DevLabFoundry · dnitsch · Nov 1, 2023 · Oct 25, 2023 · Oct 28, 2023 · Oct 31, 2023
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -30,7 +30,7 @@ jobs:
   test:
     runs-on: ubuntu-latest
     container:
-      image: golang:1.20-bullseye
+      image: golang:1.21-bullseye
     needs: set-version
     env:
       SEMVER: ${{ needs.set-version.outputs.semVer }}
@@ -42,7 +42,15 @@ jobs:
           fetch-depth: 1
       - name: install deps
         run: |
-          apt update && apt install -y jq git
+          # Chromium dependencies
+          apt update && apt install -y jq git \
+          libnss3 \
+          libxss1 \
+          libasound2 \
+          libxtst6 \
+          libgtk-3-0 \
+          libgbm1 \
+          ca-certificates
           git config --global --add safe.directory "$GITHUB_WORKSPACE"
           git config user.email ${{ github.actor }}-ci@gha.org
           git config user.name ${{ github.actor }}
@@ -51,7 +59,8 @@ jobs:
           make REVISION=$GITHUB_SHA test
       - name: Publish Junit style Test Report
         uses: mikepenz/action-junit-report@v3
-        if: always() # always run even if the previous step fails
+        # always run even if the previous step fails
+        if: always() 
         with:
           report_paths: '**/.coverage/report-junit.xml'
       - name: Analyze with SonarCloud         

diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -25,7 +25,7 @@ jobs:
   pr:
     runs-on: ubuntu-latest
     container:
-      image: golang:1.20-bullseye
+      image: golang:1.21-bullseye
     needs: set-version
     env:
       REVISION: $GITHUB_SHA
@@ -34,7 +34,15 @@ jobs:
       - uses: actions/checkout@v3
       - name: install deps
         run: |
-          apt-get update && apt-get install -y jq git
+          # Chromium dependencies
+          apt-get update && apt-get install -y jq git \
+          libnss3 \
+          libxss1 \
+          libasound2 \
+          libxtst6 \
+          libgtk-3-0 \
+          libgbm1 \
+          ca-certificates
           git config --global --add safe.directory "$GITHUB_WORKSPACE"
           git config user.email ${{ github.actor }}-ci@gha.org
           git config user.name ${{ github.actor }}

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -33,7 +33,7 @@ jobs:
   release:
     runs-on: ubuntu-latest
     container:
-      image: golang:1.20-bullseye
+      image: golang:1.21-bullseye
       env:
         FOO: Bar
     needs: set-version

diff --git a/Makefile b/Makefile
@@ -9,7 +9,7 @@ LDFLAGS := -ldflags="-s -w -X \"github.com/$(OWNER)/$(NAME)/cmd.Version=$(VERSIO
 .PHONY: test test_ci tidy install buildprep build buildmac buildwin
 
 test: test_prereq
-	go test `go list ./... | grep -v */generated/` -v -mod=readonly -coverprofile=.coverage/out | go-junit-report > .coverage/report-junit.xml && \
+	go test ./... -v -mod=readonly -coverprofile=.coverage/out | go-junit-report > .coverage/report-junit.xml && \
 	gocov convert .coverage/out | gocov-xml > .coverage/report-cobertura.xml
 
 test_ci:
@@ -21,11 +21,8 @@ test_prereq:
 	go install github.com/axw/gocov/gocov@v1.0.0 && \
 	go install github.com/AlekSi/gocov-xml@v1.0.0
 
-tidy: install 
-	go mod tidy
-
 install:
-	go mod vendor
+	go mod tidy
 
 .PHONY: clean
 clean:
@@ -49,7 +46,7 @@ tag:
 
 tagbuildrelease: tag cross-build release
 
-show_coverage: test
+show_coverage:
 	go tool cover -html=.coverage/out
 
 .PHONY: deps

diff --git a/aws-cli-auth.go b/aws-cli-auth.go
@@ -1,7 +1,11 @@
 package main
 
-import "github.com/dnitsch/aws-cli-auth/cmd"
+import (
+	"context"
+
+	"github.com/dnitsch/aws-cli-auth/cmd"
+)
 
 func main() {
-	cmd.Execute()
+	cmd.Execute(context.Background())
 }
diff --git a/cmd/clear.go b/cmd/clear.go
@@ -1,9 +1,10 @@
 package cmd
 
 import (
+	"fmt"
 	"os"
 
-	"github.com/dnitsch/aws-cli-auth/internal/util"
+	"github.com/dnitsch/aws-cli-auth/internal/credentialexchange"
 	"github.com/dnitsch/aws-cli-auth/internal/web"
 	"github.com/spf13/cobra"
 )
@@ -18,25 +19,29 @@ var (
 )
 
 func init() {
-	cobra.OnInitialize(initConfig)
+	cobra.OnInitialize(samlInitConfig)
 	clearCmd.PersistentFlags().BoolVarP(&force, "force", "f", false, "If aws-cli-auth exited improprely in a previous run there is a chance that there could be hanging processes left over - this will clean them up forcefully")
 	rootCmd.AddCommand(clearCmd)
 }
 
 func clear(cmd *cobra.Command, args []string) error {
-	web := web.New()
-	secretStore := util.NewSecretStore("")
 
