forked from b-b3rn4rd/awscli-console-plugin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
console.go
160 lines (124 loc) · 3.94 KB
/
console.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
package main
import (
"encoding/json"
"errors"
"fmt"
"os"
"strconv"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"net/http"
"net/url"
"github.com/alecthomas/kong"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/skratchdot/open-golang/open"
)
type Context struct {
Timeout int
Profile string
Output bool
}
type Console struct {
}
var cli struct {
Command Console `cmd help:"login to aws console" default:"1"`
Timeout int `help:"Console session timeout in seconds (for non STS credentials only)" default:"360"`
Profile string `help:"Assume credentials in the given profile before opening the console."`
Output bool `help:"Output the signin url instead of opening it in the browser."`
}
func (cli *Console) signinURL(credentials credentials.Value, timeout string) (string, error) {
credentialsJSON, err := json.Marshal(map[string]string{
"sessionId": credentials.AccessKeyID,
"sessionKey": credentials.SecretAccessKey,
"sessionToken": credentials.SessionToken,
})
if err != nil {
return "", fmt.Errorf("error while marshalling credentials, %s", err)
}
signinQuery := url.Values{}
signinQuery.Add("Action", "getSigninToken")
// signinQuery.Add("SessionType", "json")
if credentials.SessionToken == "" {
signinQuery.Add("SessionDuration", timeout)
}
signinQuery.Add("Session", string(credentialsJSON))
signinURL := url.URL{}
signinURL.Host = "signin.aws.amazon.com"
signinURL.Scheme = "https"
signinURL.Path = "federation"
signinURL.RawQuery = signinQuery.Encode()
return signinURL.String(), nil
}
func (cli *Console) consoleURL(signinToken string, destinationURL string) string {
consoleQuery := url.Values{}
consoleQuery.Add("Action", "login")
consoleQuery.Add("Issuer", "awscli-console-plugin")
consoleQuery.Add("Destination", destinationURL)
consoleQuery.Add("SigninToken", signinToken)
consoleURL := url.URL{}
consoleURL.Host = "signin.aws.amazon.com"
consoleURL.Scheme = "https"
consoleURL.Path = "federation"
consoleURL.RawQuery = consoleQuery.Encode()
return consoleURL.String()
}
func (cli *Console) Credentials(profile string) (credentials.Value, string, error) {
var sess *session.Session
if profile != "" {
sess = session.Must(session.NewSessionWithOptions(session.Options{
Profile: profile,
}))
} else {
sess = session.Must(session.NewSessionWithOptions(session.Options{
SharedConfigState: session.SharedConfigEnable,
}))
}
credentials, err := sess.Config.Credentials.Get()
return credentials, aws.StringValue(sess.Config.Region), err
}
func (cli *Console) Run(ctx *Context) error {
credentials, region, err := cli.Credentials(ctx.Profile)
if err != nil {
return fmt.Errorf("error while retrieving credentials, %s", err)
}
signinURL, err := cli.signinURL(credentials, strconv.Itoa(ctx.Timeout))
if err != nil {
return err
}
resp, err := http.Get(signinURL)
if err != nil {
return fmt.Errorf("error while making signin request to %s, %s", signinURL, err)
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
return fmt.Errorf("unsuccessful response from the signin request, %s", resp.Status)
}
responseBody := map[string]string{}
err = json.NewDecoder(resp.Body).Decode(&responseBody)
if err != nil {
return fmt.Errorf("error while unmarshalling response body, %s", err)
}
_, ok := responseBody["SigninToken"]
if !ok {
return errors.New("missing 'SigninToken' field in the response body")
}
destinationURL := fmt.Sprintf("https://%s.console.aws.amazon.com/console/home?region=%s", region, region)
consoleURL := cli.consoleURL(responseBody["SigninToken"], destinationURL)
if ctx.Output {
fmt.Fprint(os.Stdout, consoleURL)
return nil
}
err = open.Run(consoleURL)
if err != nil {
return fmt.Errorf("error while opening browser, %s", err)
}
return nil
}
func main() {
ctx := kong.Parse(&cli)
err := ctx.Run(&Context{
Timeout: cli.Timeout,
Profile: cli.Profile,
Output: cli.Output})
ctx.FatalIfErrorf(err)
}