Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix export lookup values when exporting credentials #578

Merged
merged 2 commits into from Dec 27, 2023
Merged

Fix export lookup values when exporting credentials #578

merged 2 commits into from Dec 27, 2023

Conversation

cedieio
Copy link
Contributor

@cedieio cedieio commented Dec 20, 2023

What changed?

When session is present on the config it should be where we get the start_url and region. Most configs will not have said config under profile if they have a session block. Session block takes priority for the configuration as it's considered as it's connecting profiles together.

Fix for #577

Why?

Although it's working properly for awscli the generated token does not contain sso_start_url which could be problematic for other code that relies on that property when looking for a valid config.

How did you test it?

dassume --export-sso-token

cat ~/.aws/sso/cache/<corresponding json> should give out

{
   "accessToken"some_access_token",
   "expiresAt":"2023-12-20T19:31:16+10:00",
   "ssoSessionName":"test-session",
   "startUrl":"https://test.com",
   "region":"ap-southeast-2"
}

Potential risks

Is patch release candidate?

Link to relevant docs PRs

@cedieio
Fix export lookup values when exporting credentials
750e0e8 
When `session` is present on the config it should be where
we get the `start_url` and `region`. Most configs will not
have said config under `profile` if they have a session block.
Session block takes priority for the configuration as it's considered
as it's connecting profiles together.

Fix for common-fate#577
@cedieio
Adjust the logic for override
f8eda6d 
Override the sso_start_url if it's empty and have a proper session
block.
cedieio
cedieio commented Dec 20, 2023
View reviewed changes
pkg/cfaws/ssotoken.go
@@ -32,12 +32,22 @@ type SSOPlainTextOut struct {
// we'll allow users to export a plaintext token from their keychain for compatibility
// purposes with other AWS tools.
func CreatePlainTextSSO(awsConfig config.SharedConfig, token *securestorage.SSOToken) *SSOPlainTextOut {
ssoRegion := awsConfig.SSORegion
if ssoRegion == "" && awsConfig.SSOSession != nil {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was originally

if awsConfig.SSOSession != nil {
  ssoRegion = awsConfig.SSOSession.SSORegion
  ssoStartURL = awsConfig.SSOSession.SSOStartURL
}

Changed as profile can still have URLs set and the config still uses that

@shwethaumashanker shwethaumashanker merged commit a7bbfd3 into common-fate:main Dec 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shwethaumashanker shwethaumashanker shwethaumashanker approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@cedieio @shwethaumashanker