Feat filter selection: adds --filter-selection/-f option to filter generated role selection screen #316
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This option will filter out the list of roles generated when calling
gimme-aws-creds
to show only those that contain a match on the passed in string.Example:
gimme-aws-creds
might return:And
gimme-aws-creds -f dev
would return:If only one match is found, it is auto selected (already the default behavior - not part of this feature).
If the user has their
~/.okta_aws_login_config
file set so thataws_rolename = all
then passing in the-f
option causes creds to be generated against the filtered list instead of every role available to the user. I.e:gimme-aws-creds -f poc
would grab creds only for matching roles, whereasaws-gimme-creds
would still grab creds for all roles.Related Issue
None
Motivation and Context
This change is helpful for users with access to many roles. For instance, my team at WarnerBros has access to hundreds of roles across hundreds of AWS accounts, and selecting the one we need at a given time from a long list is tedious. This option lets us call the specific account we need access to, or a part of it (the list of poc accounts, or dev accounts, or prod accounts), and select from a much smaller list.
How Has This Been Tested?
This change was tested manually by running:
gimme-aws-creds
by itself and verifying the resulting list.gimme-aws-creds -f poc
and verifying the resulting list, selecting one and verifying the resulting creds worked with anaws --profile aws-aio-poc sts get-caller-identity
call.gimme-aws-creds -f aws-aio-poc
and verifying the generated creds worked with anaws --profile aws-aio-poc sts get-caller-identity
call.Screenshots (if appropriate):
Types of changes
Checklist: