broken ecs server stuff. Change the REST API

Author: synfinatic

CHANGELOG.md

@@ -1,5 +1,18 @@
 # AWS SSO CLI Changelog
 
+## [v1.13.1] - 2023-08-23
+
+### Bugs
+
+ * Fix ECS Server to be more RESTful and document the API
+ * Fix bugs in ECS Server
+
+### Changes 
+
+ * Default profile `AWS_CONTAINER_CREDENTIALS_FULL_URI` is now `http://localhost:4144/`
+ * Slotted profile `AWS_CONTAINER_CREDENTIALS_FULL_URI` is now `http://localhost:4144/slot/<profile>`
+ * `aws-sso ecs list` and `aws-sso ecs profile` now return the same output format
+
 ## [v1.13.0] - 2023-08-21
 
 ### Bugs

cmd/aws-sso/ecs_cmd.go

@@ -95,8 +95,15 @@ func (cc *EcsProfileCmd) Run(ctx *RunContext) error {
 	if err != nil {
 		return err
 	}
-	fmt.Printf("%s\n", profile)
-	return nil
+
+	if profile.ProfileName == "" {
+		return fmt.Errorf("No profile loaded in ECS Server.")
+	}
+
+	profiles := []server.ListProfilesResponse{
+		profile,
+	}
+	return listProfiles(profiles)
 }
 
 func (cc *EcsUnloadCmd) Run(ctx *RunContext) error {
@@ -146,6 +153,10 @@ func (cc *EcsListCmd) Run(ctx *RunContext) error {
 		return nil
 	}
 
+	return listProfiles(profiles)
+}
+
+func listProfiles(profiles []server.ListProfilesResponse) error {
 	// sort our results
 	sort.Slice(profiles, func(i, j int) bool {
 		return strings.Compare(profiles[i].ProfileName, profiles[j].ProfileName) < 0
@@ -157,7 +168,7 @@ func (cc *EcsListCmd) Run(ctx *RunContext) error {
 	}
 
 	fields := []string{"ProfileName", "AccountIdPad", "RoleName", "Expires"}
-	err = gotable.GenerateTable(tr, fields)
+	err := gotable.GenerateTable(tr, fields)
 	if err != nil {
 		fmt.Printf("\n")
 	}

docs/ecs-server.md

@@ -12,6 +12,7 @@
  * [Errors](#errors)
  * [Authentication](#authentication)
  * [HTTPS Transport](#https-transport)
+ * [REST API](#rest-api)
 
 ## Overview
 
@@ -41,7 +42,7 @@ port via the `--port` flag or setting the `AWS_SSO_ECS_PORT` environment variabl
 
 AWS clients and `aws-sso` should use:
 
-`AWS_CONTAINER_CREDENTIALS_FULL_URI=http://localhost:4144/creds`
+`AWS_CONTAINER_CREDENTIALS_FULL_URI=http://localhost:4144/`
 
 ### AWS\_CONTAINER\_CREDENTIALS\_RELATIVE\_URI
 
@@ -111,7 +112,7 @@ To see a list of profiles loaded in named slots use `aws-sso ecs list`.
 
 Accessing the individual credentials is done via the `profile` query parameter:
 
-`export AWS_CONTAINER_CREDENTIALS_FULL_URI=http://localhost:4144/creds?profile=ExampleProfileName`
+`export AWS_CONTAINER_CREDENTIALS_FULL_URI=http://localhost:4144/slot/ExampleProfileName`
 
 Would utilize the `ExampleProfileName` role.  Note that the `profile` parameter
 value must be URL Escaped.
@@ -144,3 +145,20 @@ this feature if you want it!
 
 Support for using [HTTPS](https://github.com/synfinatic/aws-sso-cli/issues/518)
 is TBD.  Please vote for this feature if you want it!
+
+## REST API 
+
+### Default credentials
+
+ * `GET /` -- Fetch default credentials
+ * `GET /profile` -- Fetch profile name of the default credentials
+ * `PUT /` -- Upload default credentials 
+ * `DELETE /` -- Delete default credentials
+
+### Slotted credentials
+
+ * `GET /creds` -- Fetch list of default credentials
+ * `GET /creds/<profile>` -- Fetch credentials of the named profile 
+ * `PUT /creds/<profile>` -- Upload credentials of the named profile 
+ * `DELETE /creds/<profile>` -- Delete credentials of the named profile
+ * `DELETE /creds`  -- Delete all named credentials

internal/server/client.go

@@ -44,15 +44,19 @@ func NewClient(port int) *Client {
 
 func (c *Client) LoadUrl(profile string) string {
 	if profile == "" {
-		return fmt.Sprintf("http://localhost:%d%s", c.port, CREDS_ROUTE)
+		return fmt.Sprintf("http://localhost:%d/", c.port)
 	}
-	return fmt.Sprintf("http://localhost:%d%s?profile=%s", c.port, CREDS_ROUTE, url.QueryEscape(profile))
+	return fmt.Sprintf("http://localhost:%d%s/%s", c.port, SLOT_ROUTE, url.QueryEscape(profile))
 }
 
 func (c *Client) ProfileUrl() string {
 	return fmt.Sprintf("http://localhost:%d%s", c.port, PROFILE_ROUTE)
 }
 
