-
Notifications
You must be signed in to change notification settings - Fork 3
/
main.go
109 lines (92 loc) · 3.15 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
package main
import (
"fmt"
"io/ioutil"
"log"
"os"
"os/exec"
"path/filepath"
"strings"
"time"
"github.com/alecthomas/kong"
)
var tempDir string
var credentialsRenew time.Time
type CLI struct {
SessionName string `name:"session-name" short:"s" help:"Session name of the role to assume" default:"awsu" env:"USER"`
ExternalID string `name:"external-id" short:"e" help:"ExternalID to authenticate the request"`
Duration int64 `name:"duration" short:"d" help:"Duration of the session" default:"3600"`
Verbose bool `name:"verbose" short:"v" help:"Verbose error logging"`
SessionTags map[string]string `name:"session-tags" short:"t" help:"Session tags to apply to the role-assumption (eg: -t tag1=batman)"`
TransitiveTags []string `name:"transitive-tags" short:"x" help:"Keys for session tags which are transitive (eg: -x tag1)"`
SourceIdentity string `name:"source-identity" short:"i" help:"Source identity to set for this session"`
RoleArn string `arg:"" help:"The role name or ARN you want to assume"`
Command []string `arg:"" passthrough:""`
}
func main() {
ctx := kong.Parse(
&CLI{},
kong.Name("awsu"),
kong.Description("Switch-user for AWS"),
)
err := ctx.Run()
ctx.FatalIfErrorf(err)
}
func (c *CLI) Run(ctx *kong.Context) error {
var err error
tempDir, err = ioutil.TempDir("", "awsu")
if err != nil {
log.Fatalf("Failed to create a tempdir: %v", err)
}
defer os.RemoveAll(tempDir)
err = c.renewCredentials()
if err != nil {
log.Fatal(err)
}
go func() {
for {
time.Sleep(time.Until(credentialsRenew))
if c.Verbose {
log.Print("awsu: Renewing credentials")
}
if err := c.renewCredentials(); err != nil {
// We don't exit here - let the sub-command die it's own way
log.Printf("awsu: Failed to renew credentials: %v", err)
// Renew in a minute
credentialsRenew = time.Now().Add(time.Minute)
}
if c.Verbose {
log.Printf("awsu: Credentials renewed, next renewal in %s", humanDur(time.Until(credentialsRenew)))
}
}
}()
cmd := exec.Command(c.Command[0], c.Command[1:]...)
cmd.Env = []string{fmt.Sprintf("AWS_SHARED_CREDENTIALS_FILE=%s", filepath.Join(tempDir, "credentials"))}
// We strip any AWS_ vars (except region vars, and profile), to ensure we have precedence over credentials
for _, e := range os.Environ() {
if strings.HasPrefix(e, "AWS_REGION=") ||
strings.HasPrefix(e, "AWS_DEFAULT_REGION=") ||
strings.HasPrefix(e, "AWS_PROFILE=") ||
!strings.HasPrefix(e, "AWS_") {
cmd.Env = append(cmd.Env, e)
}
}
cmd.Stderr = os.Stderr
cmd.Stdout = os.Stdout
cmd.Stdin = os.Stdin
log.Printf("Running %s with assumedRole %s, renewal in %s", c.Command, c.RoleArn, humanDur(time.Until(credentialsRenew)))
err = cmd.Run()
if err != nil {
if exitErr, ok := err.(*exec.ExitError); ok {
os.Exit(exitErr.ExitCode())
}
return fmt.Errorf("an error occurred waiting for cmd; %w", err)
}
return nil
}
func humanDur(d time.Duration) string {
if seconds := int(d.Seconds()); seconds < 60 {
return fmt.Sprintf("%ds", seconds)
}
return fmt.Sprintf("%dm", int(d.Minutes()))
}