From 9eb2c7c3d76b2cc87bfcd8907afa9c6d49551a0c Mon Sep 17 00:00:00 2001 From: Mike Mondragon Date: Wed, 16 Aug 2023 12:25:13 -0700 Subject: [PATCH] Ensure "profile" flag/env var is evaluated in the same order as AWS CLI. Viper config library was already doing this but profile is treated in a special case as the CLI flag is `--profile` but the ENV VAR name is `OKTA_AWSCLI_PROFILE` so as not clobber `PROFILE` that may be set by other environments. Clarify order precedence of CLI flag > .env val > ENV VAR Closes #120 --- README.md | 8 +++----- cmd/root/root.go | 6 +++--- internal/config/config.go | 21 ++++++++++++--------- 3 files changed, 18 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 6ee2f96..e25730d 100644 --- a/README.md +++ b/README.md @@ -208,11 +208,9 @@ that can be used for the AWS CLI configuration. Output can also be expressed as values](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html) for AWS CLI configuration. -Configuration can be done with command line flags, an `.env` file, environment -variables, or a combination of the three. Configuration is evaluated in that -order. For example if the CLI flag `--profile [value]` and the env var -`OKTA_AWSCLI_PROFILE` are both present then the environment variable value takes -precedent. +Configuration can be done with command line flags, environment variables, an +`.env` file, or a combination of the three. The first value found in that +evaluation order takes precedent. Also see the CLI's online help `$ okta-aws-cli --help` diff --git a/cmd/root/root.go b/cmd/root/root.go index 54da330..662ab41 100644 --- a/cmd/root/root.go +++ b/cmd/root/root.go @@ -90,21 +90,21 @@ func init() { { name: config.SessionDurationFlag, short: "s", - value: "3600", + value: "", usage: "Session duration for role.", envVar: config.AWSSessionDurationEnvVar, }, { name: config.ProfileFlag, short: "p", - value: "default", + value: "", usage: "AWS Profile", envVar: config.ProfileEnvVar, }, { name: config.FormatFlag, short: "f", - value: "env-var", + value: "", usage: "Output format. [env-var|aws-credentials]", envVar: config.FormatEnvVar, }, diff --git a/internal/config/config.go b/internal/config/config.go index f7c1a31..35305b7 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -259,9 +259,9 @@ func readConfig() (Attributes, error) { attrs.Format = EnvVarFormat } - // if profile is set by env var defer to it, otherwise the default "default" - // will be used - if viper.GetString(downCase(ProfileEnvVar)) != "" { + // mimic AWS CLI behavior, if profile value is not set by flag check + // the ENV VAR, else set to "default" + if attrs.Profile == "" { attrs.Profile = viper.GetString(downCase(ProfileEnvVar)) } if attrs.Profile == "" { @@ -285,16 +285,19 @@ func readConfig() (Attributes, error) { if attrs.AWSIAMRole == "" { attrs.AWSIAMRole = viper.GetString(downCase(AWSIAMRoleEnvVar)) } - // duration has a default of 3600 from CLI flags, but if the env var version - // is not 0 then prefer it - duration := viper.GetInt64(downCase(AWSSessionDurationEnvVar)) - if duration != 0 { - attrs.AWSSessionDuration = duration - } if !attrs.QRCode { attrs.QRCode = viper.GetBool(downCase(QRCodeEnvVar)) } + // if session duration is 0, inspect the ENV VAR for a value, else set + // a default of 3600 + if attrs.AWSSessionDuration == 0 { + attrs.AWSSessionDuration = viper.GetInt64(downCase(AWSSessionDurationEnvVar)) + } + if attrs.AWSSessionDuration == 0 { + attrs.AWSSessionDuration = 3600 + } + // correct org domain if it's in admin form orgDomain := strings.Replace(attrs.OrgDomain, "-admin", "", -1) if orgDomain != attrs.OrgDomain {