-	if force {
+	web := web.New(web.NewWebConf(datadir))
 
+	secretStore, err := credentialexchange.NewSecretStore("", fmt.Sprintf("%s-%s", credentialexchange.SELF_NAME, credentialexchange.RoleKeyConverter("")), os.TempDir()+"/aws-clie-auth-lock")
+	if err != nil {
+		return err
+	}
+
+	if force {
 		if err := web.ClearCache(); err != nil {
-			util.Exit(err)
+			return err
 		}
-		util.Debugf("Chromium Cache cleared")
+		fmt.Fprint(os.Stderr, "Chromium Cache cleared")
 	}
 	secretStore.ClearAll()
 
-	if err := os.Remove(util.ConfigIniFile("")); err != nil {
+	if err := os.Remove(credentialexchange.ConfigIniFile("")); err != nil {
 		return err
 	}
 

diff --git a/cmd/root.go b/cmd/root.go
@@ -1,11 +1,10 @@
 package cmd
 
 import (
+	"context"
 	"fmt"
 	"os"
 
-	"github.com/dnitsch/aws-cli-auth/internal/config"
-	"github.com/dnitsch/aws-cli-auth/internal/util"
 	"github.com/spf13/cobra"
 )
 
@@ -29,27 +28,17 @@ Stores them under the $HOME/.aws/credentials file under a specified path or retu
 	}
 )
 
-func Execute() {
-	if err := rootCmd.Execute(); err != nil {
-		util.Exit(err)
+func Execute(ctx context.Context) {
+	if err := rootCmd.ExecuteContext(ctx); err != nil {
+		fmt.Errorf("cli error: %v", err)
+		os.Exit(1)
 	}
-	util.CleanExit()
+	os.Exit(0)
 }
 
 func init() {
-	cobra.OnInitialize(initConfig)
 	rootCmd.PersistentFlags().StringVarP(&role, "role", "r", "", "Set the role you want to assume when SAML or OIDC process completes")
 	rootCmd.PersistentFlags().StringVarP(&cfgSectionName, "cfg-section", "", "", "config section name in the yaml config file")
 	rootCmd.PersistentFlags().BoolVarP(&storeInProfile, "store-profile", "s", false, "By default the credentials are returned to stdout to be used by the credential_process. Set this flag to instead store the credentials under a named profile section")
 	rootCmd.PersistentFlags().BoolVarP(&verbose, "verbose", "v", false, "Verbose output")
 }
-
-func initConfig() {
-	util.IsTraceEnabled = verbose
-	if _, err := os.Stat(util.ConfigIniFile("")); err != nil {
-		// creating a file
-		rolesInit := []byte(fmt.Sprintf("[%s]\n", config.INI_CONF_SECTION))
-		err := os.WriteFile(util.ConfigIniFile(""), rolesInit, 0644)
-		cobra.CheckErr(err)
-	}
-}
diff --git a/cmd/saml.go b/cmd/saml.go
@@ -1,18 +1,29 @@
 package cmd
 
 import (
+	"errors"
 	"fmt"
+	"os"
+	"path"
 
-	"github.com/dnitsch/aws-cli-auth/internal/auth"
-	"github.com/dnitsch/aws-cli-auth/internal/config"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/service/sts"
+	"github.com/dnitsch/aws-cli-auth/internal/cmdutils"
+	"github.com/dnitsch/aws-cli-auth/internal/credentialexchange"
+	"github.com/dnitsch/aws-cli-auth/internal/web"
 	"github.com/spf13/cobra"
 )
 
+var (
+	ErrUnableToCreateSession = errors.New("sts - cannot start a new session")
+)
+
 var (
 	providerUrl      string
 	principalArn     string
 	acsUrl           string
 	role             string
+	datadir          string
 	duration         int
 	reloadBeforeTime int
 	samlCmd          = &cobra.Command{
@@ -30,6 +41,7 @@ var (
 )
 
 func init() {
+	cobra.OnInitialize(samlInitConfig)
 	samlCmd.PersistentFlags().StringVarP(&providerUrl, "provider", "p", "", "Saml Entity StartSSO Url")
 	samlCmd.MarkPersistentFlagRequired("provider")
 	samlCmd.PersistentFlags().StringVarP(&principalArn, "principal", "", "", "Principal Arn of the SAML IdP in AWS")
@@ -42,12 +54,14 @@ func init() {
 }
 
 func getSaml(cmd *cobra.Command, args []string) error {
-	conf := config.SamlConfig{
+	ctx := cmd.Context()
+
+	conf := credentialexchange.SamlConfig{
 		ProviderUrl:  providerUrl,
 		PrincipalArn: principalArn,
 		Duration:     duration,
 		AcsUrl:       acsUrl,
-		BaseConfig: config.BaseConfig{
+		BaseConfig: credentialexchange.BaseConfig{
 			StoreInProfile:       storeInProfile,
 			Role:                 role,
 			CfgSectionName:       cfgSectionName,
@@ -56,8 +70,34 @@ func getSaml(cmd *cobra.Command, args []string) error {
 		},
 	}
 
