Support SSO and CA Bundle parameters in credentials file (#1795)

Author: skmcgrail

.changelog/6a9e3da6a75c41fd9efef3fdf2355f48.json

@@ -0,0 +1,8 @@
+{
+    "id": "6a9e3da6-a75c-41fd-9efe-f3fdf2355f48",
+    "type": "feature",
+    "description": "Adds support for the following settings in the `~/.aws/credentials` file: `sso_account_id`, `sso_region`, `sso_role_name`, `sso_start_url`, and `ca_bundle`.",
+    "modules": [
+        "config"
+    ]
+}

config/shared_config.go

@@ -463,7 +463,6 @@ type LoadSharedConfigOptions struct {
 //
 // You can read more about shared config and credentials file location at
 // https://docs.aws.amazon.com/credref/latest/refdocs/file-location.html#file-location
-//
 func LoadSharedConfigProfile(ctx context.Context, profile string, optFns ...func(*LoadSharedConfigOptions)) (SharedConfig, error) {
 	var option LoadSharedConfigOptions
 	for _, fn := range optFns {
@@ -680,6 +679,11 @@ func mergeSections(dst, src ini.Sections) error {
 			useFIPSEndpointKey,
 			defaultsModeKey,
 			retryModeKey,
+			ssoAccountIDKey,
+			ssoRegionKey,
+			ssoRoleNameKey,
+			ssoStartURL,
+			caBundleKey,
 		}
 		for i := range stringKeys {
 			if err := mergeStringKey(&srcSection, &dstSection, sectionName, stringKeys[i]); err != nil {

config/shared_config_test.go

@@ -591,6 +591,11 @@ func TestNewSharedConfig(t *testing.T) {
 				Profile:             "merged_profiles",
 				RoleARN:             "creds_profile_arn",
 				RoleDurationSeconds: aws.Duration(1023 * time.Second),
+				SSOAccountID:        "0123456789",
+				SSORegion:           "us-west-2",
+				SSORoleName:         "CredProfileRole",
+				SSOStartURL:         "https://my-sso-cred-profile-role.awsapps.com/start",
+				CustomCABundle:      "/path/to/bundle.b",
 			},
 		},
 		"merged profiles across config files": {
@@ -601,6 +606,11 @@ func TestNewSharedConfig(t *testing.T) {
 				Profile:             "merged_profiles",
 				RoleARN:             "config_profile_arn",
 				RoleDurationSeconds: aws.Duration(3601 * time.Second),
+				SSOAccountID:        "1234567890",
+				SSORegion:           "us-east-1",
+				SSORoleName:         "ConfigProfileRole",
+				SSOStartURL:         "https://my-sso-config-profile-role.awsapps.com/start",
+				CustomCABundle:      "/path/to/bundle.a",
 			},
 		},
 		"merged profiles across credentials files": {
@@ -611,6 +621,11 @@ func TestNewSharedConfig(t *testing.T) {
 				Profile:             "merged_profiles",
 				RoleARN:             "creds_profile_arn",
 				RoleDurationSeconds: aws.Duration(1023 * time.Second),
+				SSOAccountID:        "0123456789",
+				SSORegion:           "us-west-2",
+				SSORoleName:         "CredProfileRole",
+				SSOStartURL:         "https://my-sso-cred-profile-role.awsapps.com/start",
+				CustomCABundle:      "/path/to/bundle.b",
 			},
 		},
 	}

config/testdata/shared_config

@@ -19,6 +19,11 @@ duration_seconds = 3601
 [profile merged_profiles]
 duration_seconds = 3601
 role_arn = config_profile_arn
+sso_start_url = https://my-sso-config-profile-role.awsapps.com/start
+sso_region = us-east-1
+sso_account_id = 1234567890
+sso_role_name = ConfigProfileRole
+ca_bundle = /path/to/bundle.a
 
 [profile short_profile_name_first]
 region = short_profile_name_first_short

config/testdata/shared_credentials

@@ -22,3 +22,8 @@ region = eu-west-3
 [merged_profiles]
 duration_seconds = 1023
 role_arn = creds_profile_arn
+sso_start_url = https://my-sso-cred-profile-role.awsapps.com/start
+sso_region = us-west-2
+sso_account_id = 0123456789
+sso_role_name = CredProfileRole
+ca_bundle = /path/to/bundle.b