-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
'aws configure get' should support sso-session configurations #8730
Comments
Thanks for the feature request. After a quick discussion with the team, we think this probably a reasonable request for the aws configure get command but further review is needed regarding the potential implementation. We would have to account for the config file variations and not introduce any possibly breaking behavior. |
No problem, I had added the unit test for the new functionality.. and whilst here the CI Workflow didn't run yet due to review process, All Pytests executed locally successfully (with Py3.9 + Py3.11). The only things I thought might perhaps make sense but didn't add was support for was get sso_section attributes using Unqualified Names... e.g If one Specifies This could lookup the values in the 'abc' profile section, if there isn't an sso_start_url key in that profile, then check if it has an sso_section key... if it does use that value to get the respective sso_section and return the sso_start_url value set there. Also probably a documentation sample could be updated. |
Just a comment from an interested observer: from skimming the linked PR, it looks like the patch will enable retrieving specific keys from
the patch would permit things like My comment/question is whether it could be extended a little bit to also support some variation on the theme of I ask because there is no way at present that I can find to extract the "sso-personal" and "sso-homebusiness" labels from the configuration file. (I was hoping to script some management utilities around generating these sections, or at least testing whether a previous |
currently trying to write user-proof documentation for our team to set-up SSO and, right now, SSO configuration has to be done with the wizard ( It is possible when using aws-adfs (which I used in a prior project). So it'd be nice if the core CLI allowed it. Cheers! |
Describe the feature
The aws configure get subcommand doesn't support reading sso-session configuration items.
Use Case
I work alot with multiple instances of Identity Center and use many AWS Profiles with SSO Sessions configured for each one, I made a library of helper bash functions which wraps around common Operations/Developer CLI commands... These, when creating resources or interacting with services may output console HyperLinks or open console pages.. so one can view the resources in the console quickly without having to click through 5+ weblinks to get there.
To ensure the browser opens the Console in the context of the correct SSO Session I can build a hyperlink in the following format.
This way the SSO context is correctly set before redirecting to the target destination in the URL.
Real example...
With current shell directory set to a checked out codecommit repository I run a bash command.
This would then take me to the sso console refresh my session to the respective codepipeline execution for that Repository.
Proposed Solution
Already opened a PR the other week as linked to this Issue with necessary Unit Tests updates... just need to find out how to get it reviewed.
#8690
The underlying boto3 method used by 'aws configure get' to read the local .aws/config is already able to parse the sso-section. The AWS CLI abstraction, however, hardcodes the config section type as 'profile'. This is addressed by the above PR.
Other Information
I work in AWS so reach out to me for more info. @alxev
Acknowledgements
CLI version used
2.16.4
Environment details (OS name and version, etc.)
MacOS
The text was updated successfully, but these errors were encountered: