fix(aws): allow for profile switch w/o MFA configured (#9924)

2024-11-11 00:10:08 +00:00 · 2021-07-13 15:05:33 +07:00 · 2021-07-13 15:05:33 +07:00 · 23f9348e2c
commit 23f9348e2c
parent e4f6f1698d
1 changed files with 35 additions and 35 deletions
--- a/plugins/aws/aws.plugin.zsh
+++ b/plugins/aws/aws.plugin.zsh
@ -62,47 +62,47 @@ function acp() {
      read -r sess_duration
    fi
    mfa_opt=(--serial-number "$mfa_serial" --token-code "$mfa_token" --duration-seconds "${sess_duration:-3600}")
+  fi

-    # Now see whether we need to just MFA for the current role, or assume a different one
-    local role_arn="$(aws configure get role_arn --profile $profile)"
-    local sess_name="$(aws configure get role_session_name --profile $profile)"
+  # Now see whether we need to just MFA for the current role, or assume a different one
+  local role_arn="$(aws configure get role_arn --profile $profile)"
+  local sess_name="$(aws configure get role_session_name --profile $profile)"

-    if [[ -n "$role_arn" ]]; then
-      # Means we need to assume a specified role
-      aws_command=(aws sts assume-role --role-arn "$role_arn" "${mfa_opt[@]}")
+  if [[ -n "$role_arn" ]]; then
+    # Means we need to assume a specified role
+    aws_command=(aws sts assume-role --role-arn "$role_arn" "${mfa_opt[@]}")

-      # Check whether external_id is configured to use while assuming the role
-      local external_id="$(aws configure get external_id --profile $profile)"
-      if [[ -n "$external_id" ]]; then
-        aws_command+=(--external-id "$external_id")
-      fi
-
-      # Get source profile to use to assume role
-      local source_profile="$(aws configure get source_profile --profile $profile)"
-      if [[ -z "$sess_name" ]]; then
-        sess_name="${source_profile:-profile}"
-      fi
-      aws_command+=(--profile="${source_profile:-profile}" --role-session-name "${sess_name}")
-
-      echo "Assuming role $role_arn using profile ${source_profile:-profile}"
-    else
-      # Means we only need to do MFA
-      aws_command=(aws sts get-session-token --profile="$profile" "${mfa_opt[@]}")
-      echo "Obtaining session token for profile $profile"
+    # Check whether external_id is configured to use while assuming the role
+    local external_id="$(aws configure get external_id --profile $profile)"
+    if [[ -n "$external_id" ]]; then
+      aws_command+=(--external-id "$external_id")
    fi

-    # Format output of aws command for easier processing
-    aws_command+=(--query '[Credentials.AccessKeyId,Credentials.SecretAccessKey,Credentials.SessionToken]' --output text)
-
-    # Run the aws command to obtain credentials
-    local -a credentials
-    credentials=(${(ps:\t:)"$(${aws_command[@]})"})
-
-    if [[ -n "$credentials" ]]; then
-      aws_access_key_id="${credentials[1]}"
-      aws_secret_access_key="${credentials[2]}"
-      aws_session_token="${credentials[3]}"
+    # Get source profile to use to assume role
+    local source_profile="$(aws configure get source_profile --profile $profile)"
+    if [[ -z "$sess_name" ]]; then
+      sess_name="${source_profile:-profile}"
    fi
+    aws_command+=(--profile="${source_profile:-profile}" --role-session-name "${sess_name}")
+
+    echo "Assuming role $role_arn using profile ${source_profile:-profile}"
+  else
+    # Means we only need to do MFA
+    aws_command=(aws sts get-session-token --profile="$profile" "${mfa_opt[@]}")
+    echo "Obtaining session token for profile $profile"
+  fi
+
+  # Format output of aws command for easier processing
+  aws_command+=(--query '[Credentials.AccessKeyId,Credentials.SecretAccessKey,Credentials.SessionToken]' --output text)
+
+  # Run the aws command to obtain credentials
+  local -a credentials
+  credentials=(${(ps:\t:)"$(${aws_command[@]})"})
+
+  if [[ -n "$credentials" ]]; then
+    aws_access_key_id="${credentials[1]}"
+    aws_secret_access_key="${credentials[2]}"
+    aws_session_token="${credentials[3]}"
  fi

  # Switch to AWS profile