+func (c *Client) ListUrl() string {
+	return fmt.Sprintf("http://localhost:%d%s", c.port, SLOT_ROUTE)
+}
+
 type ClientRequest struct {
 	Creds       *storage.RoleCredentials `json:"Creds"`
 	ProfileName string                   `json:"ProfileName"`
@@ -78,48 +82,41 @@ func (c *Client) SubmitCreds(creds *storage.RoleCredentials, profile string, slo
 	}
 	req.Header.Set("Content-Type", CHARSET_JSON)
 	client := &http.Client{}
-	_, err = client.Do(req)
-	return err
-}
-
-func (c *Client) GetProfile() (string, error) {
-	req, err := http.NewRequest(http.MethodGet, c.ProfileUrl(), bytes.NewBuffer([]byte("")))
+	resp, err := client.Do(req)
 	if err != nil {
-		return "", err
+		return err
 	}
+	return CheckDoResponse(resp)
+}
+
+type ListProfilesResponse struct {
+	ProfileName  string `json:"ProfileName" header:"ProfileName"`
+	AccountIdPad string `json:"AccountId" header:"AccountIdPad"`
+	RoleName     string `json:"RoleName" header:"RoleName"`
+	Expiration   int64  `json:"Expiration" header:"Expiration"`
+	Expires      string `json:"Expires" header:"Expires"`
+}
 
+func (c *Client) GetProfile() (ListProfilesResponse, error) {
+	lpr := ListProfilesResponse{}
 	client := &http.Client{}
-	req.Header.Set("Content-Type", CHARSET_JSON)
+	resp, err := client.Get(c.ProfileUrl())
 	if err != nil {
-		return "", err
-	}
-	resp, err := client.Do(req)
-	if err != nil {
-		return "", err
+		return lpr, err
 	}
 	defer resp.Body.Close()
 
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
-		return "", err
+		return lpr, err
 	}
 
-	m := map[string]string{}
-	err = json.Unmarshal(body, &m)
-	if err != nil {
-		return "", err
+	if err = json.Unmarshal(body, &lpr); err != nil {
+		return lpr, err
 	}
-	log.Debugf("resp: %s", spew.Sdump(m))
-
-	return m["profile"], nil
-}
+	log.Debugf("resp: %s", spew.Sdump(lpr))
 
-type ListProfilesResponse struct {
-	ProfileName  string `json:"ProfileName" header:"ProfileName"`
-	AccountIdPad string `json:"AccountId" header:"AccountIdPad"`
-	RoleName     string `json:"RoleName" header:"RoleName"`
-	Expiration   int64  `json:"Expiration" header:"Expiration"`
-	Expires      string `json:"Expires" header:"Expires"`
+	return lpr, nil
 }
 
 // GetHeader is required for GenerateTable()
@@ -131,17 +128,8 @@ func (lpr ListProfilesResponse) GetHeader(fieldName string) (string, error) {
 // ListProfiles returns a list of profiles that are loaded into slots
 func (c *Client) ListProfiles() ([]ListProfilesResponse, error) {
 	lpr := []ListProfilesResponse{}
-	req, err := http.NewRequest(http.MethodGet, c.LoadUrl(""), bytes.NewBuffer([]byte("")))
-	if err != nil {
-		return lpr, err
-	}
-
 	client := &http.Client{}
-	req.Header.Set("Content-Type", CHARSET_JSON)
-	if err != nil {
-		return lpr, err
-	}
-	resp, err := client.Do(req)
+	resp, err := client.Get(c.ListUrl())
 	if err != nil {
 		return lpr, err
 	}
@@ -152,8 +140,7 @@ func (c *Client) ListProfiles() ([]ListProfilesResponse, error) {
 		return lpr, err
 	}
 
-	err = json.Unmarshal(body, &lpr)
-	if err != nil {
+	if err = json.Unmarshal(body, &lpr); err != nil {
 		return lpr, err
 	}
 	log.Debugf("resp: %s", spew.Sdump(lpr))
@@ -172,6 +159,31 @@ func (c *Client) Delete(profile string) error {
 	if err != nil {
 		return err
 	}
-	_, err = client.Do(req)
-	return err
+	resp, err := client.Do(req)
+	if err != nil {
+		return err
+	}
+	return CheckDoResponse(resp)
+}
+
+// ReadClientRequest unmarshals the client's request into our ClientRequest struct
+// used to load new credentials into the server
+func ReadClientRequest(r *http.Request) (*ClientRequest, error) {
+	defer r.Body.Close()
+	body, err := io.ReadAll(r.Body)
+	if err != nil {
+		return &ClientRequest{}, fmt.Errorf("reading body: %s", err.Error())
+	}
+	req := &ClientRequest{}
+	if err = json.Unmarshal(body, req); err != nil {
+		return &ClientRequest{}, fmt.Errorf("parsing json: %s", err.Error())
+	}
+	return req, nil
+}
+
+func CheckDoResponse(resp *http.Response) error {
+	if resp.StatusCode < 200 || resp.StatusCode > 200 {
+		return fmt.Errorf("HTTP Error %d", resp.StatusCode)
+	}
+	return nil
 }