Weep is a CLI utility for retreiving AWS credentials from ConsoleMe. Weep can run a local instance metadata service proxy, or export credentials as environment variables for your AWS needs.
This README contains developer documentation. Weep user documentation can be found on GitBook.
Weep can be compiled with an embedded configuration (See the Building section below), or it can get its configuration from a YAML-formatted file. We've included an example config file in example-config.yaml.
Weep searches for a configuration in the following locations:
- embedded configuration (see below)
/etc/weep/weep.yaml~/.weep/weep.yaml./weep.yaml
Multiple configurations in these locations will be merged in the order listed above (e.g. entries in ./weep.yaml will take precedence over ~/.weep/weep.yaml.
You can also specify a config file as a CLI arg. This configuration will be used exclusively and will not be merged with other configurations:
weep --config somethingdifferent.yaml listWeep supports authenticating to ConsoleMe in either a standalone challenge mode (ConsoleMe will authenticate the user according to its settings), or mutual TLS (ConsoleMe has to be configured to accept mutual TLS).
In challenge mode, Weep will prompt the user for their username the first time they authenticate, and then attempt to
derive their username from their valid/expired jwt on subsequent attempts. You can also specify the desired username
in weep's configuration under the challenge_settings.user setting as seen in example-config.yaml.
Weep uses pre-commit to run unit tests and Go linting. Pre-commit documentation can be found on pre-commit
You can install pre-commit using the following steps:
Using pip:
pip install pre-commit
Using homebrew:
brew install pre-commit
Using Conda:
conda install -c conda-forge pre-commit
Validate your installation with the following:
$ pre-commit --version
pre-commit 2.9.3
Set up the git hook scripts to run automatically with git commit
$ pre-commit install
pre-commit installed at .git/hooks/pre-commit
In most cases, weep can be built by running the make command in the repository root. make release (requires
upx) will build and compress the binary for distribution.
weep binaries can be shipped with an embedded configuration to allow shipping an "all-in-one" binary.
An example of such a configuration is included in example-config.yaml.
To compile with an embedded config, set the EMBEDDED_CONFIG_FILE environment variable at
build time. The value of this variable MUST be the absolute path of the configuration
file relative to the root of the module:
EMBEDDED_CONFIG_FILE=/example-config.yaml makeNote that the embedded configuration can be overridden by a configuration file in the locations listed above.
make build-docker
docker run -v ~</optional/path/to/your/mtls/certs>:</optional/path/to/your/mtls/certs> --rm weep --meta-data --role <roleArn>
Weep uses goreleaser in Github Actions for releases. Check their install docs if you would like to experiment with the release process locally.
To create a new release, create and push a tag using the release script (requires svu):
./scripts/release.shGoreleaser will automatically create a release on the Releases page.
Weep has a built-in command to generate command documentation (in the docs/ directory):
weep docs
