Improve exception when IAM Identity Center auth is used (#629)

omus · web-flow · commit 7b09eb1e74f9 · 2023-06-07T14:19:08.000-05:00
* Improve exception when IAM Identity Center auth is used

* Formatting

* Set project version to 1.87.1
diff --git a/Project.toml b/Project.toml
@@ -1,7 +1,7 @@
 name = "AWS"
 uuid = "fbe9abb3-538b-5e4e-ba9e-bc94f4f92ebc"
 license = "MIT"
-version = "1.87.0"
+version = "1.87.1"
 
 [deps]
 Base64 = "2a0f44e3-6c83-55bd-87e4-b1978d98bd5f"
diff --git a/src/AWSCredentials.jl b/src/AWSCredentials.jl
@@ -462,6 +462,17 @@ function sso_credentials(profile=nothing)
         settings = _aws_profile_config(ini, p)
         isempty(settings) && return nothing
 
+        # AWS IAM Identity Center authentication is not yet supported in AWS.jl
+        sso_session = get(settings, "sso_session", nothing)
+        if !isnothing(sso_session)
+            error(
+                "IAM Identity Center authentication is not yet supported by AWS.jl. " *
+                "See https://github.com/JuliaCloud/AWS.jl/issues/628",
+            )
+        end
+
+        # Legacy SSO configuration
+        # https://docs.aws.amazon.com/cli/latest/userguide/sso-configure-profile-legacy.html#sso-configure-profile-manual
         sso_start_url = get(settings, "sso_start_url", nothing)
 
         if !isnothing(sso_start_url)
diff --git a/test/AWSCredentials.jl b/test/AWSCredentials.jl
@@ -576,6 +576,29 @@ end
                     end
                 end
 
+                # TODO: Additional, precedence tests should be added for IAM Identity Center
+                # once support has been introduced.
+                @testset "IAM Identity Center preferred over legacy SSO" begin
+                    write(
+                        config_file,
+                        """
+                        [sso-session my-sso]
+                        sso_region = us-east-1
+                        sso_start_url = https://my-sso-portal.awsapps.com/start
+
+                        [default]
+                        sso_session = my-sso
+                        sso_start_url = https://my-legacy-sso-portal.awsapps.com/start
+                        sso_role_name = role1
+                        """,
+                    )
+                    isfile(creds_file) && rm(creds_file)
+
+                    apply(Patches.sso_service_patches("AKI_SSO", "SAK_SSO")) do
+                        @test_throws ErrorException AWSCredentials()
+                    end
+                end
+
                 @testset "SSO preferred over credentials file" begin
                     write(
                         config_file,
