add support for sso auth #1911
add support for sso auth #1911
Conversation
|
@harshavardhana is it an explicit goal of |
aws-sdk-go is a bloatware we cannot really depend on that |
| Region string `json:"region"` | ||
| } | ||
|
|
||
| func (p *FileAWSCredentials) getSSOCredentials(iniProfile *ini.Section) (ssoCredentials, error) { |
There was a problem hiding this comment.
Please describe what is happening - it seems to be some interaction with external files/tools I don't really understand.
| return nil, err | ||
| // aws allows specifying the profile as [profile myprofile] | ||
| if strings.Contains(err.Error(), "does not exist") { | ||
| iniProfile, err = config.GetSection(fmt.Sprintf("profile %s", profile)) |
There was a problem hiding this comment.
nit: Maybe this shouldn't over-write the original error if it fails...
| // the file path is the sso-profile, "main", sha1-ed | ||
| os.WriteFile( | ||
| path.Join(tmpDir, "b28b7af69320201d1cf206ebf28373980add1451.json"), | ||
| []byte(`{"startUrl": "https://testacct.awsapps.com/start", "region": "us-test-2", "accessToken": "my-access-token", "expiresAt": "2020-01-11T00:00:00Z"}`), |
There was a problem hiding this comment.
Is the "startURL" used for a call?
Just making sure that we don't have tests making external calls.
This PR adds credential support for retrieving AWS SSO credentials and using those against a bucket store. I also added a test.
SSO is becoming increasingly common for many benefits. I figured I'd try a PR to support it in MinIO. I can understand if this feels too coupled with a single provider, figured I'd try anyway.
This is not a full-fledged implementation, but it works and was enough to get me off the ground running. I'm sure there are edge-cases and configs that are not covered here. I noticed that AWS sdk is not vendored in this project, so I opted to write an implementation from scratch.