-
Notifications
You must be signed in to change notification settings - Fork 3
/
reset_user_password.go
98 lines (80 loc) · 2.62 KB
/
reset_user_password.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
package main
import (
"context"
"errors"
"fmt"
"os"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/iam"
"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
"github.com/spf13/viper"
)
const (
flagResetUserPasswordUser = "user"
)
func initResetUserPasswordFlags(flag *pflag.FlagSet) {
flag.String(flagResetUserPasswordUser, "", "The name of the IAM user to update")
}
func checkResetUserPasswordConfig(v *viper.Viper) error {
userName := v.GetString(flagResetUserPasswordUser)
if len(userName) == 0 {
return errors.New("The IAM user name should not be empty")
}
return nil
}
func resetUserPassword(cmd *cobra.Command, args []string) error {
v, errViper := initViper(cmd)
if errViper != nil {
return fmt.Errorf("error initializing viper: %w\n", errViper)
}
if errConfig := checkResetUserPasswordConfig(v); errConfig != nil {
return errConfig
}
userName := v.GetString(flagResetUserPasswordUser)
awsCfg, errCfg := config.LoadDefaultConfig(context.TODO())
if errCfg != nil {
return errCfg
}
svcIAM := iam.NewFromConfig(awsCfg)
svcSecretsManager := secretsmanager.NewFromConfig(awsCfg)
getRandomPasswordOutput, errGetRandomPassword := svcSecretsManager.GetRandomPassword(context.TODO(), &secretsmanager.GetRandomPasswordInput{
PasswordLength: 24,
RequireEachIncludedType: true,
})
if errGetRandomPassword != nil {
return errGetRandomPassword
}
password := getRandomPasswordOutput.RandomPassword
_, errUpdateLoginProfile := svcIAM.UpdateLoginProfile(context.TODO(), &iam.UpdateLoginProfileInput{
UserName: &userName,
Password: password,
})
if errUpdateLoginProfile != nil {
return errUpdateLoginProfile
}
listAccountAliasesOutput, errListAccountAliases := svcIAM.ListAccountAliases(context.TODO(), &iam.ListAccountAliasesInput{})
if errListAccountAliases != nil {
return errListAccountAliases
}
var loginUrl string
if len(listAccountAliasesOutput.AccountAliases) > 0 {
alias := listAccountAliasesOutput.AccountAliases[0]
awsRegion := os.Getenv("AWS_REGION")
if awsRegion == "us-gov-east-1" || awsRegion == "us-gov-west-1" {
loginUrl = fmt.Sprintf("https://%s.signin.amazonaws-us-gov.com/console", alias)
} else {
loginUrl = fmt.Sprintf("https://%s.signin.aws.amazon.com/console", alias)
}
} else {
loginUrl = "https://console.aws.amazon.com/"
}
fmt.Printf("Login URL: %s\n", loginUrl)
fmt.Printf("Username: %s\n", userName)
fmt.Printf("Password: %s\n", *password)
fmt.Println(`Please follow these steps:
1. Log in to the console with your new password"
2. Reset your password\n`)
return nil
}