Merge pull request #143 from synfinatic/refresh

Remove `renew` and add `eval`

README.md

@@ -85,10 +85,10 @@ been granted access!
 
  * `cache` -- Force refresh of AWS SSO role information
  * `console` -- Open AWS Console in a browser with the selected role
+ * `eval` -- Print shell environment variables for use in your shell
  * `exec` -- Exec a command with the selected role
  * `flush` -- Force delete of cached AWS SSO credentials
  * `list` -- List all accounts & roles
- * `renew` -- Renew current AWS SSO credentials
  * `tags` -- List manually created tags for each role
  * `time` -- Print how much time remains for currently selected role
  * `version` -- Print the version of aws-sso
@@ -125,6 +125,23 @@ The generated URL is good for 15 minutes after it is created.
 The common flag `--url-action` is used both for AWS SSO authentication as well as
 what to do with the resulting URL from the `console` command.
 
+### eval
+
+Generate a series of `export VARIABLE=VALUE` lines suitable for sourcing into your
+shell.  Allows obtaining new AWS credentials without starting a new shell.  Can be
+used to refresh existing AWS credentials (automatic if it detects existing credentials
+generated by aws-sso) or by specifying the appropriate arguments.
+
+Suggested use (bash): `eval $(aws-sso eval <args>)`
+
+Flags:
+
+ * `--region <region>`, `-r` -- Specify the `$AWS_DEFAULT_REGION` to use
+ * `--arn <arn>`, `-a` -- ARN of role to assume (`$AWS_SSO_ROLE_ARN`)
+ * `--account <account>`, `-A` -- AWS AccountID of role to assume (`$AWS_SSO_ACCOUNTID`)
+ * `--duration <minutes>`, `-d` -- AWS Session duration in minutes (default 60) (`$AWS_SSO_DURATION`)
+ * `--role <role>`, `-R` -- Name of AWS Role to assume (requires `--account`) (`$AWS_SSO_ROLE`)
+
 ### exec
 
 Exec allows you to execute a command with the necessary [AWS environment variables](
@@ -197,14 +214,6 @@ Flags:
 
  * `--all` -- Also delete any non-expired AWS STS credentials from secure store
 
-### renew
-
-Generate a series of `export VARIABLE=VALUE` lines suitable for sourcing into your
-shell.  Allows obtaining new AWS credentials when your current session has expired without
-starting a new shell.
-
-Suggested use (bash): `eval $(aws-sso renew)`
-
 ### tags
 
 Tags dumps a list of AWS SSO roles with the available metadata tags.
@@ -226,7 +235,7 @@ By default the following key/values are available as tags to your roles:
 
 ### install-autocomplete
 
-Configures your appropriate shell configuration file to add auto-complete 
+Configures your appropriate shell configuration file to add auto-complete
 functionality for commands, flags and options.  Must restart your shell
 for this to take effect.
 

