Skip to content

Commit

Permalink
fixes promptForRole to handle friendly labels with wildcards
Browse files Browse the repository at this point in the history
  • Loading branch information
Jon Day authored and sudolibre committed Jul 2, 2024
1 parent e5c22f7 commit 99e4233
Showing 1 changed file with 38 additions and 42 deletions.
80 changes: 38 additions & 42 deletions internal/webssoauth/webssoauth.go
Original file line number Diff line number Diff line change
Expand Up @@ -480,56 +480,52 @@ func (w *WebSSOAuthentication) choiceFriendlyLabelRole(arn string, roles map[str

// promptForRole prompt operator for the AWS Role ARN given a slice of Role ARNs
func (w *WebSSOAuthentication) promptForRole(idp string, roleARNs []string, configRoles map[string]string) (roleARN string, err error) {
if len(roleARNs) == 1 || w.config.AWSIAMRole() != "" {
roleARN = w.config.AWSIAMRole()
if len(roleARNs) == 1 {
roleARN = roleARNs[0]
}
roleLabel := w.choiceFriendlyLabelRole(roleARN, configRoles)
roleData := roleTemplateData{
Role: roleLabel,
}
// roleLabels are the friendly names if configured or the ARNs themselves
roleLabels := make([]string, len(roleARNs))
roleArnByLabel := map[string]string{}
for _, arn := range roleARNs {
roleLabel := w.choiceFriendlyLabelRole(arn, configRoles)
roleLabels = append(roleLabels, roleLabel)
roleArnByLabel[roleLabel] = arn
}

// reverse case when friendly role name alias is given as the input value
// --aws-iam-role "OK S3 Read"
if roleLabel == roleARN {
for rARN, rLbl := range configRoles {
if roleARN == rLbl {
roleARN = rARN
break
}
}
}
var roleLabelChoice string

if !w.config.IsProcessCredentialsFormat() {
rich, _, err := core.RunTemplate(roleSelectedTemplate, roleData)
if err != nil {
return "", err
}
fmt.Fprintln(os.Stderr, rich)
}
return roleARN, nil
// There is only a single choice so go ahead and use its label
if len(roleARNs) == 1 {
rArn := roleARNs[0]
roleLabelChoice = w.choiceFriendlyLabelRole(rArn, configRoles)
}

promptRoles := []string{}
labelsARNs := map[string]string{}
for _, arn := range roleARNs {
roleLabel := w.choiceFriendlyLabelRole(arn, configRoles)
promptRoles = append(promptRoles, roleLabel)
labelsARNs[roleLabel] = arn
// The user already provided their choice via config
if roleLabelChoice == "" && w.config.AWSIAMRole() != "" {
rArg := w.config.AWSIAMRole()
roleLabelChoice = w.choiceFriendlyLabelRole(rArg, configRoles)
}

prompt := &survey.Select{
Message: chooseRole,
Options: promptRoles,
}
var selected string
err = survey.AskOne(prompt, &selected, survey.WithValidator(survey.Required), stderrIsOutAskOpt)
if err != nil {
return "", fmt.Errorf(askRoleError, err)
// Prompt the user to choose
if roleLabelChoice == "" {
prompt := &survey.Select{
Message: chooseRole,
Options: roleLabels,
}
err = survey.AskOne(prompt, &roleLabelChoice, survey.WithValidator(survey.Required), stderrIsOutAskOpt)
if err != nil {
return "", fmt.Errorf(askRoleError, err)
}
} else if !w.config.IsProcessCredentialsFormat() {
// The choice was determined without prompting the user so pretty print the role
// todo: explain why we check IsProcessCredentialsFormat?
rich, _, err := core.RunTemplate(roleSelectedTemplate, roleTemplateData{
Role: roleLabelChoice,
})
if err != nil {
return "", err
}
fmt.Fprintln(os.Stderr, rich)
}

roleARN = labelsARNs[selected]
roleARN = roleArnByLabel[roleLabelChoice]
if roleARN == "" {
return "", fmt.Errorf(noRolesError, idp)
}
Expand Down

0 comments on commit 99e4233

Please sign in to comment.