Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
meishi125478
ohmyzsh
提交
23f9348e
O
ohmyzsh
项目概览
meishi125478
/
ohmyzsh
与 Fork 源项目一致
从无法访问的项目Fork
通知
2
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
ohmyzsh
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
未验证
提交
23f9348e
编写于
7月 13, 2021
作者:
S
Sergei Shvetsov
提交者:
GitHub
7月 13, 2021
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
fix(aws): allow for profile switch w/o MFA configured (#9924)
上级
e4f6f169
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
33 addition
and
33 deletion
+33
-33
plugins/aws/aws.plugin.zsh
plugins/aws/aws.plugin.zsh
+33
-33
未找到文件。
plugins/aws/aws.plugin.zsh
浏览文件 @
23f9348e
...
...
@@ -62,47 +62,47 @@ function acp() {
read
-r
sess_duration
fi
mfa_opt
=(
--serial-number
"
$mfa_serial
"
--token-code
"
$mfa_token
"
--duration-seconds
"
${
sess_duration
:-
3600
}
"
)
fi
# Now see whether we need to just MFA for the current role, or assume a different one
local
role_arn
=
"
$(
aws configure get role_arn
--profile
$profile
)
"
local
sess_name
=
"
$(
aws configure get role_session_name
--profile
$profile
)
"
if
[[
-n
"
$role_arn
"
]]
;
then
# Means we need to assume a specified role
aws_command
=(
aws sts assume-role
--role-arn
"
$role_arn
"
"
${
mfa_opt
[@]
}
"
)
# Now see whether we need to just MFA for the current role, or assume a different one
local
role_arn
=
"
$(
aws configure get role_arn
--profile
$profile
)
"
local
sess_name
=
"
$(
aws configure get role_session_name
--profile
$profile
)
"
# Check whether external_id is configured to use while assuming the role
local
external_id
=
"
$(
aws configure get external_id
--profile
$profile
)
"
if
[[
-n
"
$external_id
"
]]
;
then
aws_command+
=(
--external-id
"
$external_id
"
)
fi
if
[[
-n
"
$role_arn
"
]]
;
then
# Means we need to assume a specified role
aws_command
=(
aws sts assume-role
--role-arn
"
$role_arn
"
"
${
mfa_opt
[@]
}
"
)
# Get source profile to use to assume role
local
source_profile
=
"
$(
aws configure get source_profile
--profile
$profile
)
"
if
[[
-z
"
$sess_name
"
]]
;
then
sess_name
=
"
${
source_profile
:-
profile
}
"
fi
aws_command+
=(
--profile
=
"
${
source_profile
:-
profile
}
"
--role-session-name
"
${
sess_name
}
"
)
# Check whether external_id is configured to use while assuming the role
local
external_id
=
"
$(
aws configure get external_id
--profile
$profile
)
"
if
[[
-n
"
$external_id
"
]]
;
then
aws_command+
=(
--external-id
"
$external_id
"
)
fi
echo
"Assuming role
$role_arn
using profile
${
source_profile
:-
profile
}
"
else
# Means we only need to do MFA
aws_command
=(
aws sts get-session-token
--profile
=
"
$profile
"
"
${
mfa_opt
[@]
}
"
)
echo
"Obtaining session token for profile
$profile
"
# Get source profile to use to assume role
local
source_profile
=
"
$(
aws configure get source_profile
--profile
$profile
)
"
if
[[
-z
"
$sess_name
"
]]
;
then
sess_name
=
"
${
source_profile
:-
profile
}
"
fi
aws_command+
=(
--profile
=
"
${
source_profile
:-
profile
}
"
--role-session-name
"
${
sess_name
}
"
)
# Format output of aws command for easier processing
aws_command+
=(
--query
'[Credentials.AccessKeyId,Credentials.SecretAccessKey,Credentials.SessionToken]'
--output
text
)
echo
"Assuming role
$role_arn
using profile
${
source_profile
:-
profile
}
"
else
# Means we only need to do MFA
aws_command
=(
aws sts get-session-token
--profile
=
"
$profile
"
"
${
mfa_opt
[@]
}
"
)
echo
"Obtaining session token for profile
$profile
"
fi
# Run the aws command to obtain credentials
local
-a
credentials
credentials
=(
${
(ps
:
\t
:
)
"
$(
${
aws_command
[@]
}
)
"
}
)
# Format output of aws command for easier processing
aws_command+
=(
--query
'[Credentials.AccessKeyId,Credentials.SecretAccessKey,Credentials.SessionToken]'
--output
text
)
if
[[
-n
"
$credentials
"
]]
;
then
aws_access_key_id
=
"
${
credentials
[1]
}
"
aws_secret_access_key
=
"
${
credentials
[2]
}
"
aws_session_token
=
"
${
credentials
[3]
}
"
fi
# Run the aws command to obtain credentials
local
-a
credentials
credentials
=(
${
(ps
:
\t
:
)
"
$(
${
aws_command
[@]
}
)
"
}
)
if
[[
-n
"
$credentials
"
]]
;
then
aws_access_key_id
=
"
${
credentials
[1]
}
"
aws_secret_access_key
=
"
${
credentials
[2]
}
"
aws_session_token
=
"
${
credentials
[3]
}
"
fi
# Switch to AWS profile
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录