feat!: add GRANTED_BROWSER_PROFILE env var support for browser profile override#914
Conversation
…e override Add support for GRANTED_BROWSER_PROFILE environment variable to override the browser profile used when opening AWS console with -c/-s flags. Changes: - Add EnvVars to browser-profile flag to automatically read from GRANTED_BROWSER_PROFILE environment variable - Remove browser-profile from getConsoleURL condition to prevent env var from inadvertently triggering console URL generation - Browser profile from env var is only used when actually launching browser (after all safety checks) BREAKING CHANGE: The --browser-profile flag no longer triggers browser opening by itself. Users must now explicitly use -c or -s flags along with --browser-profile to open a browser. Previously, passing --browser-profile alone would open a browser window, but now it only sets which browser profile to use when a browser is opened via other flags. This prevents the GRANTED_BROWSER_PROFILE environment variable from inadvertently opening browsers. This allows users to set a default browser profile via environment variable that will be used whenever opening the console, while still allowing --browser-profile flag to take precedence. Fixes fwdcloudsec#886
… profile Add support for GRANTED_SSO_BROWSER_PROFILE environment variable to override the browser profile used when launching SSO login flows. When using SSOBrowserLaunchTemplate, the environment variable will be used to specify which browser profile to use for SSO authentication flows. Usage: export GRANTED_SSO_BROWSER_PROFILE="MySSOProfile" assume <profile> # SSO login will use "MySSOProfile" as the browser profile
…env var support - Add --sso-browser-profile flag to assume, granted sso login, generate, and populate commands - Add SSOBrowserProfile field to ConfigOpts to pass browser profile through SSO login flow - Remove redundant environment variable check from idclogin.Login (handled by flag EnvVars) - Add test case for empty browser profile in launcher tests - Support GRANTED_SSO_BROWSER_PROFILE environment variable via flag EnvVars
billyjbryant
force-pushed
the
feat/browser-profile-env-var
branch
from
ff6f3a1 to
40ca546
Compare
meyerjrr
left a comment
meyerjrr
left a comment
There was a problem hiding this comment.
Thanks for the contribution @billyjbryant !
On the fence on the decision to make the breaking change to make browser-profile no longer open the console as users may already have using this in their workflows to open to a profile, like noted in the tracked issue.
What if we added this as a setting to the granted config as default-browser-profile. That way we would not have to interfere with the existing UX of the flag but enable users to specify a profile to always open up into.
What are your thoughts on this?
Isn't that kind of a side effect? I honestly wouldn't expect that to be a "feature" that calling I'm ok to tweak; however, if we feel that the change would be disruptive, I'm happy to entertain other options. |
|
@billyjbryant On second thought, I agree with where you're coming from here. Again thanks for the contribution! |
2 participants
Details
Add support for
GRANTED_BROWSER_PROFILEandGRANTED_SSO_BROWSER_PROFILEenvironment variables to override the browser profile used when opening AWS console and during SSO login flows.Fixes #886
Changes
Browser Profile for Console Access (
GRANTED_BROWSER_PROFILE)EnvVarsto--browser-profileflag to automatically read fromGRANTED_BROWSER_PROFILEenvironment variablebrowser-profilefromgetConsoleURLcondition to prevent env var from inadvertently triggering console URL generationSSO Browser Profile (
GRANTED_SSO_BROWSER_PROFILE)--sso-browser-profileflag toassume,granted sso login,granted sso generate, andgranted sso populatecommandsSSOBrowserProfilefield toConfigOptsto pass browser profile through SSO login flowGRANTED_SSO_BROWSER_PROFILEenvironment variable via flagEnvVarsBreaking Changes
The
--browser-profileflag no longer triggers browser opening by itself.Users must now explicitly use
-cor-sflags along with--browser-profileto open a browser with the desired profile.Previously, passing
--browser-profilealone would open a browser window, but now it only sets which browser profile to use when a browser is opened via other flags. This prevents theGRANTED_BROWSER_PROFILEenvironment variable from inadvertently opening browsers.Usage
Console Browser Profile
Users can now set a default browser profile via environment variable for console access:
The
--browser-profileflag still takes precedence over the environment variable.SSO Browser Profile
Users can set a default browser profile for SSO login flows:
Or use the flag directly:
The
--sso-browser-profileflag takes precedence over theGRANTED_SSO_BROWSER_PROFILEenvironment variable.Testing
BREAKING CHANGE: The
--browser-profileflag no longer triggers browser opening by itself. Users must now explicitly use-cor-sflags along with--browser-profileto open a browser with the desired profile.