From 0e4308bbdbdb99d6788e6790d6f929c5800946a9 Mon Sep 17 00:00:00 2001 From: Nick LaMuro Date: Mon, 5 Aug 2024 19:58:02 -0400 Subject: [PATCH 1/3] [aws/sts_provisioner.go] Don't favor using default_region Default region should only be used to fill in a region when awsConfig.Region doesn't exist (and set it accordingly, but not be the sole determinant on if there is a difference. It should defer to what is already does in the `else if` later, where it sets it if it isn't blank, but doesn't error. Right now, it will error if `default region` is set in the 1Password item, but in reality, it should only do that if `region` (aka: `hasRegularRegion`) is set. This updates this logic to reflect that. --- plugins/aws/sts_provisioner.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/aws/sts_provisioner.go b/plugins/aws/sts_provisioner.go index b2181ed1a..db6f18c95 100644 --- a/plugins/aws/sts_provisioner.go +++ b/plugins/aws/sts_provisioner.go @@ -250,8 +250,8 @@ Learn how to add an OTP field to your item: https://developer.1password.com/docs/cli/shell-plugins/aws/#optional-set-up-multi-factor-authentication`, awsConfig.MfaSerial) } - if hasRegion && awsConfig.Region != "" && region != awsConfig.Region { - return fmt.Errorf("your local AWS configuration (config file or environment variable) has a different default region than the one specified in 1Password") + if hasRegularRegion && awsConfig.Region != "" && region != awsConfig.Region { + return fmt.Errorf("your local AWS configuration (config file or environment variable) has a different region than the one specified in 1Password") } else if awsConfig.Region == "" { awsConfig.Region = region } From ec4ef7ae1961a59d6460d698bc3d9b049e88ddf0 Mon Sep 17 00:00:00 2001 From: Nick LaMuro Date: Mon, 5 Aug 2024 19:58:45 -0400 Subject: [PATCH 2/3] [aws/sts_provisioner.go] Remove usage of hasRegion Now not used by the error check below, so removing. --- plugins/aws/sts_provisioner.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/plugins/aws/sts_provisioner.go b/plugins/aws/sts_provisioner.go index db6f18c95..3a53683be 100644 --- a/plugins/aws/sts_provisioner.go +++ b/plugins/aws/sts_provisioner.go @@ -227,8 +227,6 @@ func resolveLocalAnd1PasswordConfigurations(itemFields map[sdk.FieldName]string, region = defaultRegion } - hasRegion := hasDefaultRegion || hasRegularRegion - // only 1Password OTPs are supported if awsConfig.MfaToken != "" || awsConfig.MfaProcess != "" || awsConfig.MfaPromptMethod != "" { return fmt.Errorf("only 1Password-backed OTP authentication is supported by the MFA worklfow of the AWS shell plugin") From f3cded32b3fb36a4a64ad479dbe708125109b6dc Mon Sep 17 00:00:00 2001 From: Nick LaMuro Date: Mon, 5 Aug 2024 21:29:10 -0400 Subject: [PATCH 3/3] [access_key_test.go] Fix test --- plugins/aws/access_key_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/aws/access_key_test.go b/plugins/aws/access_key_test.go index 43ca67205..fcc38f7b3 100644 --- a/plugins/aws/access_key_test.go +++ b/plugins/aws/access_key_test.go @@ -643,14 +643,14 @@ func TestResolveLocalAnd1PasswordConfigurations(t *testing.T) { description: "has region both in 1Password and local config, but values differ", itemFields: map[sdk.FieldName]string{ fieldname.OneTimePassword: "515467", - fieldname.DefaultRegion: "us-east-2", + fieldname.Region: "us-east-2", }, awsConfig: &confighelpers.Config{ ProfileName: "dev", MfaSerial: "arn:aws:iam::123456789012:mfa/user", Region: "us-east-1", }, - err: fmt.Errorf("your local AWS configuration (config file or environment variable) has a different default region than the one specified in 1Password"), + err: fmt.Errorf("your local AWS configuration (config file or environment variable) has a different region than the one specified in 1Password"), }, } { t.Run(scenario.description, func(t *testing.T) {