-
Notifications
You must be signed in to change notification settings - Fork 62
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Add ECS Server doc - create basic CLI utility boilerplate - refactor exec to make it easier to use for ecs Refs: #398
- Loading branch information
1 parent
54934b9
commit 4823afd
Showing
5 changed files
with
239 additions
and
93 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,132 @@ | ||
| package main | ||
|
|
||
| /* | ||
| * AWS SSO CLI | ||
| * Copyright (c) 2021-2022 Aaron Turner <synfinatic at gmail dot com> | ||
| * | ||
| * This program is free software: you can redistribute it | ||
| * and/or modify it under the terms of the GNU General Public License as | ||
| * published by the Free Software Foundation, either version 3 of the | ||
| * License, or with the authors permission any later version. | ||
| * | ||
| * This program is distributed in the hope that it will be useful, | ||
| * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| * GNU General Public License for more details. | ||
| * | ||
| * You should have received a copy of the GNU General Public License | ||
| * along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
| */ | ||
|
|
||
| import ( | ||
| "fmt" | ||
|
|
||
| "github.com/synfinatic/aws-sso-cli/internal/url" | ||
| "github.com/synfinatic/aws-sso-cli/internal/utils" | ||
| "github.com/synfinatic/aws-sso-cli/sso" | ||
| ) | ||
|
|
||
| type SelectCliArgs struct { | ||
| Arn string | ||
| AccountId int64 | ||
| RoleName string | ||
| Profile string | ||
| } | ||
|
|
||
| func NewSelectCliArgs(arn string, accountId int64, role, profile string) *SelectCliArgs { | ||
| return &SelectCliArgs{ | ||
| Arn: arn, | ||
| AccountId: accountId, | ||
| RoleName: role, | ||
| Profile: profile, | ||
| } | ||
| } | ||
|
|
||
| func (a *SelectCliArgs) Update(ctx *RunContext) (*sso.AWSSSO, error) { | ||
| if a.AccountId != 0 && a.RoleName != "" { | ||
| return doAuth(ctx), nil | ||
| } else if a.Profile != "" { | ||
| awssso := doAuth(ctx) | ||
| cache := ctx.Settings.Cache.GetSSO() | ||
| rFlat, err := cache.Roles.GetRoleByProfile(a.Profile, ctx.Settings) | ||
| if err != nil { | ||
| return awssso, err | ||
| } | ||
|
|
||
| a.AccountId = rFlat.AccountId | ||
| a.RoleName = rFlat.RoleName | ||
|
|
||
| return awssso, nil | ||
| } else if a.Arn != "" { | ||
| awssso := doAuth(ctx) | ||
| accountId, role, err := utils.ParseRoleARN(a.Arn) | ||
| if err != nil { | ||
| return awssso, err | ||
| } | ||
| a.AccountId = accountId | ||
| a.RoleName = role | ||
|
|
||
| return awssso, nil | ||
| } | ||
| return &sso.AWSSSO{}, fmt.Errorf("Please specify both --account and --role") | ||
| } | ||
|
|
||
| // Creates a singleton AWSSO object post authentication | ||
| func doAuth(ctx *RunContext) *sso.AWSSSO { | ||
| if AwsSSO != nil { | ||
| return AwsSSO | ||
| } | ||
| s, err := ctx.Settings.GetSelectedSSO(ctx.Cli.SSO) | ||
| if err != nil { | ||
| log.Fatalf("%s", err.Error()) | ||
| } | ||
| AwsSSO = sso.NewAWSSSO(s, &ctx.Store) | ||
| err = AwsSSO.Authenticate(ctx.Settings.UrlAction, ctx.Settings.Browser) | ||
| if err != nil { | ||
| log.WithError(err).Fatalf("Unable to authenticate") | ||
| } | ||
| if err = ctx.Settings.Cache.Expired(s); err != nil { | ||
| ssoName, err := ctx.Settings.GetSelectedSSOName(ctx.Cli.SSO) | ||
| log.Infof("Refreshing AWS SSO role cache for %s, please wait...", ssoName) | ||
| if err != nil { | ||
| log.Fatalf(err.Error()) | ||
| } | ||
| if err = ctx.Settings.Cache.Refresh(AwsSSO, s, ssoName); err != nil { | ||
| log.WithError(err).Fatalf("Unable to refresh cache") | ||
| } | ||
| if err = ctx.Settings.Cache.Save(true); err != nil { | ||
| log.WithError(err).Errorf("Unable to save cache") | ||
| } | ||
|
|
||
| // should we update our config?? | ||
| if !ctx.Cli.NoConfigCheck && ctx.Settings.AutoConfigCheck { | ||
| if ctx.Settings.ConfigProfilesUrlAction != url.ConfigProfilesUndef { | ||
| cfgFile := utils.GetHomePath("~/.aws/config") | ||
|
|
||
| action, _ := url.NewAction(string(ctx.Settings.ConfigProfilesUrlAction)) | ||
| profiles, err := ctx.Settings.GetAllProfiles(action) | ||