-	if err := auth.GetSamlCreds(conf); err != nil {
+	datadir := path.Join(credentialexchange.HomeDir(), fmt.Sprintf(".%s-data", credentialexchange.SELF_NAME))
+	os.MkdirAll(datadir, 0755)
+
+	secretStore, err := credentialexchange.NewSecretStore(conf.BaseConfig.Role, fmt.Sprintf("%s-%s", credentialexchange.SELF_NAME, credentialexchange.RoleKeyConverter(conf.BaseConfig.Role)), os.TempDir()+"/aws-clie-auth-lock")
+	if err != nil {
 		return err
 	}
-	return nil
+
+	cfg, err := config.LoadDefaultConfig(ctx)
+	if err != nil {
+		return fmt.Errorf("failed to create session %s, %w", err, ErrUnableToCreateSession)
+	}
+	svc := sts.NewFromConfig(cfg)
+
+	return cmdutils.GetSamlCreds(ctx, svc, secretStore, conf, web.NewWebConf(datadir))
+}
+
+func samlInitConfig() {
+	if _, err := os.Stat(credentialexchange.ConfigIniFile("")); err != nil {
+		// creating a file
+		rolesInit := []byte(fmt.Sprintf("[%s]\n", credentialexchange.INI_CONF_SECTION))
+		err := os.WriteFile(credentialexchange.ConfigIniFile(""), rolesInit, 0644)
+		cobra.CheckErr(err)
+	}
+
+	datadir = path.Join(credentialexchange.HomeDir(), fmt.Sprintf(".%s-data", credentialexchange.SELF_NAME))
+
+	if _, err := os.Stat(datadir); err != nil {
+		cobra.CheckErr(os.MkdirAll(datadir, 0755))
+	}
 }
diff --git a/cmd/specific.go b/cmd/specific.go
@@ -2,11 +2,11 @@ package cmd
 
 import (
 	"fmt"
-	"os"
+	"os/user"
 
-	"github.com/dnitsch/aws-cli-auth/internal/auth"
-	"github.com/dnitsch/aws-cli-auth/internal/config"
-	"github.com/dnitsch/aws-cli-auth/internal/util"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/service/sts"
+	"github.com/dnitsch/aws-cli-auth/internal/credentialexchange"
 	"github.com/spf13/cobra"
 )
 
@@ -28,29 +28,44 @@ func init() {
 }
 
 func specific(cmd *cobra.Command, args []string) error {
-	var awsCreds *util.AWSCredentials
-	var err error
+	var awsCreds *credentialexchange.AWSCredentials
+	ctx := cmd.Context()
+
+	cfg, err := config.LoadDefaultConfig(ctx)
+	if err != nil {
+		return fmt.Errorf("failed to create session %s, %w", err, ErrUnableToCreateSession)
+	}
+	svc := sts.NewFromConfig(cfg)
+
+	user, err := user.Current()
+
+	if err != nil {
+		return err
+	}
+
 	if method != "" {
 		switch method {
 		case "WEB_ID":
-			awsCreds, err = auth.LoginAwsWebToken(os.Getenv("USER")) // TODO: redo this getUser implementation
+			awsCreds, err = credentialexchange.LoginAwsWebToken(ctx, user.Name, svc)
 			if err != nil {
 				return err
 			}
 		default:
 			return fmt.Errorf("unsupported Method: %s", method)
 		}
 	}
-	config := config.SamlConfig{BaseConfig: config.BaseConfig{StoreInProfile: storeInProfile}}
+	config := credentialexchange.SamlConfig{BaseConfig: credentialexchange.BaseConfig{StoreInProfile: storeInProfile}}
 
+	// IF role is provided it can be assumed from the WEB_ID credentials
+	//
 	if role != "" {
-		awsCreds, err = auth.AssumeRoleWithCreds(awsCreds, os.Getenv("USER"), role)
+		awsCreds, err = credentialexchange.AssumeRoleWithCreds(ctx, awsCreds, svc, user.Name, role)
 		if err != nil {
 			return err
 		}
 	}
 
-	if err := util.SetCredentials(awsCreds, config); err != nil {
+	if err := credentialexchange.SetCredentials(awsCreds, config); err != nil {
 		return err
 	}
 	return nil