Add UrlAction: printurl and exec

Add additional url actions to print only the url or execute
an arbitrary command to make it easier to itegrate with other
tools/browsers

Fixes: #303

Author: synfinatic

cmd/console_cmd.go

@@ -291,7 +291,8 @@ func openConsoleAccessKey(ctx *RunContext, creds *storage.RoleCredentials, durat
 	}
 	url := login.GetUrl()
 
-	return utils.HandleUrl(ctx.Settings.UrlAction, ctx.Settings.Browser, url,
+	urlOpener := utils.NewHandleUrl(ctx.Settings.UrlAction, ctx.Settings.Browser, ctx.Settings.UrlExecCommand)
+	return urlOpener.Open(url,
 		"Please open the following URL in your browser:\n\n", "\n\n")
 }
 

cmd/main.go

@@ -79,6 +79,7 @@ var DEFAULT_CONFIG map[string]interface{} = map[string]interface{}{
 	"ListFields":                                []string{"AccountId", "AccountAlias", "RoleName", "ExpiresStr"},
 	"ConsoleDuration":                           60,
 	"UrlAction":                                 "open",
+	"UrlExecCommand":                            "",
 	"LogLevel":                                  "warn",
 	"DefaultSSO":                                "Default",
 }
@@ -89,7 +90,7 @@ type CLI struct {
 	ConfigFile string `kong:"name='config',default='${CONFIG_FILE}',help='Config file',env='AWS_SSO_CONFIG'"`
 	Lines      bool   `kong:"help='Print line number in logs'"`
 	LogLevel   string `kong:"short='L',name='level',help='Logging level [error|warn|info|debug|trace] (default: warn)'"`
-	UrlAction  string `kong:"short='u',help='How to handle URLs [open|print|clip] (default: open)'"`
+	UrlAction  string `kong:"short='u',help='How to handle URLs [clip|exec|open|print|printurl] (default: open)'"`
 	SSO        string `kong:"short='S',help='Override default AWS SSO Instance',env='AWS_SSO',predictor='sso'"`
 	STSRefresh bool   `kong:"help='Force refresh of STS Token Credentials'"`
 
@@ -115,10 +116,6 @@ func main() {
 	ctx, override := parseArgs(&cli)
 	var err error
 
-	if err := urlActionValidate(cli.UrlAction); err != nil {
-		log.Fatalf("%s", err.Error())
-	}
-
 	if err := logLevelValidate(cli.LogLevel); err != nil {
 		log.Fatalf("%s", err.Error())
 	}
@@ -325,11 +322,3 @@ func logLevelValidate(level string) error {
 	}
 	return fmt.Errorf("Invalid value for --level: %s", level)
 }
-
-func urlActionValidate(action string) error {
-	switch action {
-	case "open", "print", "clip", "":
-		return nil
-	}
-	return fmt.Errorf("Invalid value for --url-action: %s", action)
-}

cmd/setup_cmd.go

@@ -27,6 +27,7 @@ import (
 	"github.com/manifoldco/promptui"
 	log "github.com/sirupsen/logrus"
 	"github.com/synfinatic/aws-sso-cli/sso"
+	"github.com/synfinatic/aws-sso-cli/utils"
 )
 
 // https://docs.aws.amazon.com/general/latest/gr/sso.html
@@ -78,9 +79,8 @@ func setupWizard(ctx *RunContext) error {
 	var hLimit, hMinutes int64
 
 	if ctx.Cli.Setup.UrlAction != "" {
-		if err := urlActionValidate(ctx.Cli.Setup.UrlAction); err != nil {
-			log.Fatalf("Invalid value for --default-url-action %s", ctx.Cli.Setup.UrlAction)
-		}
+		utils.NewHandleUrl(ctx.Cli.Setup.UrlAction, "", "")
+		urlAction = ctx.Cli.Setup.UrlAction
 	}
 
 	if ctx.Cli.Setup.DefaultLevel != "" {
@@ -170,12 +170,6 @@ func setupWizard(ctx *RunContext) error {
 	}
 