| if err != nil { | ||
| log.Warnf("Unable to update %s: %s", cfgFile, err.Error()) | ||
| return AwsSSO | ||
| } | ||
|
|
||
| if err = profiles.UniqueCheck(ctx.Settings); err != nil { | ||
| log.Errorf("Unable to update %s: %s", cfgFile, err.Error()) | ||
| return AwsSSO | ||
| } | ||
|
|
||
| f, err := utils.NewFileEdit(CONFIG_TEMPLATE, profiles) | ||
| if err != nil { | ||
| log.Errorf("%s", err) | ||
| return AwsSSO | ||
| } | ||
|
|
||
| if err = f.UpdateConfig(true, false, cfgFile); err != nil { | ||
| log.Errorf("Unable to update %s: %s", cfgFile, err.Error()) | ||
| return AwsSSO | ||
| } | ||
| } | ||
| } | ||
| } | ||
| return AwsSSO | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,95 @@ | ||
| package main | ||
|
|
||
| /* | ||
| * AWS SSO CLI | ||
| * Copyright (c) 2021-2022 Aaron Turner <synfinatic at gmail dot com> | ||
| * | ||
| * This program is free software: you can redistribute it | ||
| * and/or modify it under the terms of the GNU General Public License as | ||
| * published by the Free Software Foundation, either version 3 of the | ||
| * License, or with the authors permission any later version. | ||
| * | ||
| * This program is distributed in the hope that it will be useful, | ||
| * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| * GNU General Public License for more details. | ||
| * | ||
| * You should have received a copy of the GNU General Public License | ||
| * along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
| */ | ||
|
|
||
| import ( | ||
| "fmt" | ||
|
|
||
| "github.com/c-bata/go-prompt" | ||
| "github.com/synfinatic/aws-sso-cli/sso" | ||
| ) | ||
|
|
||
| type EcsCmd struct { | ||
| Run EcsRunCmd `kong:"cmd,help='Run the ECS Server'"` | ||
| Load EcsLoadCmd `kong:"cmd,help='Load new IAM Role credentials into the ECS Server'"` | ||
| } | ||
|
|
||
| type EcsRunCmd struct { | ||
| Port uint16 `kong:"help='TCP port to listen on',env='AWS_SSO_ECS_PORT',required"` | ||
| } | ||
|
|
||
| type EcsLoadCmd struct { | ||
| // AWS Params | ||
| Arn string `kong:"short='a',help='ARN of role to assume',env='AWS_SSO_ROLE_ARN',predictor='arn'"` | ||
| AccountId int64 `kong:"name='account',short='A',help='AWS AccountID of role to assume',env='AWS_SSO_ACCOUNT_ID',predictor='accountId'"` | ||
| Role string `kong:"short='R',help='Name of AWS Role to assume',env='AWS_SSO_ROLE_NAME',predictor='role'"` | ||
| Profile string `kong:"short='p',help='Name of AWS Profile to assume',predictor='profile'"` | ||
|
|
||
| // Other params | ||
| Port uint16 `kong:"help='TCP port of aws-sso ECS Server',env='AWS_SSO_ECS_PORT',required"` | ||
| } | ||
|
|
||
| func (cc *EcsRunCmd) Run(ctx *RunContext) error { | ||
| return nil | ||
| } | ||
|
|
||
| func (cc *EcsLoadCmd) Run(ctx *RunContext) error { | ||
| sci := NewSelectCliArgs(ctx.Cli.Exec.Arn, ctx.Cli.Exec.AccountId, ctx.Cli.Exec.Role, ctx.Cli.Exec.Profile) | ||
| if awssso, err := sci.Update(ctx); err == nil { | ||
| // successful lookup? | ||
| return ecsLoadCmd(ctx, awssso, sci.AccountId, sci.RoleName) | ||
| } | ||
|
|
||
| // nope, auto-complete mode | ||
| sso, err := ctx.Settings.GetSelectedSSO(ctx.Cli.SSO) | ||
| if err != nil { | ||
| return err | ||
| } | ||
| if err = ctx.Settings.Cache.Expired(sso); err != nil { | ||
| log.Infof(err.Error()) | ||
| c := &CacheCmd{} | ||
| if err = c.Run(ctx); err != nil { | ||
| return err | ||
| } | ||
| } | ||
|
|
||
| sso.Refresh(ctx.Settings) | ||
| fmt.Printf("Please use `exit` or `Ctrl-D` to quit.\n") | ||
|
|
||
| c := NewTagsCompleter(ctx, sso, ecsLoadCmd) | ||
| opts := ctx.Settings.DefaultOptions(c.ExitChecker) | ||
| opts = append(opts, ctx.Settings.GetColorOptions()...) | ||
|
|
||
| p := prompt.New( | ||
| c.Executor, | ||
| c.Complete, | ||
| opts..., | ||
| ) | ||
| p.Run() | ||
| return nil | ||
| } | ||
|
|
||
| // Loads our AWS API creds into the ECS Server | ||
| func ecsLoadCmd(ctx *RunContext, awssso *sso.AWSSSO, accountId int64, role string) error { | ||
| _ = GetRoleCredentials(ctx, awssso, accountId, role) | ||
| // creds := *credsPtr | ||
|
|
||
| // do something | ||
| return nil | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters