From 2f9c7e9bd6db6f25202b8a099ee3eb84b7a9d280 Mon Sep 17 00:00:00 2001 From: Alex Woods Date: Wed, 9 Aug 2023 11:05:17 -0700 Subject: [PATCH] Handle sso session names with quotes/spaces (#2895) --- gems/aws-sdk-core/CHANGELOG.md | 2 + .../lib/aws-sdk-core/shared_config.rb | 38 ++++++++++--------- .../aws/credential_resolution_chain_spec.rb | 27 ++++++++++++- gems/aws-sdk-core/spec/aws/ini_parser_spec.rb | 3 ++ .../fixtures/credentials/mock_shared_config | 10 +++++ 5 files changed, 61 insertions(+), 19 deletions(-) diff --git a/gems/aws-sdk-core/CHANGELOG.md b/gems/aws-sdk-core/CHANGELOG.md index f3e08e0e42e..d89d4737a86 100644 --- a/gems/aws-sdk-core/CHANGELOG.md +++ b/gems/aws-sdk-core/CHANGELOG.md @@ -1,6 +1,8 @@ Unreleased Changes ------------------ +* Issue - Add support for sso-session names with whitespace configured by the CLI `aws sso configure` command (#2895). + 3.180.2 (2023-08-07) ------------------ diff --git a/gems/aws-sdk-core/lib/aws-sdk-core/shared_config.rb b/gems/aws-sdk-core/lib/aws-sdk-core/shared_config.rb index 98fa832ab93..3180e05de51 100644 --- a/gems/aws-sdk-core/lib/aws-sdk-core/shared_config.rb +++ b/gems/aws-sdk-core/lib/aws-sdk-core/shared_config.rb @@ -359,12 +359,8 @@ def sso_credentials_from_profile(cfg, profile) !(prof_config.keys & SSO_CREDENTIAL_PROFILE_KEYS).empty? if sso_session_name = prof_config['sso_session'] - sso_session = cfg["sso-session #{sso_session_name}"] - unless sso_session - raise ArgumentError, - "sso-session #{sso_session_name} must be defined in the config file. " \ - "Referenced by profile #{profile}" - end + sso_session = sso_session(cfg, profile, sso_session_name) + sso_region = sso_session['sso_region'] sso_start_url = sso_session['sso_start_url'] @@ -389,7 +385,7 @@ def sso_credentials_from_profile(cfg, profile) sso_role_name: prof_config['sso_role_name'], sso_session: prof_config['sso_session'], sso_region: sso_region, - sso_start_url: prof_config['sso_start_url'] + sso_start_url: sso_start_url ) end end @@ -402,16 +398,7 @@ def sso_token_from_profile(cfg, profile) !(prof_config.keys & SSO_TOKEN_PROFILE_KEYS).empty? sso_session_name = prof_config['sso_session'] - sso_session = cfg["sso-session #{sso_session_name}"] - unless sso_session - raise ArgumentError, - "sso-session #{sso_session_name} must be defined in the config file." \ - "Referenced by profile #{profile}" - end - - unless sso_session['sso_region'] - raise ArgumentError, "sso-session #{sso_session_name} missing required parameter: sso_region" - end + sso_session = sso_session(cfg, profile, sso_session_name) SSOTokenProvider.new( sso_session: sso_session_name, @@ -469,5 +456,22 @@ def determine_profile(options) ret ||= 'default' ret end + + def sso_session(cfg, profile, sso_session_name) + # aws sso-configure may add quotes around sso session names with whitespace + sso_session = cfg["sso-session #{sso_session_name}"] || cfg["sso-session '#{sso_session_name}'"] + + unless sso_session + raise ArgumentError, + "sso-session #{sso_session_name} must be defined in the config file. " \ + "Referenced by profile #{profile}" + end + + unless sso_session['sso_region'] + raise ArgumentError, "sso-session #{sso_session_name} missing required parameter: sso_region" + end + + sso_session + end end end diff --git a/gems/aws-sdk-core/spec/aws/credential_resolution_chain_spec.rb b/gems/aws-sdk-core/spec/aws/credential_resolution_chain_spec.rb index 8c1acf4f062..8cddbc7ae58 100644 --- a/gems/aws-sdk-core/spec/aws/credential_resolution_chain_spec.rb +++ b/gems/aws-sdk-core/spec/aws/credential_resolution_chain_spec.rb @@ -95,7 +95,7 @@ module Aws it 'prefers sso credentials over assume role' do expect(SSOCredentials).to receive(:new).with( - sso_start_url: nil, + sso_start_url: 'START_URL', sso_region: 'us-east-1', sso_account_id: 'SSO_ACCOUNT_ID', sso_role_name: 'SSO_ROLE_NAME', @@ -161,6 +161,29 @@ module Aws ).to eq('SSO_AKID') end + it 'loads SSO credentials from when the session name has quotes' do + expect(SSOCredentials).to receive(:new).with( + sso_start_url: 'START_URL', + sso_region: 'us-east-1', + sso_account_id: 'SSO_ACCOUNT_ID', + sso_role_name: 'SSO_ROLE_NAME', + sso_session: 'sso test session' + ).and_return( + double( + 'creds', + set?: true, + credentials: double(access_key_id: 'SSO_AKID') + ) + ) + client = ApiHelper.sample_rest_xml::Client.new( + profile: 'sso_creds_session_with_quotes', + token_provider: nil + ) + expect( + client.config.credentials.credentials.access_key_id + ).to eq('SSO_AKID') + end + it 'raises when attempting to load an incomplete SSO Profile' do expect do ApiHelper.sample_rest_xml::Client.new( @@ -366,7 +389,7 @@ module Aws it 'supports :source_profile from sso credentials' do expect(SSOCredentials).to receive(:new).with( - sso_start_url: nil, + sso_start_url: 'START_URL', sso_region: 'us-east-1', sso_account_id: 'SSO_ACCOUNT_ID', sso_role_name: 'SSO_ROLE_NAME', diff --git a/gems/aws-sdk-core/spec/aws/ini_parser_spec.rb b/gems/aws-sdk-core/spec/aws/ini_parser_spec.rb index 99a2602e6f5..a1b453f8186 100644 --- a/gems/aws-sdk-core/spec/aws/ini_parser_spec.rb +++ b/gems/aws-sdk-core/spec/aws/ini_parser_spec.rb @@ -30,6 +30,9 @@ module Aws [sso-session dev] sso_region = us-east-1 +[sso-session 'profile with spaces'] +sso_region = us-east-1 + [services test-services] s3 = endpoint_url = https://localhost:8000 diff --git a/gems/aws-sdk-core/spec/fixtures/credentials/mock_shared_config b/gems/aws-sdk-core/spec/fixtures/credentials/mock_shared_config index 1086afd6441..d6f08fba9bc 100644 --- a/gems/aws-sdk-core/spec/fixtures/credentials/mock_shared_config +++ b/gems/aws-sdk-core/spec/fixtures/credentials/mock_shared_config @@ -169,6 +169,16 @@ sso_account_id = 123456789012 source_profile = sso_creds role_arn = arn:aws:iam::123456789012:role/bar +[profile sso_creds_session_with_quotes] +sso_account_id = SSO_ACCOUNT_ID +sso_role_name = SSO_ROLE_NAME +sso_session = sso test session +region = us-west-1 + +[sso-session 'sso test session'] +sso_region = us-east-1 +sso_start_url = START_URL + [profile sts_regional] aws_access_key_id = AKID aws_secret_access_key = SECRET