feat: enable prompt if role not provided

[switj]

If the role_arn is provided, attempt to assume that role. No change to
current behaviour.

If role_arn is empty or not present in the profile and there is more than one
role then display the full list of roles the user can assume and prompt
them to choose the role to assume. The choice will be sticky for the
rest of the session for that profile. Whne the session ends they will be
prompted again to choose a role.

[switj]

Hello aws-okta Admins,

this was a change that we needed and wanted to submit an upstream PR to see if this would be a useful change for everyone.

the new exec flow would look something like this:

$ aws-okta exec okta -- aws help
INFO[0010] Requesting MFA. Please complete two-factor authentication with your second device
INFO[0010] Select a MFA from the following list
INFO[0010] 0: GOOGLE (token:software:totp)
INFO[0010] 1: FIDO (u2f)
Select MFA method: 0

Enter MFA Code: <mfa_code>

0 - arn:aws:iam::<acct_id>:role/role1
1 - arn:aws:iam::<acct_id>:role/role2
2 - arn:aws:iam::<acct_id>:role/role3
3 - arn:aws:iam::<acct_id>:role/role4
Select Role to Assume: 1

This is a change from:

$ aws-okta exec okta -- aws help
Source profile must provide `role_arn`

In both cases I'm using the default okta profile that is created during setup. The existing behaviour of having a profile that includes role_arn is unchanged.

[nickatsegment]

Looks sensible, except for the bonus refactoring :P

[nickatsegment]

This refactoring seems orthogonal to the problem at hand? And while I appreciate the effort, it'd be best to leave it out, for compatibility's sake.

We really should refactor all this stuff into an internal package so we don't have to worry about compatibility.

[nickatsegment]

I wouldn't worry about doing this refactor here; it makes the actual purpose of the PR a little unclear.

[bazimov]

Love this feature, if it can be implemented. ❤️

[aadityasondhi]

Looks sensible, except for the bonus refactoring :P

Fixed up the commit to remove the extra refactoring. Let me know what you think.

@nickatsegment

[Shivang44]

@nickatsegment Mind merging this? Or are you waiting on more approvals? 🙂

[nickatsegment]

@nickatsegment Mind merging this? Or are you waiting on more approvals? 🙂

Thanks for pinging me. I do need a second pair of eyes. Looks harmless but this codebase is getting hairy and hard to follow.

[nickatsegment]

@switj I merged your other PR first because I feel more sure about it. Please rebase :)

[switj]

@nickatsegment rebase done. thanks for merging the other PR

[Fauzyy]

LGTM!

[Shivang44]

@nickatsegment @Fauzyy @switj Thanks so much for the quick response! What's usually the process for getting a new version into homebrew? Do we update this? https://github.com/Homebrew/homebrew-core/blob/master/Formula/aws-okta.rb

[nickatsegment]

@nickatsegment @Fauzyy @switj Thanks so much for the quick response! What's usually the process for getting a new version into homebrew? Do we update this? Homebrew/homebrew-core:Formula/aws-okta.rb@master

Usually we just cut a release and a magical fairy does the rest :D I bet they'd accept a PR from you

I'll cut a release now