Hi,
We often have to switch between accounts and so it's important we don't have to go and remove the config manually to run google auth again.
The ask_role option seems to be exactly what we need, however it doesn't seem to work.
Steps to reproduce:
docker run -it -e AWS_ASK_ROLE -e GOOGLE_USERNAME -e GOOGLE_IDP_ID -e GOOGLE_SP_ID -e AWS_PROFILE -v ~/.aws:/root/.aws cevoaustralia/aws-google-auth where AWS_ASK_ROLE=True
The credentials get cached nonetheless
Looking at the config file, the value seems to be stored as False. Even further, if I manually edit it to True it gets ignored again and set back to false.
Looking at the codebase I suspect the issue is in this conditional:
if config.role_arn in roles and not config.ask_role:
If I'm reading this correctly, it also checks if the role exists in the config (regardless of ask role). Indeed if I remove the role from the config I get prompted, but then the role is set again and next time it gets cached.
Hi, We often have to switch between accounts and so it's important we don't have to go and remove the config manually to run google auth again. The ask_role option seems to be exactly what we need, however it doesn't seem to work. Steps to reproduce:
docker run -it -e AWS_ASK_ROLE -e GOOGLE_USERNAME -e GOOGLE_IDP_ID -e GOOGLE_SP_ID -e AWS_PROFILE -v ~/.aws:/root/.aws cevoaustralia/aws-google-authwhere AWS_ASK_ROLE=TrueLooking at the config file, the value seems to be stored as False. Even further, if I manually edit it to True it gets ignored again and set back to false.
Looking at the codebase I suspect the issue is in this conditional:
If I'm reading this correctly, it also checks if the role exists in the config (regardless of ask role). Indeed if I remove the role from the config I get prompted, but then the role is set again and next time it gets cached.
Looking at the PR that added this (here: https://github.com/cevoaustralia/aws-google-auth/pull/13/files) it seems this used to be an or statement, which would make sense.
Am I missing something?
Thanks!