 	// UrlAction
-	if len(ctx.Cli.Setup.UrlAction) > 0 {
-		if err := urlActionValidate(ctx.Cli.Setup.UrlAction); err == nil {
-			urlAction = ctx.Cli.Setup.UrlAction
-		}
-	}
-
 	if len(urlAction) == 0 {
 		// How should we deal with URLs?
 		label = "Default action to take with URLs (UrlAction)"

docs/config.md

@@ -33,7 +33,12 @@ DefaultRegion: <AWS_DEFAULT_REGION>
 DefaultSSO: <name of AWS SSO>
 
 Browser: <path to web browser>
-UrlAction: [print|open|clip]
+UrlAction: [clip|exec|print|printurl|open]
+UrlActionExec:
+    - <command>
+    - <arg 1>
+    - <arg N>
+    - "%s"
 ConsoleDuration: <minutes>
 
 LogLevel: [error|warn|info|debug|trace]
@@ -160,16 +165,34 @@ If you only have a single AWS SSO instance, then it doesn't really matter what y
 but if you have two or more, than `Default` is automatically selected unless you manually
 specify it here, on the CLI (`--sso`), or via the `AWS_SSO` environment variable.
 
-## Browser / UrlAction
+## Browser / UrlAction / UrlActionExec
 
 `UrlAction` gives you control over how AWS SSO and AWS Console URLs are opened in a browser:
 
- * `print` -- Prints the URL in your terminal
- * `open` -- Opens the URL in your default browser or the browser you specified via `--browser` or `Browser`
  * `clip` -- Copies the URL to your clipboard
+ * `exec` -- Execute the command provided in `UrlActionExec`
+ * `open` -- Opens the URL in your default browser or the browser you specified via `--browser` or `Browser`
+ * `print` -- Prints the URL with a message in your terminal to stderr
+ * `printurl` -- Prints only the URL in your terminal to stderr
+
+If `Browser` is not set, then your default browser will be used and that
+your browser needs to support JavaScript for the AWS SSO user interface.
+
+`UrlActionExec` allows you to execute arbitrary commands to handle the URL.  The command and arguments
+should be specified as a list, with the URL to open specified as the format string `%s`.  Only one instance
+of `%s` is allowed.  Note that YAML requires quotes around strings which start with a [reserved indicator](
+https://yaml.org/spec/1.2-old/spec.html#id2774228) like `%`.
 
-If `Browser` is not set, then your default browser will be used.  Note that
-your browser needs to support Javascript for the AWS SSO user interface.
+Example:
+
+```yaml
+UrlActionExec:
+    - open
+    - -a
+    - /Applications/Brave Browser.app
+    - --args
+    - "%s"
+```
 
 ## LogLevel / LogLines
 
@@ -352,6 +375,6 @@ using the `eval` or `exec` commands.
 **Note:** These environment variables are considered completely owned and
 controlled by `aws-sso` so any existing value will be overwritten.
 
-**Note:** This feature is not compatible when using roles using the 
+**Note:** This feature is not compatible when using roles using the
 `$AWS_PROFILE` via the `config` command.
 

sso/awssso.go

@@ -52,21 +52,22 @@ type SsoApi interface {
 }
 
 type AWSSSO struct {
-	sso        SsoApi
-	ssooidc    SsoOidcApi
-	store      storage.SecureStorage
-	ClientName string                      `json:"ClientName"`
-	ClientType string                      `json:"ClientType"`
-	SsoRegion  string                      `json:"ssoRegion"`
-	StartUrl   string                      `json:"startUrl"`
-	ClientData storage.RegisterClientData  `json:"RegisterClient"`
-	DeviceAuth storage.StartDeviceAuthData `json:"StartDeviceAuth"`
-	Token      storage.CreateTokenResponse `json:"TokenResponse"`
-	Accounts   []AccountInfo               `json:"Accounts"`
-	Roles      map[string][]RoleInfo       `json:"Roles"`
-	SSOConfig  *SSOConfig                  `json:"SSOConfig"`
-	urlAction  string                      // cache for future calls
-	browser    string                      // cache for future calls
+	sso            SsoApi
+	ssooidc        SsoOidcApi
+	store          storage.SecureStorage
+	ClientName     string                      `json:"ClientName"`
+	ClientType     string                      `json:"ClientType"`
+	SsoRegion      string                      `json:"ssoRegion"`
+	StartUrl       string                      `json:"startUrl"`
+	ClientData     storage.RegisterClientData  `json:"RegisterClient"`
+	DeviceAuth     storage.StartDeviceAuthData `json:"StartDeviceAuth"`
+	Token          storage.CreateTokenResponse `json:"TokenResponse"`
+	Accounts       []AccountInfo               `json:"Accounts"`
+	Roles          map[string][]RoleInfo       `json:"Roles"`
+	SSOConfig      *SSOConfig                  `json:"SSOConfig"`
+	urlAction      string                      // cache for future calls
+	browser        string                      // cache for future calls
+	urlExecCommand interface{}                 // cache for future calls
 }
 
