Ensure "profile" flag/env var is evaluated in the same order as AWS CLI.

Viper config library was already doing this but profile is treated in a special case as the CLI flag is `--profile` but the ENV VAR name is `OKTA_AWSCLI_PROFILE` so as not clobber `PROFILE` that may be set by other environments. Clarify order precedence of CLI flag > .env val > ENV VAR Closes #120
okta · Aug 16, 2023 · 9eb2c7c · 9eb2c7c
1 parent 7e7bb0c
commit 9eb2c7c
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -208,11 +208,9 @@ that can be used for the AWS CLI configuration. Output can also be expressed as
 values](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html)
 for AWS CLI configuration.
 
-Configuration can be done with command line flags, an `.env` file, environment
-variables, or a combination of the three. Configuration is evaluated in that
-order. For example if the CLI flag `--profile [value]` and the env var
-`OKTA_AWSCLI_PROFILE` are both present then the environment variable value takes
-precedent.
+Configuration can be done with command line flags, environment variables, an
+`.env` file, or a combination of the three. The first value found in that
+evaluation order takes precedent.
 
 Also see the CLI's online help `$ okta-aws-cli --help`
 

diff --git a/cmd/root/root.go b/cmd/root/root.go
@@ -90,21 +90,21 @@ func init() {
 		{
 			name:   config.SessionDurationFlag,
 			short:  "s",
-			value:  "3600",
+			value:  "",
 			usage:  "Session duration for role.",
 			envVar: config.AWSSessionDurationEnvVar,
 		},
 		{
 			name:   config.ProfileFlag,
 			short:  "p",
-			value:  "default",
+			value:  "",
 			usage:  "AWS Profile",
 			envVar: config.ProfileEnvVar,
 		},
 		{
 			name:   config.FormatFlag,
 			short:  "f",
-			value:  "env-var",
+			value:  "",
 			usage:  "Output format. [env-var|aws-credentials]",
 			envVar: config.FormatEnvVar,
 		},

diff --git a/internal/config/config.go b/internal/config/config.go
@@ -259,9 +259,9 @@ func readConfig() (Attributes, error) {
 		attrs.Format = EnvVarFormat
 	}
 
-	// if profile is set by env var defer to it, otherwise the default "default"
-	// will be used
-	if viper.GetString(downCase(ProfileEnvVar)) != "" {
+	// mimic AWS CLI behavior, if profile value is not set by flag check
+	// the ENV VAR, else set to "default"
+	if attrs.Profile == "" {
 		attrs.Profile = viper.GetString(downCase(ProfileEnvVar))
 	}
 	if attrs.Profile == "" {
@@ -285,16 +285,19 @@ func readConfig() (Attributes, error) {
 	if attrs.AWSIAMRole == "" {
 		attrs.AWSIAMRole = viper.GetString(downCase(AWSIAMRoleEnvVar))
 	}
-	// duration has a default of 3600 from CLI flags, but if the env var version
-	// is not 0 then prefer it
-	duration := viper.GetInt64(downCase(AWSSessionDurationEnvVar))
-	if duration != 0 {
-		attrs.AWSSessionDuration = duration
-	}
 	if !attrs.QRCode {
 		attrs.QRCode = viper.GetBool(downCase(QRCodeEnvVar))
 	}
 
+	// if session duration is 0, inspect the ENV VAR for a value, else set
+	// a default of 3600
+	if attrs.AWSSessionDuration == 0 {
+		attrs.AWSSessionDuration = viper.GetInt64(downCase(AWSSessionDurationEnvVar))
+	}
+	if attrs.AWSSessionDuration == 0 {
+		attrs.AWSSessionDuration = 3600
+	}
+
 	// correct org domain if it's in admin form
 	orgDomain := strings.Replace(attrs.OrgDomain, "-admin", "", -1)
 	if orgDomain != attrs.OrgDomain {