forked from wallix/awless
-
Notifications
You must be signed in to change notification settings - Fork 3
/
whoami.go
135 lines (115 loc) · 4.12 KB
/
whoami.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
/*
Copyright 2017 WALLIX
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package commands
import (
"fmt"
"io/ioutil"
"net"
"net/http"
"strings"
"time"
"github.com/spf13/cobra"
"github.com/wallix/awless/aws"
"github.com/wallix/awless/logger"
)
var onlyMyIPFlag, onlyMyNameFlag, onlyMyTypeFlag, onlyMyIDFlag, onlyMyAccountFlag, onlyMyResourcePathFlag bool
func init() {
RootCmd.AddCommand(whoamiCmd)
whoamiCmd.Flags().BoolVar(&onlyMyIPFlag, "ip-only", false, "Only returns your IP address as seen by AWS")
whoamiCmd.Flags().BoolVar(&onlyMyNameFlag, "name-only", false, "Only returns the name of the resource (ex: username for a user)")
whoamiCmd.Flags().BoolVar(&onlyMyTypeFlag, "type-only", false, "Only returns the type of the resource (ex: user for a user)")
whoamiCmd.Flags().BoolVar(&onlyMyIDFlag, "id-only", false, "Only returns the ID of the resource")
whoamiCmd.Flags().BoolVar(&onlyMyAccountFlag, "account-only", false, "Only returns the AWS account number")
whoamiCmd.Flags().BoolVar(&onlyMyResourcePathFlag, "resource-only", false, "Only returns the AWS ARN resource path suffix (ex: user/jsmith)")
}
var whoamiCmd = &cobra.Command{
Use: "whoami",
Aliases: []string{"who"},
PersistentPreRun: applyHooks(initAwlessEnvHook, initLoggerHook, initCloudServicesHook, firstInstallDoneHook),
PersistentPostRun: applyHooks(verifyNewVersionHook, onVersionUpgrade),
Short: "Show your account, attached (i.e. managed) and inlined policies",
Run: func(cmd *cobra.Command, args []string) {
if onlyMyIPFlag {
fmt.Println(getMyIP())
return
}
if localGlobalFlag {
logger.Warning("`--local` flag prevent the command from fetching remote information")
return
}
me, err := aws.AccessService.(*aws.Access).GetIdentity()
exitOn(err)
if me.IsRoot() {
logger.Warning("You are currently root")
logger.Warning("Best practices suggest to create a new user and affecting it roles of access")
logger.Warning("awless official templates might help https://github.com/wallix/awless-templates\n")
}
switch {
case onlyMyAccountFlag:
fmt.Println(me.Account)
return
case onlyMyIDFlag:
fmt.Println(me.UserId)
return
case onlyMyNameFlag:
fmt.Println(me.Resource)
return
case onlyMyTypeFlag:
fmt.Println(me.ResourceType)
return
case onlyMyResourcePathFlag:
fmt.Println(me.ResourcePath)
return
}
if !me.IsUserType() {
fmt.Printf("ResourceType: %s, Resource: %s, Id: %s, Account: %s\n", me.ResourceType, me.Resource, me.UserId, me.Account)
return
}
fmt.Printf("Username: %s, Id: %s, Account: %s\n", me.Resource, me.UserId, me.Account)
policies, err := aws.AccessService.(*aws.Access).GetUserPolicies(me.Resource)
if err != nil {
logger.Error(err)
return
}
if attached := policies.Attached; len(attached) > 0 {
fmt.Println("\nAttached policies (i.e. managed):")
for _, name := range attached {
fmt.Printf("\t- %s\n", name)
}
} else {
fmt.Println("\nAttached policies (i.e. managed): none")
}
if inlined := policies.Inlined; len(inlined) > 0 {
fmt.Println("\nInlined policies:")
for _, name := range inlined {
fmt.Printf("\t- %s\n", name)
}
} else {
fmt.Println("\nInlined policies: none")
}
if byGroup := policies.ByGroup; len(byGroup) > 0 {
for g, pol := range byGroup {
fmt.Printf("\nPolicies from group '%s': %s\n", g, strings.Join(pol, ", "))
}
}
},
}
func getMyIP() net.IP {
client := &http.Client{Timeout: 3 * time.Second}
if resp, err := client.Get("http://checkip.amazonaws.com/"); err == nil {
b, _ := ioutil.ReadAll(resp.Body)
resp.Body.Close()
return net.ParseIP(strings.TrimSpace(string(b)))
}
return nil
}