 func NewAWSSSO(s *SSOConfig, store *storage.SecureStorage) *AWSSSO {
@@ -79,15 +80,18 @@ func NewAWSSSO(s *SSOConfig, store *storage.SecureStorage) *AWSSSO {
 	})
 
 	as := AWSSSO{
-		sso:        ssoSession,
-		ssooidc:    oidcSession,
-		store:      *store,
-		ClientName: awsSSOClientName,
-		ClientType: awsSSOClientType,
-		SsoRegion:  s.SSORegion,
-		StartUrl:   s.StartUrl,
-		Roles:      map[string][]RoleInfo{},
-		SSOConfig:  s,
+		sso:            ssoSession,
+		ssooidc:        oidcSession,
+		store:          *store,
+		ClientName:     awsSSOClientName,
+		ClientType:     awsSSOClientType,
+		SsoRegion:      s.SSORegion,
+		StartUrl:       s.StartUrl,
+		Roles:          map[string][]RoleInfo{},
+		SSOConfig:      s,
+		urlAction:      s.settings.UrlAction,
+		browser:        s.settings.Browser,
+		urlExecCommand: s.settings.UrlExecCommand,
 	}
 	return &as
 }

sso/awssso_auth.go

@@ -96,7 +96,9 @@ func (as *AWSSSO) reauthenticate() error {
 		return fmt.Errorf("Unable to get device auth info from AWS SSO: %s", err.Error())
 	}
 
-	err = utils.HandleUrl(as.urlAction, as.browser, auth.VerificationUriComplete,
+	urlOpener := utils.NewHandleUrl(as.urlAction, as.browser, as.urlExecCommand)
+
+	err = urlOpener.Open(auth.VerificationUriComplete,
 		"Please open the following URL in your browser:\n\n", "\n\n")
 	if err != nil {
 		return err

