forked from wallix/awless
/
whoami.go
102 lines (86 loc) · 2.84 KB
/
whoami.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
/*
Copyright 2017 WALLIX
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package commands
import (
"fmt"
"io/ioutil"
"net"
"net/http"
"strings"
"time"
"github.com/spf13/cobra"
"github.com/wallix/awless/aws"
"github.com/wallix/awless/logger"
)
var onlyMyIPFlag bool
func init() {
RootCmd.AddCommand(whoamiCmd)
whoamiCmd.Flags().BoolVar(&onlyMyIPFlag, "ip-only", false, "Return your IP address as seen by AWS")
}
var whoamiCmd = &cobra.Command{
Use: "whoami",
Aliases: []string{"who"},
PersistentPreRun: applyHooks(initAwlessEnvHook, initLoggerHook, initCloudServicesHook),
PersistentPostRun: applyHooks(saveHistoryHook, verifyNewVersionHook),
Short: "Show your account, attached (i.e. managed) and inlined policies",
Run: func(cmd *cobra.Command, args []string) {
if onlyMyIPFlag {
fmt.Println(getMyIP())
return
}
me, err := aws.AccessService.(*aws.Access).GetIdentity()
exitOn(err)
if me.Username == "root" {
logger.Warning("You are currently root")
logger.Warning("Best practices suggest to create a new user and affecting it roles of access")
logger.Warning("awless official templates might help https://github.com/wallix/awless-templates\n")
}
fmt.Printf("Username: %s, Id: %s, Account: %s\n", me.Username, me.UserId, me.Account)
policies, err := aws.AccessService.(*aws.Access).GetUserPolicies(me.Username)
if err != nil {
logger.Error(err)
return
} else {
if attached := policies.Attached; len(attached) > 0 {
fmt.Println("\nAttached policies (i.e. managed):")
for _, name := range attached {
fmt.Printf("\t- %s\n", name)
}
} else {
fmt.Println("\nAttached policies (i.e. managed): none")
}
if inlined := policies.Inlined; len(inlined) > 0 {
fmt.Println("\nInlined policies:")
for _, name := range inlined {
fmt.Printf("\t- %s\n", name)
}
} else {
fmt.Println("\nInlined policies: none")
}
if byGroup := policies.ByGroup; len(byGroup) > 0 {
for g, pol := range byGroup {
fmt.Printf("\nPolicies from group '%s': %s\n", g, strings.Join(pol, ", "))
}
}
}
},
}
func getMyIP() net.IP {
client := &http.Client{Timeout: 3 * time.Second}
if resp, err := client.Get("http://checkip.amazonaws.com/"); err == nil {
b, _ := ioutil.ReadAll(resp.Body)
resp.Body.Close()
return net.ParseIP(strings.TrimSpace(string(b)))
}
return nil
}