Skip to content
This repository has been archived by the owner on May 18, 2021. It is now read-only.

Update missing conversion of OktaAccountName #285

Merged
merged 1 commit into from
Mar 19, 2020

Conversation

xarses
Copy link
Contributor

@xarses xarses commented Mar 18, 2020

GetSAMLLoginURL was using hard-coded "okta-creds" instead of the lookup
for OktaAccountName, in cases where multiple accounts are used, this can
result in building an incorrect login URL

GetSAMLLoginURL was using hard-coded "okta-creds" instead of the lookup
for OktaAccountName, in cases where multiple accounts are used, this can
result in building an incorrect login URL
@nickatsegment
Copy link
Contributor

This will mean existing users will have to readd their creds though I believe?

Just trying to figure out which behaviour is less broken :)

@xarses
Copy link
Contributor Author

xarses commented Mar 19, 2020

@nickatsegment no I didn't have to add either credential. I was able to recompile the binary and continue with my accounts as is.

Some more clarity on the problem I found was explicitly with aws-okta login other-account where one account was "default" i.e. no explicit account while other-account is explicitly another account. this results in login building a SAMLLoginURL that points to the default instance. This for some reason I haven't bothered to untangle does not happen if its a AssumeRole IAM just if its the SAMLAssumeRole landing account.

Other commands worked as expected without this modification i.e. aws sts get-caller-identity works with and without this change

Copy link
Contributor

@nickatsegment nickatsegment left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool, I'm convinced

@nickatsegment nickatsegment merged commit 9787e7c into segmentio:master Mar 19, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants