Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ask role option doesn't seem to work #229

Open
duartegarin opened this issue Apr 26, 2021 · 0 comments
Open

Ask role option doesn't seem to work #229

duartegarin opened this issue Apr 26, 2021 · 0 comments

Comments

@duartegarin
Copy link

duartegarin commented Apr 26, 2021

Hi,
We often have to switch between accounts and so it's important we don't have to go and remove the config manually to run google auth again.
The ask_role option seems to be exactly what we need, however it doesn't seem to work.
Steps to reproduce:

  1. docker run -it -e AWS_ASK_ROLE -e GOOGLE_USERNAME -e GOOGLE_IDP_ID -e GOOGLE_SP_ID -e AWS_PROFILE -v ~/.aws:/root/.aws cevoaustralia/aws-google-auth where AWS_ASK_ROLE=True
  2. The credentials get cached nonetheless

Looking at the config file, the value seems to be stored as False. Even further, if I manually edit it to True it gets ignored again and set back to false.

Looking at the codebase I suspect the issue is in this conditional:

 if config.role_arn in roles and not config.ask_role:

If I'm reading this correctly, it also checks if the role exists in the config (regardless of ask role). Indeed if I remove the role from the config I get prompted, but then the role is set again and next time it gets cached.

Looking at the PR that added this (here: https://github.com/cevoaustralia/aws-google-auth/pull/13/files) it seems this used to be an or statement, which would make sense.

Am I missing something?

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant