forked from 99designs/aws-vault
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathadd.go
105 lines (87 loc) · 2.86 KB
/
add.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
package cli
import (
"fmt"
"log"
"os"
"github.com/99designs/aws-vault/v7/prompt"
"github.com/99designs/aws-vault/v7/vault"
"github.com/99designs/keyring"
"github.com/alecthomas/kingpin/v2"
"github.com/aws/aws-sdk-go-v2/aws"
)
type AddCommandInput struct {
ProfileName string
FromEnv bool
AddConfig bool
}
func ConfigureAddCommand(app *kingpin.Application, a *AwsVault) {
input := AddCommandInput{}
cmd := app.Command("add", "Add credentials to the secure keystore.")
cmd.Arg("profile", "Name of the profile").
Required().
StringVar(&input.ProfileName)
cmd.Flag("env", "Read the credentials from the environment (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY)").
BoolVar(&input.FromEnv)
cmd.Flag("add-config", "Add a profile to ~/.aws/config if one doesn't exist").
Default("true").
BoolVar(&input.AddConfig)
cmd.Action(func(c *kingpin.ParseContext) error {
keyring, err := a.Keyring()
if err != nil {
return err
}
awsConfigFile, err := a.AwsConfigFile()
if err != nil {
return err
}
err = AddCommand(input, keyring, awsConfigFile)
app.FatalIfError(err, "add")
return nil
})
}
func AddCommand(input AddCommandInput, keyring keyring.Keyring, awsConfigFile *vault.ConfigFile) error {
var accessKeyID, secretKey string
p, _ := awsConfigFile.ProfileSection(input.ProfileName)
if p.SourceProfile != "" {
return fmt.Errorf("Your profile has a source_profile of %s, adding credentials to %s won't have any effect",
p.SourceProfile, input.ProfileName)
}
if input.FromEnv {
if accessKeyID = os.Getenv("AWS_ACCESS_KEY_ID"); accessKeyID == "" {
return fmt.Errorf("Missing value for AWS_ACCESS_KEY_ID")
}
if secretKey = os.Getenv("AWS_SECRET_ACCESS_KEY"); secretKey == "" {
return fmt.Errorf("Missing value for AWS_SECRET_ACCESS_KEY")
}
} else {
var err error
if accessKeyID, err = prompt.TerminalPrompt("Enter Access Key ID: "); err != nil {
return err
}
if secretKey, err = prompt.TerminalSecretPrompt("Enter Secret Access Key: "); err != nil {
return err
}
}
creds := aws.Credentials{AccessKeyID: accessKeyID, SecretAccessKey: secretKey}
ckr := &vault.CredentialKeyring{Keyring: keyring}
if err := ckr.Set(input.ProfileName, creds); err != nil {
return err
}
fmt.Printf("Added credentials to profile %q in vault\n", input.ProfileName)
sk := &vault.SessionKeyring{Keyring: keyring}
if n, _ := sk.RemoveForProfile(input.ProfileName); n > 0 {
fmt.Printf("Deleted %d existing sessions.\n", n)
}
if _, hasProfile := awsConfigFile.ProfileSection(input.ProfileName); !hasProfile {
if input.AddConfig {
newProfileSection := vault.ProfileSection{
Name: input.ProfileName,
}
log.Printf("Adding profile %s to config at %s", input.ProfileName, awsConfigFile.Path)
if err := awsConfigFile.Add(newProfileSection); err != nil {
return fmt.Errorf("Error adding profile: %w", err)
}
}
}
return nil
}