sso/awssso_auth_test.go

@@ -343,3 +343,96 @@ func TestAuthenticateFailure(t *testing.T) {
 	err = as.Authenticate("print", "fake-browser")
 	assert.Contains(t, err.Error(), "some error")
 }
+
+func TestReauthenticate(t *testing.T) {
+	tfile, err := ioutil.TempFile("", "*storage.json")
+	assert.NoError(t, err)
+
+	jstore, err := storage.OpenJsonStore(tfile.Name())
+	assert.NoError(t, err)
+
+	defer os.Remove(tfile.Name())
+
+	as := &AWSSSO{
+		SsoRegion:      "us-west-1",
+		StartUrl:       "https://testing.awsapps.com/start",
+		store:          jstore,
+		urlAction:      "invalid",
+		browser:        "no-such-browser",
+		urlExecCommand: []interface{}{"/dev/null"},
+	}
+
+	secs, _ := time.ParseDuration("5s")
+	expires := time.Now().Add(secs).Unix()
+
+	as.ssooidc = &mockSsoOidcApi{
+		Results: []mockSsoOidcApiResults{
+			{
+				RegisterClient: &ssooidc.RegisterClientOutput{
+					AuthorizationEndpoint: nil,
+					ClientId:              aws.String("this-is-my-client-id"),
+					ClientSecret:          aws.String("this-is-my-client-secret"),
+					ClientIdIssuedAt:      time.Now().Unix(),
+					ClientSecretExpiresAt: int64(expires),
+					TokenEndpoint:         nil,
+				},
+				Error: nil,
+			},
+			{
+				StartDeviceAuthorization: &ssooidc.StartDeviceAuthorizationOutput{
+					DeviceCode:              aws.String("device-code"),
+					UserCode:                aws.String("user-code"),
+					VerificationUri:         aws.String("verification-uri"),
+					VerificationUriComplete: aws.String("verification-uri-complete"),
+					ExpiresIn:               int32(expires),
+					Interval:                5,
+				},
+				Error: nil,
+			},
+			{
+				CreateToken: &ssooidc.CreateTokenOutput{},
+				Error:       fmt.Errorf("some error"),
+			},
+		},
+	}
+
+	// invalid urlAction
+	assert.Panics(t, func() { as.reauthenticate() })
+
+	// valid urlAction, but command is invalid
+	as.urlAction = "exec"
+	as.ssooidc = &mockSsoOidcApi{
+		Results: []mockSsoOidcApiResults{
+			{
+				RegisterClient: &ssooidc.RegisterClientOutput{
+					AuthorizationEndpoint: nil,
+					ClientId:              aws.String("this-is-my-client-id"),
+					ClientSecret:          aws.String("this-is-my-client-secret"),
+					ClientIdIssuedAt:      time.Now().Unix(),
+					ClientSecretExpiresAt: int64(expires),
+					TokenEndpoint:         nil,
+				},
+				Error: nil,
+			},
+			{
+				StartDeviceAuthorization: &ssooidc.StartDeviceAuthorizationOutput{
+					DeviceCode:              aws.String("device-code"),
+					UserCode:                aws.String("user-code"),
+					VerificationUri:         aws.String("verification-uri"),
+					VerificationUriComplete: aws.String("verification-uri-complete"),
+					ExpiresIn:               int32(expires),
+					Interval:                5,
+				},
+				Error: nil,
+			},
+			{
+				CreateToken: &ssooidc.CreateTokenOutput{},
+				Error:       fmt.Errorf("some error"),
+			},
+		},
+	}
+
+	err = as.reauthenticate()
+	assert.Contains(t, err.Error(), "Unable to exec")
+
+}

sso/awssso_test.go

@@ -86,6 +86,7 @@ func TestNewAWSSSO(t *testing.T) {
 	c := SSOConfig{
 		StartUrl:  "https://starturl.com/start",
 		SSORegion: "us-east-1",
+		settings:  &Settings{},
 	}
 
 	s := NewAWSSSO(&c, &jstore)
@@ -418,6 +419,7 @@ func TestGetAccounts(t *testing.T) {
 			RefreshToken: "refresh-token",
 			TokenType:    "token-type",
 		},
+		urlAction: "print",
 	}
 
 	as.sso = &mockSsoApi{

sso/settings.go

@@ -34,7 +34,6 @@ import (
 	"github.com/knadh/koanf/providers/file"
 	log "github.com/sirupsen/logrus"
 	"github.com/synfinatic/aws-sso-cli/utils"
-	// goyaml "gopkg.in/yaml.v3"
 )
 
 const (
@@ -54,6 +53,7 @@ type Settings struct {
 	JsonStore         string                 `koanf:"JsonStore" yaml:"JsonStore,omitempty"`
 	UrlAction         string                 `koanf:"UrlAction" yaml:"UrlAction,omitempty"`
 	Browser           string                 `koanf:"Browser" yaml:"Browser,omitempty"`
+	UrlExecCommand    interface{}            `koanf:"UrlExecCommand" yaml:"UrlExecCommand,omitempty"` // string or list
 	ProfileFormat     string                 `koanf:"ProfileFormat" yaml:"ProfileFormat,omitempty"`
 	AccountPrimaryTag []string               `koanf:"AccountPrimaryTag" yaml:"AccountPrimaryTag,omitempty"`
 	PromptColors      PromptColors           `koanf:"PromptColors" yaml:"PromptColors,omitempty"` // go-prompt colors