Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revert "Ensure proper initialization of profiles with source_profile" #576

Merged
merged 1 commit into from
Dec 20, 2023
Merged

Revert "Ensure proper initialization of profiles with source_profile" #576

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
72 changes: 29 additions & 43 deletions pkg/cfaws/profiles.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -311,67 +311,53 @@ func (p *Profiles) LoadInitialisedProfile(ctx context.Context, profile string) (
return nil, err
}

// Initialize the profile, which will also handle source_profile chains
err = pr.init(ctx, p, 0)
if err != nil {
return nil, err
}

// Debug output to log the profile's name and its source_profile after initialization
clio.Debugw("Loading profile",
"profileName", pr.Name,
"sourceProfile", pr.AWSConfig.SourceProfileName,
)

// Check for 'granted' prefix in the profile configuration
// For config that has 'granted' prefix we need to convert this to AWS config fields
// aws configuration
if hasGrantedSSOPrefix(pr.RawConfig) {
awsConfig, err := ParseGrantedSSOProfile(ctx, pr)
if err != nil {
return nil, err
}
pr.AWSConfig = *awsConfig
pr.Initialised = true
pr.ProfileType = "AWS_SSO"
return pr, nil
}

// Check for 'credential_process' key in the profile configuration
for _, v := range pr.RawConfig.Keys() {
if v.Name() == "credential_process" && strings.HasPrefix(v.Value(), build.GrantedBinaryName()) {
awsConfig, err := config.LoadSharedConfigProfile(ctx, pr.Name, func(lsco *config.LoadSharedConfigOptions) { lsco.ConfigFiles = []string{pr.File} })
if err != nil {
return nil, err
as := assumers
for _, a := range as {
if a.ProfileMatchesType(pr.RawConfig, pr.AWSConfig) {
pr.ProfileType = a.Type()
break
} else {
pr.ProfileType = "AWS_SSO"
}

pr.AWSConfig = awsConfig
pr.AWSConfig.CredentialProcess = ""
pr.Initialised = true
pr.ProfileType = "AWS_IAM"
pr.HasSecureStorageIAMCredentials = true
return pr, nil
}
}

// Determine the profile type based on the initialized profile's keys
// This should be done after the profile is fully initialized to ensure we are checking the correct keys
foundAssumer := false
for _, a := range assumers {
if a.ProfileMatchesType(pr.RawConfig, pr.AWSConfig) {
pr.ProfileType = a.Type()
foundAssumer = true
break
return pr, nil
} else {
for _, v := range pr.RawConfig.Keys() {
if v.Name() == "credential_process" && strings.HasPrefix(v.Value(), build.GrantedBinaryName()) {
awsConfig, err := config.LoadSharedConfigProfile(ctx, pr.Name, func(lsco *config.LoadSharedConfigOptions) { lsco.ConfigFiles = []string{pr.File} })
if err != nil {
return nil, err
}

pr.AWSConfig = awsConfig
pr.AWSConfig.CredentialProcess = ""
pr.Initialised = true
pr.ProfileType = "AWS_IAM"
pr.HasSecureStorageIAMCredentials = true
return pr, nil
}
}
}

// If no specific assumer matched, default to AWS_SSO
if !foundAssumer {
pr.ProfileType = "AWS_SSO"
// default initializaton flow
err = pr.init(ctx, p, 0)
if err != nil {
return nil, err
}

return pr, nil
}


// Initialize profile's AWS config by fetching credentials from plain-text-SSO-token
// located at default cache directory.
func (p *Profile) InitWithPlainTextSSOToken(ctx context.Context, awsCred aws.Credentials) error {
Expand Down