From 673b9fc3317d48a169fe612575186b3eb1a42a13 Mon Sep 17 00:00:00 2001 From: Mark Keisler Date: Tue, 18 Apr 2023 03:36:07 -0500 Subject: [PATCH] feat(aws)!: improve `aws_change_access_key` (#11378) BREAKING CHANGE: This commit removes compatibility for `aws` cli v1. Now only v2 is supported. --- plugins/aws/README.md | 11 ++++++----- plugins/aws/aws.plugin.zsh | 37 +++++++++++++++++++++++++++++++------ 2 files changed, 37 insertions(+), 11 deletions(-) diff --git a/plugins/aws/README.md b/plugins/aws/README.md index 846bf1414..54bc7a44d 100644 --- a/plugins/aws/README.md +++ b/plugins/aws/README.md @@ -1,7 +1,8 @@ # aws -This plugin provides completion support for [awscli](https://docs.aws.amazon.com/cli/latest/reference/index.html) +This plugin provides completion support for [awscli v2](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/index.html) and a few utilities to manage AWS profiles/regions and display them in the prompt. +[awscli v1](https://docs.aws.amazon.com/cli/latest/userguide/cliv2-migration.html) is no longer supported. To use it, add `aws` to the plugins array in your zshrc file. @@ -12,9 +13,9 @@ plugins=(... aws) ## Plugin commands * `asp []`: sets `$AWS_PROFILE` and `$AWS_DEFAULT_PROFILE` (legacy) to ``. - It also sets `$AWS_EB_PROFILE` to `` for the Elastic Beanstalk CLI. It sets `$AWS_PROFILE_REGION` for display in `aws_prompt_info`. + It also sets `$AWS_EB_PROFILE` to `` for the Elastic Beanstalk CLI. It sets `$AWS_PROFILE_REGION` for display in `aws_prompt_info`. Run `asp` without arguments to clear the profile. -* `asp [] login`: If AWS SSO has been configured in your aws profile, it will run the `aws sso login` command following profile selection. +* `asp [] login`: If AWS SSO has been configured in your aws profile, it will run the `aws sso login` command following profile selection. * `asr []`: sets `$AWS_REGION` and `$AWS_DEFAULT_REGION` (legacy) to ``. Run `asr` without arguments to clear the profile. @@ -65,7 +66,7 @@ the current `$AWS_PROFILE` and `$AWS_REGION`. It uses four variables to control Source profile credentials in `~/.aws/credentials`: -``` +```ini [source-profile-name] aws_access_key_id = ... aws_secret_access_key = ... @@ -73,7 +74,7 @@ aws_secret_access_key = ... Role configuration in `~/.aws/config`: -``` +```ini [profile source-profile-name] mfa_serial = arn:aws:iam::111111111111:mfa/myuser region = us-east-1 diff --git a/plugins/aws/aws.plugin.zsh b/plugins/aws/aws.plugin.zsh index a379eaa18..d45abba57 100644 --- a/plugins/aws/aws.plugin.zsh +++ b/plugins/aws/aws.plugin.zsh @@ -160,14 +160,39 @@ function aws_change_access_key() { return 1 fi - echo "Insert the credentials when asked." - asp "$1" || return 1 - AWS_PAGER="" aws iam create-access-key - AWS_PAGER="" aws configure --profile "$1" + local profile="$1" + # Get current access key + local original_aws_access_key_id="$(aws configure get aws_access_key_id --profile $profile)" - echo "You can now safely delete the old access key running \`aws iam delete-access-key --access-key-id ID\`" + asp "$profile" || return 1 + echo "Generating a new access key pair for you now." + if aws --no-cli-pager iam create-access-key; then + echo "Insert the newly generated credentials when asked." + aws --no-cli-pager configure --profile $profile + else + echo "Current access keys:" + aws --no-cli-pager iam list-access-keys + echo "Profile \"${profile}\" is currently using the $original_aws_access_key_id key. You can delete an old access key by running \`aws --profile $profile iam delete-access-key --access-key-id AccessKeyId\`" + return 1 + fi + + read -q "yn?Would you like to disable your previous access key (${original_aws_access_key_id}) now? " + case $yn in + [Yy]*) + echo -n "\nDisabling access key ${original_aws_access_key_id}..." + if aws --no-cli-pager update-access-key --access-key-id ${original_aws_access_key_id} --status Inactive; then + echo "done." + else + echo "\nFailed to disable ${original_aws_access_key_id} key." + fi + ;; + *) + echo "" + ;; + esac + echo "You can now safely delete the old access key by running \`aws --profile $profile iam delete-access-key --access-key-id ${original_aws_access_key_id}\`" echo "Your current keys are:" - AWS_PAGER="" aws iam list-access-keys + aws --no-cli-pager iam list-access-keys } function aws_regions() {