[--save/--headless] powershell support

[cnuss]

No description provided.

[boostchicken]

You ask boostchicken delivers.

#40 (comment)

I am happy to implement it, but you could probably do it quicker, I just ask that you attribute it in whatever way makes sense for you.

[cnuss]

@boostchicken thank you for the tip on #40 !

let me figure out the right way to wedge set-item into NodeJS's spawn.

I'll probably clean this up and make --save work on Powershell and do that in a follow-up PR

I can cut a release for --save tomorrow

[boostchicken]

Cool thanks!

[boostchicken]

Btw I think you just have to execute like you do any other command as a massive string. This because it is going scoped only to that process you spawn. It is possible to put it in Machine or Global scope but like I said that would Pwsh in a way I would rather not.

[cnuss]

@boostchicken I finally got it, I was looking for Invoke-Expression:

iex (saml-to assume the-role-name --headless)
aws sts get-caller-identity

Is working like a charm in Powershell!

Thank you for your guidance it helped me find what I was looking for.

I'll be cutting a release of this now and awaiting your feedback!

[boostchicken]

IEX is generally cnniusdered bad practice. You can very easily see how I could do some RCEs

All I need you to do is get on my Wifi and I am just going to return the code I wanna run instead of AWSs response.
https://learn.microsoft.com/en-us/powershell/scripting/learn/deep-dives/avoid-using-invoke-expression?view=powershell-7.3

Usually, I wouldn't really care so much, however I would hate for you or saml.to to be in a headline or one of customers get attacked internally by a bad actor

[boostchicken]

https://docs.aws.amazon.com/cli/latest/userguide/sso-using-profile.html

I think wyou should consider adoptin the CLI directly using Identity Center

[cnuss]

@boostchicken using iex is a matter of user preference and not required, it's especially useful if you have two+ terminal windows open and want roles in each one and prefer not to use AWS CLI Profiles.

However, it is possible to leverage AWS Profiles, you can do:

Create a named profile:

saml-to assume some-role --save
aws s3api list-buckets --profile some-role

☝️ in this scenario you can see your ~/.aws/* now include some-role.

Alternatives to this are:

# use the full role arn as the profile name
saml-to assume arn:aws:iam:0123456789012:role/some-role --save
aws s3api list-buckets --profile arn:aws:iam:0123456789012:role/some-role

# create a custom named profile
saml-to assume some-role --save some-profile-name
aws s3api list-buckets --profile some-profile-name

# set the default profile
saml-to assume some-role --save default
aws s3api list-buckets

let me know if this resolves your concerns!

cheers,
Christian

[boostchicken]

sure does! Also do you plan on making a container? If not I will. I use containers for all my binaries (fzf, aws, zoxide, kdig) Makes it very easy to update and config.