From fe9d87d6dc2f3e6194862799b0707f97844e83ac Mon Sep 17 00:00:00 2001 From: Mike Mattice Date: Wed, 19 Jan 2022 08:58:34 -0600 Subject: [PATCH] feat(aws): accept aws mfa tokencode on `acp` cli call (#10130) Co-authored-by: Mike Mattice --- plugins/aws/README.md | 8 ++++---- plugins/aws/aws.plugin.zsh | 8 +++++--- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/plugins/aws/README.md b/plugins/aws/README.md index 24c6429d..d6f4f460 100644 --- a/plugins/aws/README.md +++ b/plugins/aws/README.md @@ -16,10 +16,10 @@ plugins=(... aws) Run `asp` without arguments to clear the profile. * `asp [] login`: If AWS SSO has been configured in your aws profile, it will run the `aws sso login` command following profile selection. -* `acp []`: in addition to `asp` functionality, it actually changes the profile by - assuming the role specified in the `` configuration. It supports MFA and sets - `$AWS_ACCESS_KEY_ID`, `$AWS_SECRET_ACCESS_KEY` and `$AWS_SESSION_TOKEN`, if obtained. It - requires the roles to be configured as per the +* `acp [] []`: in addition to `asp` functionality, it actually changes + the profile by assuming the role specified in the `` configuration. It supports + MFA and sets `$AWS_ACCESS_KEY_ID`, `$AWS_SECRET_ACCESS_KEY` and `$AWS_SESSION_TOKEN`, if + obtained. It requires the roles to be configured as per the [official guide](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html). Run `acp` without arguments to clear the profile. diff --git a/plugins/aws/aws.plugin.zsh b/plugins/aws/aws.plugin.zsh index c18bd634..920a7139 100644 --- a/plugins/aws/aws.plugin.zsh +++ b/plugins/aws/aws.plugin.zsh @@ -45,6 +45,7 @@ function acp() { fi local profile="$1" + local mfa_token="$2" # Get fallback credentials for if the aws command fails or no command is run local aws_access_key_id="$(aws configure get aws_access_key_id --profile $profile)" @@ -58,9 +59,10 @@ function acp() { if [[ -n "$mfa_serial" ]]; then local -a mfa_opt - local mfa_token - echo -n "Please enter your MFA token for $mfa_serial: " - read -r mfa_token + if [[ -z "$mfa_token" ]]; then + echo -n "Please enter your MFA token for $mfa_serial: " + read -r mfa_token + fi if [[ -z "$sess_duration" ]]; then echo -n "Please enter the session duration in seconds (900-43200; default: 3600, which is the default maximum for a role): " read -r sess_duration