Feature: Console Login Command #88
Conversation
For any Makefile target that does not actually produce a file of that name, the target should be declared PHONY. This prevents a file or directory with the same name from being interpreted as the target of the command. For example, the `build` command in this Makefile produces no result because there is already a `build` directory, and Make interprets that as "being up to date".
…ep into feat/interactive_role_finder
cmd/login.go
Outdated
| } | ||
|
|
||
| // Construct the URL and open/print it; default to HTTPS if not specified | ||
| url := fmt.Sprintf("%s/role/%s", viper.GetString("consoleme_open_url_override"), role) |
There was a problem hiding this comment.
This should fall back to consoleme_url if consoleme_open_url_override isn't set. I think the cleanest way to do this would be to refactor this function into the config package and export it:
Lines 213 to 220 in 5ef5b4a
There was a problem hiding this comment.
Makes sense, I will give that a try.
cmd/login.go
Outdated
| } | ||
|
|
||
| var loginCmd = &cobra.Command{ | ||
| Use: "login", |
There was a problem hiding this comment.
What do you think of calling this weep console instead of weep login? Seems like login could be a bit confusing -- as a user, I might assume that it's the command to log in to ConsoleMe.
There was a problem hiding this comment.
A fun fact: I actually had called it weep console previously, but changed it as I thought console might have too much overload with open, since the latter aims to open resources in the console as well.
I am quite OK with switching it back to console. After some deliberation, I can't really think of a better term for the command.
There was a problem hiding this comment.
Yeah, this has me wondering if we should change open to only open things in the ConsoleMe UI and make console support opening resources in the AWS console as well. Any thoughts?
Regardless, I don't see a need to hold up this PR. I say we change this to console and have further discussion on where to go from here.
Overview
This PR introduces a new command for
weep:console. The console command simply opens a browser window for the user set to the sign-n URL for the specified role. This will drop the user in the AWS Management Console with the permissions of the selected role.The use-case for this is users who want to go from a terminal session with a role to an AWS Console session, and do not want to interact with the ConsoleMe web application in-between.
Dependencies
#86, #87
Implementation
While ConsoleMe already has an
opencommand, when provided with an IAM role it will navigate to the policy-editing page for that role rather than the AWS Console.This new command will navigate to the latter. Additionally, unlike the
opencommand which can accept many different input types,consolewill only work with IAM console roles that the user has access to. This allows us to take advantage of the interactive role prompts, so that we can explore the list of available roles prior to logging in.As part of this change, we also expand the
OpenLinkfunction to take into consideration a new environment variable:WEEP_OPEN_LINK_OPTIONS. This option should be a comma-separated string specifying any additional options that the user would like to add when opening a link (added AFTER the command, but BEFORE the URL).This allows the user to customize how their links are opened. For example, when using Chrome on macOS, the value:
causes the link to be opened in an incognito window if the user desires, making it easier to juggle multiple login sessions if needed.
While this is not the easiest interface for this functionality, it can be easily solved with shell aliases/helpers and is flexible enough to cover any of the various platform / browser combinations that
weepusers may use.