Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v12] Allow a tsh aws to proxy any command (#19941) #23835

Merged
merged 1 commit into from Mar 31, 2023
Merged

[v12] Allow a tsh aws to proxy any command (#19941) #23835

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
7 changes: 6 additions & 1 deletion tool/tsh/app_aws.go
View file
Open in desktop
Expand Up @@ -65,7 +65,12 @@ func onAWS(cf *CLIConf) error {
args = append(args, "--endpoint-url", awsApp.GetEndpointURL())
}

cmd := exec.Command(awsCLIBinaryName, args...)
commandToRun := awsCLIBinaryName
if cf.Exec != "" {
commandToRun = cf.Exec
}

cmd := exec.Command(commandToRun, args...)
return awsApp.RunCommand(cmd)
}

Expand Down
15 changes: 15 additions & 0 deletions tool/tsh/app_aws_test.go
View file
Open in desktop
Expand Up @@ -111,6 +111,21 @@ func TestAWS(t *testing.T) {
setCmdRunner(validateCmd),
)
require.NoError(t, err)

validateCmd = func(cmd *exec.Cmd) error {
// Validate composed AWS CLI command.
require.Len(t, cmd.Args, 2)
require.Equal(t, []string{"terraform", "plan"}, cmd.Args[:2])

return nil
}
err = Run(
context.Background(),
[]string{"aws", "--app", "aws-app", "--exec", "terraform", "plan"},
setHomePath(tmpHomePath),
setCmdRunner(validateCmd),
)
require.NoError(t, err)
}

func makeUserWithAWSRole(t *testing.T) (types.User, types.Role) {
Expand Down
3 changes: 3 additions & 0 deletions tool/tsh/tsh.go
View file
Open in desktop
Expand Up @@ -343,6 +343,8 @@ type CLIConf struct {
// LocalProxyTunnel specifies whether local proxy will open auth'd tunnel.
LocalProxyTunnel bool

// Exec is the command to run via tsh aws.
Exec string
// AWSRole is Amazon Role ARN or role name that will be used for AWS CLI access.
AWSRole string
// AWSCommandArgs contains arguments that will be forwarded to AWS CLI binary.
Expand Down Expand Up @@ -661,6 +663,7 @@ func Run(ctx context.Context, args []string, opts ...cliOption) error {
aws.Flag("app", "Optional Name of the AWS application to use if logged into multiple.").StringVar(&cf.AppName)
aws.Flag("endpoint-url", "Run local proxy to serve as an AWS endpoint URL. If not specified, local proxy serves as an HTTPS proxy.").
Short('e').Hidden().BoolVar(&cf.AWSEndpointURLMode)
aws.Flag("exec", "Execute different commands (e.g. terraform) under Teleport credentials").StringVar(&cf.Exec)

azure := app.Command("az", "Access Azure API.").Interspersed(false)
azure.Arg("command", "`az` command and subcommands arguments that are going to be forwarded to Azure CLI.").StringsVar(&cf.AzureCommandArgs)
Expand Down