Ask role option doesn't seem to work

[duartegarin]

Hi, We often have to switch between accounts and so it's important we don't have to go and remove the config manually to run google auth again. The ask_role option seems to be exactly what we need, however it doesn't seem to work. Steps to reproduce:

1. docker run -it -e AWS_ASK_ROLE -e GOOGLE_USERNAME -e GOOGLE_IDP_ID -e GOOGLE_SP_ID -e AWS_PROFILE -v ~/.aws:/root/.aws cevoaustralia/aws-google-auth where AWS_ASK_ROLE=True
2. The credentials get cached nonetheless

Looking at the config file, the value seems to be stored as False. Even further, if I manually edit it to True it gets ignored again and set back to false.

Looking at the codebase I suspect the issue is in this conditional:

 if config.role_arn in roles and not config.ask_role:

If I'm reading this correctly, it also checks if the role exists in the config (regardless of ask role). Indeed if I remove the role from the config I get prompted, but then the role is set again and next time it gets cached.

Looking at the PR that added this (here: https://github.com/cevoaustralia/aws-google-auth/pull/13/files) it seems this used to be an or statement, which would make sense.

Am I missing something?

Thanks!