feat(aws): accept aws mfa tokencode on `acp` cli call (#10130)

Co-authored-by: Mike Mattice <mmattice@reliant.io>

plugins/aws/README.md

@@ -16,10 +16,10 @@ plugins=(... aws)
   Run `asp` without arguments to clear the profile.
 * `asp [<profile>] login`: If AWS SSO has been configured in your aws profile, it will run the `aws sso login` command following profile selection. 
 
-* `acp [<profile>]`: in addition to `asp` functionality, it actually changes the profile by
-   assuming the role specified in the `<profile>` configuration. It supports MFA and sets
-   `$AWS_ACCESS_KEY_ID`, `$AWS_SECRET_ACCESS_KEY` and `$AWS_SESSION_TOKEN`, if obtained. It
-   requires the roles to be configured as per the
+* `acp [<profile>] [<mfa_token>]`: in addition to `asp` functionality, it actually changes
+   the profile by assuming the role specified in the `<profile>` configuration. It supports
+   MFA and sets `$AWS_ACCESS_KEY_ID`, `$AWS_SECRET_ACCESS_KEY` and `$AWS_SESSION_TOKEN`, if
+   obtained. It requires the roles to be configured as per the
    [official guide](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html).
    Run `acp` without arguments to clear the profile.
 

plugins/aws/aws.plugin.zsh

@@ -45,6 +45,7 @@ function acp() {
   fi
 
   local profile="$1"
+  local mfa_token="$2"
 
   # Get fallback credentials for if the aws command fails or no command is run
   local aws_access_key_id="$(aws configure get aws_access_key_id --profile $profile)"
@@ -58,9 +59,10 @@ function acp() {
 
   if [[ -n "$mfa_serial" ]]; then
     local -a mfa_opt
-    local mfa_token
-    echo -n "Please enter your MFA token for $mfa_serial: "
-    read -r mfa_token
+    if [[ -z "$mfa_token" ]]; then
+      echo -n "Please enter your MFA token for $mfa_serial: "
+      read -r mfa_token
+    fi
     if [[ -z "$sess_duration" ]]; then
       echo -n "Please enter the session duration in seconds (900-43200; default: 3600, which is the default maximum for a role): "
       read -r sess_duration