Add AWS SSO support #170
Merged
Add AWS SSO support #170
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add support for AWS profiles with SSO
I based this work on:
https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/sso.html
It looks relatively straight forward to add, however it is unclear how this works as a fallback with the existing profile support and unfortunately I don't have an SSO account to test this with.
As a fallback this should be safe since the existing profile load runs first. My concern is when looking at the code for the existing profile load I see internally it runs with
isSsoSession: falseand doesn't appear to allow setting it to true.Potentially an SSO profile could get loaded from the existing profile load. The result may or may not work due to that flag. If it gives incomplete credentials it may return true and not fallback to the new SSO code.
I'm going to go ahead with this change because either way including the AWS SSO SDK binaries looks like a step in the right direction based on the fact that currently Sleet will throw an assembly load exception since those binaries aren't there. The AWS SDK clearly knows about them, but the SDK NuGet package doesn't have a dependency on those. It is up to app to bring them in.
Fixes: #168