Improve gp idp login aws (#18601)

* [idp aws login] Make AWS profile configurable

* Use workspaceID as session name

Author: csweichel

components/gitpod-cli/cmd/idp-login-aws.go

@@ -10,9 +10,9 @@ import (
 	"fmt"
 	"os"
 	"os/exec"
-	"path/filepath"
 	"time"
 
+	"github.com/gitpod-io/gitpod/gitpod-cli/pkg/gitpod"
 	"github.com/spf13/cobra"
 )
 
@@ -21,8 +21,8 @@ const (
 )
 
 var idpLoginAwsOpts struct {
-	RoleARN         string
-	CredentialsFile string
+	RoleARN string
+	Profile string
 }
 
 var idpLoginAwsCmd = &cobra.Command{
@@ -42,7 +42,12 @@ var idpLoginAwsCmd = &cobra.Command{
 			return err
 		}
 
-		awsCmd := exec.Command("aws", "sts", "assume-role-with-web-identity", "--role-arn", idpLoginAwsOpts.RoleARN, "--role-session-name", fmt.Sprintf("gitpod-%d", time.Now().Unix()), "--web-identity-token", tkn)
+		wsInfo, err := gitpod.GetWSInfo(ctx)
+		if err != nil {
+			return err
+		}
+
+		awsCmd := exec.Command("aws", "sts", "assume-role-with-web-identity", "--role-arn", idpLoginAwsOpts.RoleARN, "--role-session-name", fmt.Sprintf("%s-%d", wsInfo.WorkspaceId, time.Now().Unix()), "--web-identity-token", tkn)
 		out, err := awsCmd.CombinedOutput()
 		if err != nil {
 			return fmt.Errorf("%w: %s", err, string(out))
@@ -60,15 +65,17 @@ var idpLoginAwsCmd = &cobra.Command{
 			return err
 		}
 
-		credentials := "[default]\n"
-		credentials += fmt.Sprintf("aws_access_key_id=%s\n", result.Credentials.AccessKeyId)
-		credentials += fmt.Sprintf("aws_secret_access_key=%s\n", result.Credentials.SecretAccessKey)
-		credentials += fmt.Sprintf("aws_session_token=%s\n", result.Credentials.SessionToken)
-
-		_ = os.MkdirAll(filepath.Dir(idpLoginAwsOpts.CredentialsFile), 0755)
-		err = os.WriteFile(idpLoginAwsOpts.CredentialsFile, []byte(credentials), 0600)
-		if err != nil {
-			return err
+		vars := map[string]string{
+			"aws_access_key_id":     result.Credentials.AccessKeyId,
+			"aws_secret_access_key": result.Credentials.SecretAccessKey,
+			"aws_session_token":     result.Credentials.SessionToken,
+		}
+		for k, v := range vars {
+			awsCmd := exec.Command("aws", "configure", "set", "--profile", idpLoginAwsOpts.Profile, k, v)
+			out, err := awsCmd.CombinedOutput()
+			if err != nil {
+				return fmt.Errorf("%w: %s", err, string(out))
+			}
 		}
 
 		return nil
@@ -79,11 +86,6 @@ func init() {
 	idpLoginCmd.AddCommand(idpLoginAwsCmd)
 
 	idpLoginAwsCmd.Flags().StringVar(&idpLoginAwsOpts.RoleARN, "role-arn", os.Getenv("IDP_AWS_ROLE_ARN"), "AWS role to assume (defaults to IDP_AWS_ROLE_ARN env var)")
-
-	home, err := os.UserHomeDir()
-	if err != nil {
-		panic(err)
-	}
-	idpLoginAwsCmd.Flags().StringVar(&idpLoginAwsOpts.CredentialsFile, "credentials-file", filepath.Join(home, ".aws", "credentials"), "path to the AWS credentials file")
-	_ = idpLoginAwsCmd.MarkFlagFilename("credentials-file")
+	idpLoginAwsCmd.Flags().StringVarP(&idpLoginAwsOpts.Profile, "profile", "p", "default", "AWS profile to configure")
+	_ = idpLoginAwsCmd.MarkFlagFilename("profile")
 }