search

Nike-Inc / gimme-aws-creds

A CLI that utilizes Okta IdP via SAML to acquire temporary AWS credentials
Apache License 2.0
930 stars 262 forks source link

Add option for MFA preferred factor provider #218

Open via-jordan-sokolic opened 4 years ago

via-jordan-sokolic commented 4 years ago

It would be beneficial to add a config option to automatically configure a MFA factor provider in the event that multiple providers are listed.

Expected Behavior

Allow factor provider to be configured either with a command-line flag or in the configuration file:

$ gimme-aws-creds --profile main --mfa-provider=GOOGLE --mfa-code=$(totp-generator)
Using password from keyring for xxxx@example.com
Multi-factor Authentication required.
MFA provider 'GOOGLE' selected.
Detected single role: arn:aws:iam::000000000000:role/xxxx
Saving arn:aws:iam::000000000000:role/xxxx
Written profile main to ~/.aws/credentials

Current Behavior

MFA factor provider must be entered manually:

$ gimme-aws-creds --profile main --mfa-code=$(totp-generator)
Using password from keyring for xxxx@example.com
Multi-factor Authentication required.
Pick a factor:
[0] token:software:totp( GOOGLE ) : xxxx@example.com
[1] token:software:totp( OKTA ) : xxxx@example.com
Selection: 0 # <-- entered manually
Detected single role: arn:aws:iam::000000000000:role/xxxx
Saving arn:aws:iam::000000000000:role/xxxx
Written profile main to ~/.aws/credentials

Possible Solution

Current workaround is clunky:

$ echo 0 | gimme-aws-creds --profile main --mfa-code=$(totp-generator)
...

Steps to Reproduce (for bugs)

N/A

Context

Your Environment

dholdren commented 3 years ago

I'm running into this problem as well, but looks like a dup of https://github.com/Nike-Inc/gimme-aws-creds/issues/87

yermulnik commented 3 years ago

Much needed feature!

yermulnik commented 3 years ago

Quick workaround: https://github.com/Nike-Inc/gimme-aws-creds/issues/87#issuecomment-930032729