onelogin/onelogin-python-aws-assume-role

Cannot override default values using profile parameter

Opened this issue · 0 comments

mariceslia commented

Is there any reason why the value of the profile parameter is not allowed to be overridden ?

{
  "app_id": "123456",
  "subdomain": "myolsubdomain",
  "username": "user.name",
  "profile": "profile-1",
  "duration": 3600,
  "aws_region": "us-west-2",
  "aws_account_id": "aaa",
  "aws_role_name": "",
  "profiles": {
    "profile-1": {
      "aws_account_id": "",
      "aws_role_name": "",
      "aws_region": "",
      "app_id": ""
    },
    "profile-2": {
      "aws_account_id": "bbb"
    }
  }
}

profiles Contains a list of profile->account id, and optionally role name mappings. If this attribute is populated aws_account_id, aws_role_name, aws_region, and app_id will be set based on the profile provided when running the script.

I understand that if we set up profiles and specify the target with the profile parameter at runtime, we can override the default values.

  • default aws_account_id: aaa
  • --profile profile-2 aws_account_id: bbb

onelogin-python-aws-assume-role/src/aws_assume_role/aws_assume_role.py

Lines 142 to 149 in bbc825c

if 'aws_account_id' in profile.keys() and profile['aws_account_id'] and not options.aws_account_id:
options.aws_account_id = profile['aws_account_id']
if 'aws_role_name' in profile.keys() and profile['aws_role_name'] and not options.aws_role_name:
options.aws_role_name = profile['aws_role_name']
if 'aws_region' in profile.keys() and profile['aws_region'] and not options.aws_region:
options.aws_region = profile['aws_region']
if 'app_id' in profile.keys() and profile['app_id'] and not options.app_id:
options.app_id = profile['app_id']

However, under the conditions of the code, it is not possible to override a value for which a default value has already been set.
(and not options.aws_account_id)
Is there any reason why the value of the profile parameter is not allowed to be overridden ?