-
Notifications
You must be signed in to change notification settings - Fork 14
/
get.go
111 lines (98 loc) · 3.24 KB
/
get.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
package cmd
import (
"fmt"
"log"
"os"
"runtime"
"github.com/fatih/color"
"github.com/mitchellh/go-homedir"
"github.com/allcloud-io/clisso/aws"
"github.com/allcloud-io/clisso/okta"
"github.com/allcloud-io/clisso/onelogin"
"github.com/spf13/cobra"
"github.com/spf13/viper"
)
var printToShell bool
var writeToFile string
func init() {
RootCmd.AddCommand(cmdGet)
cmdGet.Flags().BoolVarP(
&printToShell, "shell", "s", false, "Print credentials to shell",
)
cmdGet.Flags().StringVarP(
&writeToFile, "write-to-file", "w", "",
"Write credentials to this file instead of the default ($HOME/.aws/credentials)",
)
viper.BindPFlag("global.credentials-path", cmdGet.Flags().Lookup("write-to-file"))
}
// processCredentials prints the given Credentials to a file and/or to the shell.
func processCredentials(creds *aws.Credentials, app string) error {
if printToShell {
// Print credentials to shell using the correct syntax for the OS.
aws.WriteToShell(creds, runtime.GOOS == "windows", os.Stdout)
} else {
path, err := homedir.Expand(viper.GetString("global.credentials-path"))
if err != nil {
return fmt.Errorf("expanding config file path: %v", err)
}
if err = aws.WriteToFile(creds, path, app); err != nil {
return fmt.Errorf("writing credentials to file: %v", err)
}
log.Printf(color.GreenString("Credentials written successfully to '%s'"), path)
}
return nil
}
var cmdGet = &cobra.Command{
Use: "get",
Short: "Get temporary credentials for an app",
Long: `Obtain temporary credentials for the specified app by generating a SAML
assertion at the identity provider and using this assertion to retrieve
temporary credentials from the cloud provider.
If no app is specified, the selected app (if configured) will be assumed.`,
Run: func(cmd *cobra.Command, args []string) {
var app string
if len(args) == 0 {
// No app specified.
selected := viper.GetString("global.selected-app")
if selected == "" {
// No default app configured.
log.Fatal(color.RedString("No app specified and no default app configured"))
}
app = selected
} else {
// App specified - use it.
app = args[0]
}
provider := viper.GetString(fmt.Sprintf("apps.%s.provider", app))
if provider == "" {
log.Fatalf(color.RedString("Could not get provider for app '%s'"), app)
}
pType := viper.GetString(fmt.Sprintf("providers.%s.type", provider))
if pType == "" {
log.Fatalf(color.RedString("Could not get provider type for provider '%s'"), provider)
}
if pType == "onelogin" {
creds, err := onelogin.Get(app, provider)
if err != nil {
log.Fatal(color.RedString("Could not get temporary credentials: "), err)
}
// Process credentials
err = processCredentials(creds, app)
if err != nil {
log.Fatalf(color.RedString("Error processing credentials: %v"), err)
}
} else if pType == "okta" {
creds, err := okta.Get(app, provider)
if err != nil {
log.Fatal(color.RedString("Could not get temporary credentials: "), err)
}
// Process credentials
err = processCredentials(creds, app)
if err != nil {
log.Fatalf(color.RedString("Error processing credentials: %v"), err)
}
} else {
log.Fatalf(color.RedString("Unsupported identity provider type '%s' for app '%s'"), pType, app)
}
},
}