[idp aws login] Make AWS profile configurable

csweichel · csweichel · commit bdc8668e0edb · 2023-08-25T09:24:38.000Z
diff --git a/components/gitpod-cli/cmd/idp-login-aws.go b/components/gitpod-cli/cmd/idp-login-aws.go
@@ -10,7 +10,6 @@ import (
 	"fmt"
 	"os"
 	"os/exec"
-	"path/filepath"
 	"time"
 
 	"github.com/spf13/cobra"
@@ -21,8 +20,8 @@ const (
 )
 
 var idpLoginAwsOpts struct {
-	RoleARN         string
-	CredentialsFile string
+	RoleARN string
+	Profile string
 }
 
 var idpLoginAwsCmd = &cobra.Command{
@@ -60,15 +59,17 @@ var idpLoginAwsCmd = &cobra.Command{
 			return err
 		}
 
-		credentials := "[default]\n"
-		credentials += fmt.Sprintf("aws_access_key_id=%s\n", result.Credentials.AccessKeyId)
-		credentials += fmt.Sprintf("aws_secret_access_key=%s\n", result.Credentials.SecretAccessKey)
-		credentials += fmt.Sprintf("aws_session_token=%s\n", result.Credentials.SessionToken)
-
-		_ = os.MkdirAll(filepath.Dir(idpLoginAwsOpts.CredentialsFile), 0755)
-		err = os.WriteFile(idpLoginAwsOpts.CredentialsFile, []byte(credentials), 0600)
-		if err != nil {
-			return err
+		vars := map[string]string{
+			"aws_access_key_id":     result.Credentials.AccessKeyId,
+			"aws_secret_access_key": result.Credentials.SecretAccessKey,
+			"aws_session_token":     result.Credentials.SessionToken,
+		}
+		for k, v := range vars {
+			awsCmd := exec.Command("aws", "configure", "set", "--profile", idpLoginAwsOpts.Profile, k, v)
+			out, err := awsCmd.CombinedOutput()
+			if err != nil {
+				return fmt.Errorf("%w: %s", err, string(out))
+			}
 		}
 
 		return nil
@@ -79,11 +80,6 @@ func init() {
 	idpLoginCmd.AddCommand(idpLoginAwsCmd)
 
 	idpLoginAwsCmd.Flags().StringVar(&idpLoginAwsOpts.RoleARN, "role-arn", os.Getenv("IDP_AWS_ROLE_ARN"), "AWS role to assume (defaults to IDP_AWS_ROLE_ARN env var)")
-
-	home, err := os.UserHomeDir()
-	if err != nil {
-		panic(err)
-	}
-	idpLoginAwsCmd.Flags().StringVar(&idpLoginAwsOpts.CredentialsFile, "credentials-file", filepath.Join(home, ".aws", "credentials"), "path to the AWS credentials file")
-	_ = idpLoginAwsCmd.MarkFlagFilename("credentials-file")
+	idpLoginAwsCmd.Flags().StringVarP(&idpLoginAwsOpts.Profile, "profile", "p", "default", "AWS profile to configure")
+	_ = idpLoginAwsCmd.MarkFlagFilename("profile")
 }
