search

onelogin / onelogin-python-aws-assume-role

MIT License
58 stars 51 forks source link

Cannot override default values using profile parameter #85

Open mariceslia opened 1 year ago

mariceslia commented 1 year ago

Is there any reason why the value of the profile parameter is not allowed to be overridden ?

{
  "app_id": "123456",
  "subdomain": "myolsubdomain",
  "username": "user.name",
  "profile": "profile-1",
  "duration": 3600,
  "aws_region": "us-west-2",
  "aws_account_id": "aaa",
  "aws_role_name": "",
  "profiles": {
    "profile-1": {
      "aws_account_id": "",
      "aws_role_name": "",
      "aws_region": "",
      "app_id": ""
    },
    "profile-2": {
      "aws_account_id": "bbb"
    }
  }
}

profiles Contains a list of profile->account id, and optionally role name mappings. If this attribute is populated aws_account_id, aws_role_name, aws_region, and app_id will be set based on the profile provided when running the script.

I understand that if we set up profiles and specify the target with the profile parameter at runtime, we can override the default values.

https://github.com/onelogin/onelogin-python-aws-assume-role/blob/bbc825c8d003a72d6761a2ac20d9298886d665ff/src/aws_assume_role/aws_assume_role.py#L142-L149

However, under the conditions of the code, it is not possible to override a value for which a default value has already been set. (and not options.aws_account_id) Is there any reason why the value of the profile parameter is not allowed to be overridden ?