the default maximum for a role): "
-    read -r sess_duration
+    if [[ -z "$sess_duration" ]]; then
+      echo -n "Please enter the session duration in seconds (900-43200; default: 3600, which is the default maximum for a role): "
+      read -r sess_duration
+    fi
     mfa_opt=(--serial-number "$mfa_serial" --token-code "$mfa_token" --duration-seconds "${sess_duration:-3600}")
 
     # Now see whether we need to just MFA for the current role, or assume a different one
     local role_arn="$(aws configure get role_arn --profile $profile)"
+    local sess_name="$(aws configure get role_session_name --profile $profile)"
 
     if [[ -n "$role_arn" ]]; then
       # Means we need to assume a specified role
       aws_command=(aws sts assume-role --role-arn "$role_arn" "${mfa_opt[@]}")
 
       # Check whether external_id is configured to use while assuming the role
-      local external_id="$(aws configure get external_id --profile "$profile")"
+      local external_id="$(aws configure get external_id --profile $profile)"
       if [[ -n "$external_id" ]]; then
         aws_command+=(--external-id "$external_id")
       fi
 
       # Get source profile to use to assume role
-      local source_profile="$(aws configure get source_profile --profile "$profile")"
-      aws_command+=(--profile="${source_profile:-profile}" --role-session-name "${source_profile:-profile}")
+      local source_profile="$(aws configure get source_profile --profile $profile)"
+      if [[ -z "$sess_name" ]]; then
+        sess_name="${source_profile:-profile}"
+      fi
+      aws_command+=(--profile="${source_profile:-profile}" --role-session-name "${sess_name}")
 
       echo "Assuming role $role_arn using profile ${source_profile:-profile}"
     else
@@ -122,13 +129,13 @@ function aws_change_access_key() {
     return 1
   fi
 
-  echo Insert the credentials when asked.
+  echo "Insert the credentials when asked."
   asp "$1" || return 1
   AWS_PAGER="" aws iam create-access-key
   AWS_PAGER="" aws configure --profile "$1"
 
-  echo You can now safely delete the old access key running \`aws iam delete-access-key --access-key-id ID\`
-  echo Your current keys are:
+  echo "You can now safely delete the old access key running \`aws iam delete-access-key --access-key-id ID\`"
+  echo "Your current keys are:"
   AWS_PAGER="" aws iam list-access-keys
 }