update tofu and aws-login

zsh/.local/share/zsh/functions/aws-login

@@ -1,4 +1,17 @@
 aws-login() {
-#  eval $(okta-aws-cli web) && export AWS_ENVIRONMENT="$(aws iam list-account-aliases | jq -r '.AccountAliases[0]')"
+  # In zsh, array indices start at 1. `local -a` declares an array.
-  export AWS_ENVIRONMENT=$(aws iam list-account-aliases | jq -r '.AccountAliases[0]')
+  local -a okta_opts
+  okta_opts+=(--cache-access-token)
+
+  if [[ -n "$AWS_ACCOUNT_ID" ]]; then
+    okta_opts+=(--aws-iam-idp "arn:aws:iam::${AWS_ACCOUNT_ID}:saml-provider/CFA-OKTA-PROD")
+    if [[ -n "$AWS_ROLE" ]]; then
+      okta_opts+=(-r "arn:aws:iam::${AWS_ACCOUNT_ID}:role/${AWS_ROLE}")
+    fi
+  fi
+
+  # The "${okta_opts[@]}" syntax expands the array into separate, quoted arguments.
+  echo "okta-aws-cli ${okta_opts[@]}"
+  eval "$(okta-aws-cli "${okta_opts[@]}")" && export AWS_ENVIRONMENT="$(aws iam list-account-aliases | jq -r '.AccountAliases[0]')"
+#  export AWS_ENVIRONMENT=$(aws iam list-account-aliases | jq -r '.AccountAliases[0]')
 }

zsh/.local/share/zsh/functions/git-branches

@@ -0,0 +1,4 @@
+# list all local Git branches sorted by their last commit date
+git-branches() {
+  git for-each-ref --sort=-committerdate --format='%(committerdate:iso8601) %(refname:short)' refs/heads/ 
+}

zsh/.local/share/zsh/functions/tf-vars

@@ -10,6 +10,7 @@ tf-vars() {
   export TF_CLI_ARGS_apply="-var-file=config/${env_name}.tfvars"
   export TF_CLI_ARGS_import="-var-file=config/${env_name}.tfvars"
   export TF_CLI_ARGS_destroy="-var-file=config/${env_name}.tfvars"
+  export TF_CLI_ARGS_console="-var-file=config/${env_name}.tfvars"
 
   echo "Terraform environment variables set for '${env_name}'."
 }