From fe9d87d6dc2f3e6194862799b0707f97844e83ac Mon Sep 17 00:00:00 2001
From: Mike Mattice <mmattice@users.noreply.github.com>
Date: Wed, 19 Jan 2022 08:58:34 -0600
Subject: [PATCH] feat(aws): accept aws mfa tokencode on `acp` cli call
 (#10130)

Co-authored-by: Mike Mattice <mmattice@reliant.io>
---
 plugins/aws/README.md      | 8 ++++----
 plugins/aws/aws.plugin.zsh | 8 +++++---
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/plugins/aws/README.md b/plugins/aws/README.md
index 24c6429dd..d6f4f4600 100644
--- a/plugins/aws/README.md
+++ b/plugins/aws/README.md
@@ -16,10 +16,10 @@ plugins=(... aws)
   Run `asp` without arguments to clear the profile.
 * `asp [<profile>] login`: If AWS SSO has been configured in your aws profile, it will run the `aws sso login` command following profile selection. 
 
-* `acp [<profile>]`: in addition to `asp` functionality, it actually changes the profile by
-   assuming the role specified in the `<profile>` configuration. It supports MFA and sets
-   `$AWS_ACCESS_KEY_ID`, `$AWS_SECRET_ACCESS_KEY` and `$AWS_SESSION_TOKEN`, if obtained. It
-   requires the roles to be configured as per the
+* `acp [<profile>] [<mfa_token>]`: in addition to `asp` functionality, it actually changes
+   the profile by assuming the role specified in the `<profile>` configuration. It supports
+   MFA and sets `$AWS_ACCESS_KEY_ID`, `$AWS_SECRET_ACCESS_KEY` and `$AWS_SESSION_TOKEN`, if
+   obtained. It requires the roles to be configured as per the
    [official guide](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html).
    Run `acp` without arguments to clear the profile.
 
diff --git a/plugins/aws/aws.plugin.zsh b/plugins/aws/aws.plugin.zsh
index c18bd634b..920a7139d 100644
--- a/plugins/aws/aws.plugin.zsh
+++ b/plugins/aws/aws.plugin.zsh
@@ -45,6 +45,7 @@ function acp() {
   fi
 
   local profile="$1"
+  local mfa_token="$2"
 
   # Get fallback credentials for if the aws command fails or no command is run
   local aws_access_key_id="$(aws configure get aws_access_key_id --profile $profile)"
@@ -58,9 +59,10 @@ function acp() {
 
   if [[ -n "$mfa_serial" ]]; then
     local -a mfa_opt
-    local mfa_token
-    echo -n "Please enter your MFA token for $mfa_serial: "
-    read -r mfa_token
+    if [[ -z "$mfa_token" ]]; then
+      echo -n "Please enter your MFA token for $mfa_serial: "
+      read -r mfa_token
+    fi
     if [[ -z "$sess_duration" ]]; then
       echo -n "Please enter the session duration in seconds (900-43200; default: 3600, which is the default maximum for a role): "
       read -r sess_duration