github.com/versent/saml2aws@v2.17.0+incompatible/cmd/saml2aws/commands/script.go

github.com/versent/saml2aws@v2.17.0+incompatible/cmd/saml2aws/commands/script.go (about)

     1  package commands
     2  
     3  import (
     4  	"fmt"
     5  	"os"
     6  	"text/template"
     7  	"time"
     8  
     9  	"github.com/pkg/errors"
    10  	"github.com/versent/saml2aws/pkg/awsconfig"
    11  	"github.com/versent/saml2aws/pkg/flags"
    12  )
    13  
    14  const bashTmpl = `export AWS_ACCESS_KEY_ID="{{ .AWSAccessKey }}"
    15  export AWS_SECRET_ACCESS_KEY="{{ .AWSSecretKey }}"
    16  export AWS_SESSION_TOKEN="{{ .AWSSessionToken }}"
    17  export AWS_SECURITY_TOKEN="{{ .AWSSecurityToken }}"
    18  export SAML2AWS_PROFILE="{{ .ProfileName }}"
    19  `
    20  
    21  const fishTmpl = `set -gx AWS_ACCESS_KEY_ID {{ .AWSAccessKey }}
    22  set -gx AWS_SECRET_ACCESS_KEY {{ .AWSSecretKey }}
    23  set -gx AWS_SESSION_TOKEM {{ .AWSSessionToken }}
    24  set -gx AWS_SECURITY_TOKEN {{ .AWSSecurityToken }}
    25  set -gx SAML2AWS_PROFILE {{ .ProfileName }}
    26  "
    27  `
    28  
    29  const powershellTmpl = `$env:AWS_ACCESS_KEY_ID='{{ .AWSAccessKey }}'
    30  $env:AWS_SECRET_ACCESS_KEY='{{ .AWSSecretKey }}'
    31  $env:AWS_SESSION_TOKEN='{{ .AWSSessionToken }}'
    32  $env:AWS_SECURITY_TOKEN='{{ .AWSSecurityToken }}'
    33  $env:SAML2AWS_PROFILE='{{ .ProfileName }}'
    34  `
    35  
    36  // Script will emit a bash script that will export environment variables
    37  func Script(execFlags *flags.LoginExecFlags, shell string) error {
    38  	account, err := buildIdpAccount(execFlags)
    39  	if err != nil {
    40  		return errors.Wrap(err, "error building login details")
    41  	}
    42  
    43  	sharedCreds := awsconfig.NewSharedCredentials(account.Profile)
    44  
    45  	// this checks if the credentials file has been created yet
    46  	// can only really be triggered if saml2aws exec is run on a new
    47  	// system prior to creating $HOME/.aws
    48  	exist, err := sharedCreds.CredsExists()
    49  	if err != nil {
    50  		return errors.Wrap(err, "error loading credentials")
    51  	}
    52  	if !exist {
    53  		fmt.Println("unable to load credentials, login required to create them")
    54  		return nil
    55  	}
    56  
    57  	awsCreds, err := sharedCreds.Load()
    58  	if err != nil {
    59  		return errors.Wrap(err, "error loading credentials")
    60  	}
    61  
    62  	if awsCreds.Expires.Sub(time.Now()) < 0 {
    63  		return errors.New("error aws credentials have expired")
    64  	}
    65  
    66  	// annoymous struct to pass to template
    67  	data := struct {
    68  		ProfileName string
    69  		*awsconfig.AWSCredentials
    70  	}{
    71  		account.Profile,
    72  		awsCreds,
    73  	}
    74  
    75  	err = buildTmpl(shell, data)
    76  	if err != nil {
    77  		return errors.Wrap(err, "error generating template")
    78  	}
    79  
    80  	return nil
    81  }
    82  
    83  func buildTmpl(shell string, data interface{}) error {
    84  	t := template.New("envvar_script")
    85  
    86  	var err error
    87  
    88  	switch shell {
    89  	case "bash":
    90  		t, err = t.Parse(bashTmpl)
    91  	case "powershell":
    92  		t, err = t.Parse(powershellTmpl)
    93  	case "fish":
    94  		t, err = t.Parse(fishTmpl)
    95  	}
    96  
    97  	if err != nil {
    98  		return err
    99  	}
   100  
   101  	return t.Execute(os.Stdout, data)
   102  }