/
console.go
219 lines (180 loc) · 5.83 KB
/
console.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
package account
import (
"fmt"
"net/url"
awsSdk "github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/aws/arn"
"github.com/openshift/osdctl/pkg/osdCloud"
"github.com/openshift/osdctl/pkg/provider/aws"
"github.com/openshift/osdctl/pkg/utils"
"github.com/pkg/browser"
"github.com/spf13/cobra"
cmdutil "k8s.io/kubectl/pkg/cmd/util"
)
// newCmdConsole implements the Console command which Consoles the specified account cr
func newCmdConsole() *cobra.Command {
ops := newConsoleOptions()
consoleCmd := &cobra.Command{
Use: "console",
Short: "Generate an AWS console URL on the fly",
Args: cobra.NoArgs,
DisableAutoGenTag: true,
Run: func(cmd *cobra.Command, args []string) {
cmdutil.CheckErr(ops.complete(cmd))
cmdutil.CheckErr(ops.run())
},
}
consoleCmd.Flags().BoolVarP(&ops.verbose, "verbose", "", false, "Verbose output")
consoleCmd.Flags().BoolVar(&ops.launch, "launch", false, "Launch web browser directly")
consoleCmd.Flags().Int32VarP(&ops.consoleDuration, "duration", "d", 3600, "The duration of the console session. "+
"Default value is 3600 seconds(1 hour)")
consoleCmd.Flags().StringVarP(&ops.awsAccountID, "accountId", "i", "", "AWS Account ID")
consoleCmd.Flags().StringVarP(&ops.awsProfile, "profile", "p", "", "AWS Profile")
consoleCmd.Flags().StringVarP(&ops.region, "region", "r", "", "Region")
consoleCmd.Flags().StringVarP(&ops.clusterID, "clusterID", "C", "", "Cluster ID")
return consoleCmd
}
// consoleOptions defines the struct for running Console command
type consoleOptions struct {
verbose bool
launch bool
awsAccountID string
awsProfile string
region string
clusterID string
consoleDuration int32
}
func newConsoleOptions() *consoleOptions {
return &consoleOptions{}
}
func (o *consoleOptions) complete(cmd *cobra.Command) error {
var err error
ocmClient, err := utils.CreateConnection()
if err != nil {
return err
}
if o.awsAccountID == "" && o.clusterID == "" {
return fmt.Errorf("please specify -i or -C")
}
if o.awsAccountID != "" && o.clusterID != "" {
return fmt.Errorf("-i and -c are mutually exclusive, please only specify one")
}
if o.clusterID != "" {
o.awsAccountID, err = utils.GetAWSAccountIdForCluster(ocmClient, o.clusterID)
if err != nil {
return err
}
}
if o.region == "" {
o.region = "us-east-1"
}
return nil
}
func (o *consoleOptions) run() error {
isCCS := false
var err error
ocmClient, err := utils.CreateConnection()
if err != nil {
return err
}
defer ocmClient.Close()
// If a cluster ID was provided, determine if the cluster is CCS
if o.clusterID != "" {
isCCS, err = utils.IsClusterCCS(ocmClient, o.clusterID)
if err != nil {
return err
}
}
// Build the base AWS client using the provide credentials (profile or env vars)
awsClient, err := aws.NewAwsClient(o.awsProfile, o.region, "")
if err != nil {
fmt.Printf("Could not build AWS Client: %s\n", err)
return err
}
// Get the right partition for the final ARN
partition, err := aws.GetAwsPartition(awsClient)
if err != nil {
return err
}
// Generate a session name using the SRE's kerberos ID
sessionName, err := osdCloud.GenerateRoleSessionName(awsClient)
if err != nil {
fmt.Printf("Could not generate Session Name: %s\n", err)
return err
}
// By default, the target role arn is OrganizationAccountAccessRole (works for -i and non-CCS clusters)
targetRoleArnString := aws.GenerateRoleARN(o.awsAccountID, osdCloud.OrganizationAccountAccessRole)
if isCCS {
// If a cluster is provided and it's CCS, the target role is the Managed Support role arn
targetRoleArnString, err = utils.GetSupportRoleArnForCluster(ocmClient, o.clusterID)
if err != nil {
return err
}
// The AWS client used to generate the URL should be the jump role for CCS clusters
jumpRoleCreds, err := osdCloud.GenerateJumpRoleCredentials(awsClient, o.region, sessionName)
if err != nil {
return err
}
awsClient, err = aws.NewAwsClientWithInput(
&aws.ClientInput{
AccessKeyID: *jumpRoleCreds.AccessKeyId,
SecretAccessKey: *jumpRoleCreds.SecretAccessKey,
SessionToken: *jumpRoleCreds.SessionToken,
Region: o.region,
},
)
if err != nil {
return err
}
}
targetRoleArn, err := arn.Parse(targetRoleArnString)
if err != nil {
return err
}
targetRoleArn.Partition = partition
consoleURL, err := aws.RequestSignInToken(
awsClient,
&o.consoleDuration,
&sessionName,
awsSdk.String(targetRoleArn.String()),
)
if err != nil {
fmt.Printf("Generating console failed: %s\n", err)
return err
}
consoleURL, err = PrependRegionToURL(consoleURL, o.region)
if err != nil {
return fmt.Errorf("could not prepend region to console url: %w", err)
}
fmt.Printf("The AWS Console URL is:\n%s\n", consoleURL)
if o.launch {
return browser.OpenURL(consoleURL)
}
return nil
}
func PrependRegionToURL(consoleURL, region string) (string, error) {
// Extract the url data
u, err := url.Parse(consoleURL)
if err != nil {
return "", fmt.Errorf("cannot parse consoleURL '%s' : %w", consoleURL, err)
}
urlValues, err := url.ParseQuery(u.RawQuery)
if err != nil {
return "", fmt.Errorf("cannot parse the queries '%s' : %w", u.RawQuery, err)
}
// Retrieve the Destination url for modification
rawDestinationUrl := urlValues.Get("Destination")
destinationURL, err := url.Parse(rawDestinationUrl)
if err != nil {
return "", fmt.Errorf("cannot parse rawDestinationUrl '%s' : %w", rawDestinationUrl, err)
}
// Prepend the region to the url
destinationURL.Host = fmt.Sprintf("%s.%s", region, destinationURL.Host)
prependedDestinationURL := destinationURL.String()
// override the Destination after it was modified
urlValues.Set("Destination", prependedDestinationURL)
// Wrap up the values into the original url
u.RawQuery = urlValues.Encode()
consoleURL = u.String()
return consoleURL, nil
}