Correct evaluation of "profile" command argument

README.md

@@ -208,11 +208,9 @@ that can be used for the AWS CLI configuration. Output can also be expressed as
 values](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html)
 for AWS CLI configuration.
 
-Configuration can be done with command line flags, an `.env` file, environment
-variables, or a combination of the three. Configuration is evaluated in that
-order. For example if the CLI flag `--profile [value]` and the env var
-`OKTA_AWSCLI_PROFILE` are both present then the environment variable value takes
-precedent.
+Configuration can be done with command line flags, environment variables, an
+`.env` file, or a combination of the three. The first value found in that
+evaluation order takes precedent.
 
 Also see the CLI's online help `$ okta-aws-cli --help`
 

cmd/root/root.go

@@ -90,21 +90,21 @@ func init() {
 		{
 			name:   config.SessionDurationFlag,
 			short:  "s",
-			value:  "3600",
+			value:  "",
 			usage:  "Session duration for role.",
 			envVar: config.AWSSessionDurationEnvVar,
 		},
 		{
 			name:   config.ProfileFlag,
 			short:  "p",
-			value:  "default",
+			value:  "",
 			usage:  "AWS Profile",
 			envVar: config.ProfileEnvVar,
 		},
 		{
 			name:   config.FormatFlag,
 			short:  "f",
-			value:  "env-var",
+			value:  "",
 			usage:  "Output format. [env-var|aws-credentials]",
 			envVar: config.FormatEnvVar,
 		},

internal/config/config.go

@@ -259,9 +259,9 @@ func readConfig() (Attributes, error) {
 		attrs.Format = EnvVarFormat
 	}
 
-	// if profile is set by env var defer to it, otherwise the default "default"
-	// will be used
-	if viper.GetString(downCase(ProfileEnvVar)) != "" {
+	// mimic AWS CLI behavior, if profile value is not set by flag check
+	// the ENV VAR, else set to "default"
+	if attrs.Profile == "" {
 		attrs.Profile = viper.GetString(downCase(ProfileEnvVar))
 	}
 	if attrs.Profile == "" {
@@ -285,16 +285,19 @@ func readConfig() (Attributes, error) {
 	if attrs.AWSIAMRole == "" {
 		attrs.AWSIAMRole = viper.GetString(downCase(AWSIAMRoleEnvVar))
 	}
-	// duration has a default of 3600 from CLI flags, but if the env var version
-	// is not 0 then prefer it
-	duration := viper.GetInt64(downCase(AWSSessionDurationEnvVar))
-	if duration != 0 {
-		attrs.AWSSessionDuration = duration
-	}
 	if !attrs.QRCode {
 		attrs.QRCode = viper.GetBool(downCase(QRCodeEnvVar))
 	}
 
+	// if session duration is 0, inspect the ENV VAR for a value, else set
+	// a default of 3600
+	if attrs.AWSSessionDuration == 0 {
+		attrs.AWSSessionDuration = viper.GetInt64(downCase(AWSSessionDurationEnvVar))
+	}
+	if attrs.AWSSessionDuration == 0 {
+		attrs.AWSSessionDuration = 3600
+	}
+
 	// correct org domain if it's in admin form
 	orgDomain := strings.Replace(attrs.OrgDomain, "-admin", "", -1)
 	if orgDomain != attrs.OrgDomain {