diff --git a/docs/config/README.md b/docs/config/README.md index a889e1e12fcb..510c51d5a4fc 100644 --- a/docs/config/README.md +++ b/docs/config/README.md @@ -356,7 +356,7 @@ format = '$all$directory$character' The `aws` module shows the current AWS region and profile and an expiration timer when using temporary credentials. The output of the module uses the `AWS_REGION`, `AWS_DEFAULT_REGION`, and `AWS_PROFILE` env vars and the `~/.aws/config` and `~/.aws/credentials` files as required. -The module will display a profile only if its credentials are present in `~/.aws/credentials` or if a `credential_process` or `sso_start_url` are defined in `~/.aws/config`. Alternatively, having any of the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, or `AWS_SESSION_TOKEN` env vars defined will also suffice. +The module will display a profile only if its credentials are present in `~/.aws/credentials` or if a `credential_process`, `sso_start_url`, or `sso_session` are defined in `~/.aws/config`. Alternatively, having any of the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, or `AWS_SESSION_TOKEN` env vars defined will also suffice. If the option `force_display` is set to `true`, all available information will be displayed even if no credentials per the conditions above are detected. When using [aws-vault](https://github.com/99designs/aws-vault) the profile diff --git a/src/modules/aws.rs b/src/modules/aws.rs index 60fe32894c1c..0d837c2ce9b2 100644 --- a/src/modules/aws.rs +++ b/src/modules/aws.rs @@ -174,6 +174,7 @@ fn has_credential_process_or_sso( Some( config_section.contains_key("credential_process") + || config_section.contains_key("sso_session") || config_section.contains_key("sso_start_url") || credential_section?.contains_key("credential_process") || credential_section?.contains_key("sso_start_url"), @@ -996,7 +997,7 @@ credential_process = /opt/bin/awscreds-for-tests } #[test] - fn sso_set() -> io::Result<()> { + fn sso_legacy_set() -> io::Result<()> { let dir = tempfile::tempdir()?; let config_path = dir.path().join("config"); let mut file = File::create(&config_path)?; @@ -1026,6 +1027,40 @@ sso_role_name = dir.close() } + #[test] + fn sso_set() -> io::Result<()> { + let dir = tempfile::tempdir()?; + let config_path = dir.path().join("config"); + let mut config = File::create(&config_path)?; + config.write_all( + "[profile astronauts] +sso_session = my-sso +sso_account_id = 123456789011 +sso_role_name = readOnly +region = us-west-2 +output = json + +[sso-session my-sso] +sso_region = us-east-1 +sso_start_url = https://starship.rs/sso +sso_registration_scopes = sso:account:access +" + .as_bytes(), + )?; + + let actual = ModuleRenderer::new("aws") + .env("AWS_CONFIG_FILE", config_path.to_string_lossy().as_ref()) + .env("AWS_PROFILE", "astronauts") + .collect(); + let expected = Some(format!( + "on {}", + Color::Yellow.bold().paint("☁️ astronauts (us-west-2) ") + )); + + assert_eq!(expected, actual); + dir.close() + } + #[test] fn access_key_env_var_set() { let actual = ModuleRenderer::new("aws")