-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Geet Choubey
authored and
Geet Choubey
committed
Jan 7, 2023
1 parent
7515ff4
commit e21145c
Showing
9 changed files
with
243 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,98 @@ | ||
/* | ||
Copyright © 2023 NAME HERE <EMAIL ADDRESS> | ||
*/ | ||
package cmd | ||
|
||
import ( | ||
"fmt" | ||
"os/exec" | ||
"time" | ||
|
||
"github.com/geetchoubey/gimme-vault/shared/http" | ||
"github.com/spf13/cobra" | ||
jww "github.com/spf13/jwalterweatherman" | ||
"golang.org/x/crypto/ssh/terminal" | ||
) | ||
|
||
// loginCmd represents the login command | ||
var loginCmd = &cobra.Command{ | ||
Use: "login", | ||
Short: "Login to your account", | ||
Run: func(cmd *cobra.Command, args []string) { | ||
if f := config.IsConfigInitialized(); !f { | ||
fmt.Println("no configuration has been set. run 'gimme-vault configure' first") | ||
return | ||
} | ||
|
||
isLoginValid := checkLoginValid() | ||
if !isLoginValid { | ||
doLogin() | ||
} | ||
awsCreds := doWriteCredentials() | ||
doExportCredentials(awsCreds) | ||
}, | ||
} | ||
|
||
func checkLoginValid() bool { | ||
token := config.GetString("token") | ||
if len(token) == 0 { | ||
return false | ||
} | ||
updatedAt := config.GetInt64("updatedAt") | ||
if updatedAt == 0 { | ||
return false | ||
} | ||
updatedAtTime := time.Unix(updatedAt, 0) | ||
return int(time.Since(updatedAtTime).Seconds()) < config.GetInt("leaseDuration") | ||
} | ||
|
||
func doLogin() { | ||
fmt.Printf("Logging in using [%s] profile\n", profile) | ||
fmt.Printf("Password: ") | ||
password, err := terminal.ReadPassword(0) | ||
if err != nil { | ||
panic(fmt.Errorf("error reading password %v", err)) | ||
} | ||
fmt.Println("Logging in...") | ||
authResponse, err := http.Login(config.GetLoginUrl(), string(password)) | ||
if err != nil { | ||
jww.DEBUG.Fatalln(err) | ||
jww.FEEDBACK.Println("Error occurred. Please retry") | ||
return | ||
} | ||
fmt.Println("Successfully logged in") | ||
config.Set("token", authResponse.ClientToken) | ||
config.Set("leaseDuration", authResponse.LeaseDuration) | ||
config.Set("updatedAt", time.Now().Unix()) | ||
config.Save() | ||
} | ||
|
||
func doWriteCredentials() http.AWSCredentials { | ||
fmt.Println("Writing credentials") | ||
awsResponse, err := http.WriteCredentials(config.GetAWSWriteUrl(), config.GetString("token")) | ||
if err != nil { | ||
panic(fmt.Errorf("error writing credentials %v", err)) | ||
} | ||
return awsResponse | ||
} | ||
|
||
func run(value string, field string) { | ||
|
||
if _, err := exec.Command("aws", "configure", "set", field, value).Output(); err != nil { | ||
panic(fmt.Errorf("error occurred while setting %s %v", field, err)) | ||
} else { | ||
fmt.Printf("Set [%s] done\n", field) | ||
} | ||
} | ||
|
||
func doExportCredentials(awsCreds http.AWSCredentials) { | ||
run(awsCreds.AccessKey, "aws_access_key_id") | ||
run(awsCreds.SecretKey, "aws_secret_access_key") | ||
run(awsCreds.SecurityToken, "aws_session_token") | ||
run(config.GetString("region"), "default.region") | ||
|
||
} | ||
|
||
func init() { | ||
rootCmd.AddCommand(loginCmd) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
package configuration | ||
|
||
var Keys = []string{"username", "awsAccount", "region", "url", "version", "resource", "action"} | ||
|
||
func (c *Config) GetLoginUrl() string { | ||
return c.GetString("url") + "/" + | ||
c.GetString("version") + "/" + | ||
"auth/ldap/login/" + | ||
c.GetString("username") | ||
} | ||
|
||
func (c *Config) GetAWSWriteUrl() string { | ||
return c.GetString("url") + "/" + | ||
c.GetString("version") + "/" + | ||
"account/" + c.GetString("awsAccount") + | ||
"/sts/Owner" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
package http | ||
|
||
import ( | ||
"bytes" | ||
"encoding/json" | ||
"errors" | ||
"io" | ||
"net/http" | ||
) | ||
|
||
type AuthResponse struct { | ||
ClientToken string `json:"client_token"` | ||
LeaseDuration int `json:"lease_duration"` | ||
} | ||
|
||
type LoginResponse struct { | ||
Auth AuthResponse `json:"auth"` | ||
} | ||
|
||
func Login(url string, password string) (AuthResponse, error) { | ||
reqBody, err := json.Marshal(map[string]string{ | ||
"password": password, | ||
}) | ||
if err != nil { | ||
return AuthResponse{}, err | ||
} | ||
resp, err := http.Post(url, "application/json", bytes.NewBuffer(reqBody)) | ||
if err != nil || resp.StatusCode != http.StatusOK { | ||
if err == nil { | ||
return AuthResponse{}, errors.New("got error when logging in") | ||
} | ||
return AuthResponse{}, err | ||
} | ||
defer resp.Body.Close() | ||
body, err := io.ReadAll(resp.Body) | ||
if err != nil { | ||
if err != nil { | ||
return AuthResponse{}, err | ||
} | ||
} | ||
var response = LoginResponse{} | ||
if err := json.Unmarshal(body, &response); err != nil { | ||
if err != nil { | ||
return AuthResponse{}, err | ||
} | ||
} | ||
return response.Auth, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
package http | ||
|
||
import ( | ||
"bytes" | ||
"encoding/json" | ||
"io" | ||
"net/http" | ||
) | ||
|
||
type AWSCredentials struct { | ||
AccessKey string `json:"access_key"` | ||
SecretKey string `json:"secret_key"` | ||
SecurityToken string `json:"security_token"` | ||
} | ||
|
||
type Response struct { | ||
Data AWSCredentials `json:"data"` | ||
} | ||
|
||
func WriteCredentials(url string, token string) (AWSCredentials, error) { | ||
ttl, _ := json.Marshal(map[string]string{ | ||
"ttl": "240m", | ||
}) | ||
req, _ := http.NewRequest(http.MethodPut, url, bytes.NewBuffer(ttl)) | ||
req.Header.Set("Content-Type", "application/json") | ||
req.Header.Set("X-Vault-Token", token) | ||
resp, err := http.DefaultClient.Do(req) | ||
if err != nil { | ||
return AWSCredentials{}, err | ||
} | ||
defer resp.Body.Close() | ||
body, err := io.ReadAll(resp.Body) | ||
if err != nil { | ||
if err != nil { | ||
return AWSCredentials{}, err | ||
} | ||
} | ||
var response = Response{} | ||
if err := json.Unmarshal(body, &response); err != nil { | ||
if err != nil { | ||
return AWSCredentials{}, err | ||
} | ||
} | ||
return response.Data, nil | ||
} |