forked from 99designs/aws-vault
-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.go
234 lines (210 loc) · 5.89 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
package vault
import (
"crypto/md5"
"encoding/json"
"errors"
"fmt"
"log"
"os"
"path/filepath"
"strings"
"github.com/aws/aws-sdk-go/aws/awserr"
ini "github.com/go-ini/ini"
"github.com/mitchellh/go-homedir"
)
func init() {
ini.PrettyFormat = false
}
// Config is an abstraction over what is in ~/.aws/config
type Config struct {
Path string
iniFile *ini.File
}
// ConfigPath returns either $AWS_CONFIG_FILE or ~/.aws/config
func ConfigPath() (string, error) {
file := os.Getenv("AWS_CONFIG_FILE")
if file == "" {
home, err := homedir.Dir()
if err != nil {
return "", err
}
file = filepath.Join(home, "/.aws/config")
} else {
log.Printf("Using AWS_CONFIG_FILE value: %s", file)
}
return file, nil
}
// CreateConfig will create the config directory and file if they do not exist
func CreateConfig() error {
file, err := ConfigPath()
if err != nil {
return err
}
dir := filepath.Dir(file)
if _, err := os.Stat(dir); os.IsNotExist(err) {
os.Mkdir(dir, 0700)
log.Printf("Config directory %s created", dir)
}
if _, err := os.Stat(file); os.IsNotExist(err) {
newFile, err := os.Create(file)
if err != nil {
log.Printf("Config file %s not created", file)
return err
}
newFile.Close()
log.Printf("Config file %s created", file)
}
return nil
}
// LoadConfig loads and parses a config. No error is returned if the file doesn't exist
func LoadConfig(path string) (*Config, error) {
config := &Config{
Path: path,
}
if _, err := os.Stat(path); err == nil {
if parseErr := config.parseFile(); parseErr != nil {
return nil, parseErr
}
} else {
log.Printf("Config file %s doesn't exist so lets create it", path)
err := CreateConfig()
if err != nil {
return nil, err
}
if parseErr := config.parseFile(); parseErr != nil {
return nil, parseErr
}
}
return config, nil
}
// LoadConfigFromEnv finds the config file from the environment
func LoadConfigFromEnv() (*Config, error) {
file, err := ConfigPath()
if err != nil {
return nil, err
}
log.Printf("Loading config file %s", file)
return LoadConfig(file)
}
func (c *Config) parseFile() error {
log.Printf("Parsing config file %s", c.Path)
f, err := ini.LoadSources(ini.LoadOptions{
AllowNestedValues: true,
}, c.Path)
if err != nil {
return fmt.Errorf("Error parsing config file %q: %v", c.Path, err)
}
c.iniFile = f
return nil
}
type Profile struct {
Name string `ini:"-"`
MFASerial string `ini:"mfa_serial,omitempty"`
RoleARN string `ini:"role_arn,omitempty"`
ExternalID string `ini:"external_id,omitempty"`
Region string `ini:"region,omitempty"`
SourceProfile string `ini:"source_profile,omitempty"`
RoleSessionName string `ini:"role_session_name,omitempty"`
}
func (p Profile) Hash() ([]byte, error) {
hasher := md5.New()
if err := json.NewEncoder(hasher).Encode(p); err != nil {
return nil, err
}
b := hasher.Sum(nil)
return b, nil
}
func readProfileFromIni(f *ini.File, sectionName string, profile *Profile) error {
if f == nil {
return errors.New("No ini file available")
}
section, err := f.GetSection(sectionName)
if err != nil {
return err
}
if err = section.MapTo(&profile); err != nil {
return err
}
return nil
}
// Profiles returns all the profiles in the config
func (c *Config) Profiles() []Profile {
var result []Profile
if c.iniFile == nil {
return result
}
for _, section := range c.iniFile.SectionStrings() {
if section != "DEFAULT" {
profile, _ := c.Profile(strings.TrimPrefix(section, "profile "))
result = append(result, profile)
}
}
return result
}
// Profile returns the profile with the matching name. If there isn't any,
// an empty profile with the provided name is returned, along with false.
func (c *Config) Profile(name string) (Profile, bool) {
profile := Profile{
Name: name,
}
if c.iniFile == nil {
return profile, false
}
// default profile name has a slightly different section format
sectionName := "profile " + name
if name == "default" {
sectionName = "default"
}
section, err := c.iniFile.GetSection(sectionName)
if err != nil {
return profile, false
}
if err = section.MapTo(&profile); err != nil {
panic(err)
}
return profile, true
}
// Add the profile to the configuration file
func (c *Config) Add(profile Profile) error {
if c.iniFile == nil {
return errors.New("No iniFile to add to")
}
// default profile name has a slightly different section format
sectionName := "profile " + profile.Name
if profile.Name == "default" {
sectionName = "default"
}
section, err := c.iniFile.NewSection(sectionName)
if err != nil {
return fmt.Errorf("Error creating section %q: %v", profile.Name, err)
}
if err = section.ReflectFrom(&profile); err != nil {
return fmt.Errorf("Error mapping profile to ini file: %v", err)
}
return c.iniFile.SaveTo(c.Path)
}
// SourceProfile returns the source profile of the given profile. If there isn't any,
// the named profile, a new profile is returned. False is only returned if no profile by the name exists.
func (c *Config) SourceProfile(name string) (Profile, bool) {
profile, ok := c.Profile(name)
if profile.SourceProfile != "" {
return c.Profile(profile.SourceProfile)
}
return profile, ok
}
// FormatCredentialError formats errors with some user friendly context
func (c *Config) FormatCredentialError(err error, profileName string) string {
source, _ := c.SourceProfile(profileName)
sourceDescr := profileName
// add custom formatting for source_profile
if source.Name != profileName {
sourceDescr = fmt.Sprintf("%s (source profile for %s)", source.Name, profileName)
}
if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "NoCredentialProviders" {
return fmt.Sprintf(
"No credentials found for profile %s.\n"+
"Use 'aws-vault add %s' to set up credentials or 'aws-vault list' to see what credentials exist",
sourceDescr, source.Name)
}
return fmt.Sprintf("Failed to get credentials for %s: %v", sourceDescr, err)
}