search

okta / okta-aws-cli

A CLI for having Okta as the IdP for AWS CLI operations
https://github.com/okta/okta-aws-cli
Other
128 stars 34 forks source link

Idp defined in yaml is not being selected for use #228

Closed pdubb29 closed 2 months ago

pdubb29 commented 3 months ago

V2.3.0 requires me to set a value when I've already provided the idp in the yaml file.

the flag --aws-iam-idp is not respected as defined in the documentation. image

WARNING: okta.yaml missing "awscli.idps" section

example okta.yaml:

awscli:
  profiles:
    sandbox:
      oidc-client-id: "**REDACTED**"
      org-domain: "**REDACTED**"
      aws-iam-idp: "arn:aws:iam::**REDACTED**"
      write-aws-credentials: true
      open-browser: true
      session-duration: 36000

Expected Result: okta-aws-cli -e -p sandbox should not ask me for an idp.

monde commented 2 months ago

I'll get this fixed

monde commented 2 months ago

@pdubb29 I'm not able to reproduce yours or @reakaleek's #230 Are you sure you don't have a typo? Maybe your aws-iam-idp value has a character that needs to be escaped in YAML (probably not your value is in quotes). Either of you email me at mike.mondragon@okta.com - I'd like to get on a zoom and see your error live if you're interested.

reakaleek commented 2 months ago

I think this code comment is the reason for this behaviour.

If I understand correctly, we cannot preselect the app because we cannot compare the ARN, since we don't have access yet.