-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature: Console Login Command #88
Conversation
For any Makefile target that does not actually produce a file of that name, the target should be declared PHONY. This prevents a file or directory with the same name from being interpreted as the target of the command. For example, the `build` command in this Makefile produces no result because there is already a `build` directory, and Make interprets that as "being up to date".
…ep into feat/interactive_role_finder
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome feature. I really like the consideration for custom options. Just a couple comments.
cmd/login.go
Outdated
} | ||
|
||
// Construct the URL and open/print it; default to HTTPS if not specified | ||
url := fmt.Sprintf("%s/role/%s", viper.GetString("consoleme_open_url_override"), role) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should fall back to consoleme_url
if consoleme_open_url_override
isn't set. I think the cleanest way to do this would be to refactor this function into the config package and export it:
Lines 213 to 220 in 5ef5b4a
// baseWebURL allows the ConsoleMe URL to be overridden for cases where the API | |
// and UI are accessed via different URLs | |
func baseWebURL() string { | |
if override := viper.GetString("consoleme_open_url_override"); override != "" { | |
return override | |
} | |
return viper.GetString("consoleme_url") | |
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense, I will give that a try.
cmd/login.go
Outdated
} | ||
|
||
var loginCmd = &cobra.Command{ | ||
Use: "login", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you think of calling this weep console
instead of weep login
? Seems like login
could be a bit confusing -- as a user, I might assume that it's the command to log in to ConsoleMe.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A fun fact: I actually had called it weep console
previously, but changed it as I thought console
might have too much overload with open
, since the latter aims to open resources in the console as well.
I am quite OK with switching it back to console
. After some deliberation, I can't really think of a better term for the command.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, this has me wondering if we should change open
to only open things in the ConsoleMe UI and make console
support opening resources in the AWS console as well. Any thoughts?
Regardless, I don't see a need to hold up this PR. I say we change this to console
and have further discussion on where to go from here.
Overview
This PR introduces a new command for
weep
:console
. The console command simply opens a browser window for the user set to the sign-n URL for the specified role. This will drop the user in the AWS Management Console with the permissions of the selected role.The use-case for this is users who want to go from a terminal session with a role to an AWS Console session, and do not want to interact with the ConsoleMe web application in-between.
Dependencies
#86, #87
Implementation
While ConsoleMe already has an
open
command, when provided with an IAM role it will navigate to the policy-editing page for that role rather than the AWS Console.This new command will navigate to the latter. Additionally, unlike the
open
command which can accept many different input types,console
will only work with IAM console roles that the user has access to. This allows us to take advantage of the interactive role prompts, so that we can explore the list of available roles prior to logging in.As part of this change, we also expand the
OpenLink
function to take into consideration a new environment variable:WEEP_OPEN_LINK_OPTIONS
. This option should be a comma-separated string specifying any additional options that the user would like to add when opening a link (added AFTER the command, but BEFORE the URL).This allows the user to customize how their links are opened. For example, when using Chrome on macOS, the value:
causes the link to be opened in an incognito window if the user desires, making it easier to juggle multiple login sessions if needed.
While this is not the easiest interface for this functionality, it can be easily solved with shell aliases/helpers and is flexible enough to cover any of the various platform / browser combinations that
weep
users may use.