cmd/eval_cmd.go

@@ -0,0 +1,83 @@
+package main
+
+/*
+ * AWS SSO CLI
+ * Copyright (c) 2021 Aaron Turner  <synfinatic at gmail dot com>
+ *
+ * This program is free software: you can redistribute it
+ * and/or modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or with the authors permission any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+import (
+	"fmt"
+	"os"
+	"strconv"
+	"strings"
+
+	log "github.com/sirupsen/logrus"
+	"github.com/synfinatic/aws-sso-cli/utils"
+)
+
+type EvalCmd struct {
+	// AWS Params
+	Region    string `kong:"help='AWS Region',env='AWS_DEFAULT_REGION',predictor='region'"`
+	Duration  int64  `kong:"short='d',help='AWS Session duration in minutes (default 60)',default=60,env='AWS_SSO_DURATION'"`
+	Arn       string `kong:"short='a',help='ARN of role to assume',env='AWS_SSO_ROLE_ARN',predictor='arn',xor='arn-1',xor='arn-2'"`
+	AccountId int64  `kong:"name='account',short='A',help='AWS AccountID of role to assume',env='AWS_SSO_ACCOUNTID',predictor='accountId',xor='arn-1'"`
+	Role      string `kong:"short='R',help='Name of AWS Role to assume',env='AWS_ROLE_NAME',predictor='role',xor='arn-2'"`
+}
+
+func (cc *EvalCmd) Run(ctx *RunContext) error {
+	var err error
+
+	// if CLI args are speecified, use that
+	role := ctx.Cli.Eval.Role
+	account := ctx.Cli.Eval.AccountId
+	region := ctx.Cli.Eval.Region
+
+	if len(ctx.Cli.Eval.Arn) > 0 {
+		account, role, err = utils.ParseRoleARN(ctx.Cli.Eval.Arn)
+		if err != nil {
+			return err
+		}
+	}
+
+	// Fall back to ENV vars
+	if len(role) == 0 || account == 0 {
+		accountid := os.Getenv("AWS_ACCOUNT_ID")
+		role = os.Getenv("AWS_ROLE_NAME")
+		if len(accountid) == 0 || len(role) == 0 {
+			fmt.Printf("Please specify --arn or --account and --role")
+		}
+
+		account, err = strconv.ParseInt(accountid, 10, 64)
+		if err != nil {
+			return fmt.Errorf("Unable to parse AWS_ACCOUNT_ID = %s: %s", accountid, err.Error())
+		}
+		log.Infof("Refreshing current AWS Role credentials")
+	}
+
+	if len(region) == 0 {
+		region = ctx.Settings.GetDefaultRegion(account, role)
+	}
+
+	awssso := doAuth(ctx)
+	for k, v := range execShellEnvs(ctx, awssso, account, role, region) {
+		if strings.Contains(v, " ") {
+			fmt.Printf("export %s=\"%s\"\n", k, v)
+		} else {
+			fmt.Printf("export %s=%s\n", k, v)
+		}
+	}
+	return nil
+}

cmd/exec_cmd.go

@@ -36,11 +36,11 @@ import (
 
 type ExecCmd struct {
 	// AWS Params
-	Region    string `kong:"optional,name='region',help='AWS Region',env='AWS_DEFAULT_REGION',predictor='region'"`
-	Duration  int64  `kong:"optional,name='duration',short='d',help='AWS Session duration in minutes (default 60)',default=60,env='AWS_SSO_DURATION'"`
-	Arn       string `kong:"optional,name='arn',short='a',help='ARN of role to assume',env='AWS_SSO_ROLE_ARN',predictor='arn'"`
-	AccountId int64  `kong:"optional,name='account',short='A',help='AWS AccountID of role to assume',env='AWS_SSO_ACCOUNTID',predictor='accountId'"`
-	Role      string `kong:"optional,name='role',short='R',help='Name of AWS Role to assume',env='AWS_SSO_ROLE',predictor='role'"`
+	Region    string `kong:"help='AWS Region',env='AWS_DEFAULT_REGION',predictor='region'"`
+	Duration  int64  `kong:"short='d',help='AWS Session duration in minutes (default 60)',default=60,env='AWS_SSO_DURATION'"`
+	Arn       string `kong:"short='a',help='ARN of role to assume',env='AWS_SSO_ROLE_ARN',predictor='arn'"`
+	AccountId int64  `kong:"name='account',short='A',help='AWS AccountID of role to assume',env='AWS_SSO_ACCOUNTID',predictor='accountId'"`
+	Role      string `kong:"short='R',help='Name of AWS Role to assume',env='AWS_SSO_ROLE',predictor='role'"`
 
 	// Exec Params
 	Cmd  string   `kong:"arg,optional,name='command',help='Command to execute',env='SHELL'"`

cmd/main.go

@@ -92,9 +92,9 @@ type CLI struct {
 	Cache              CacheCmd                     `kong:"cmd,help='Force reload of cached AWS SSO role info and config.yaml'"`
 	Console            ConsoleCmd                   `kong:"cmd,help='Open AWS Console using specificed AWS Role/profile'"`
 	Exec               ExecCmd                      `kong:"cmd,help='Execute command using specified AWS Role/Profile'"`
+	Eval               EvalCmd                      `kong:"cmd,help='Print AWS Environment vars for use with eval $(aws-sso eval ...)'"`
 	Flush              FlushCmd                     `kong:"cmd,help='Flush AWS SSO/STS credentials from cache'"`
 	List               ListCmd                      `kong:"cmd,help='List all accounts / role (default command)',default='1'"`
-	Renew              RenewCmd                     `kong:"cmd,help='Print renewed AWS credentials for your shell'"`
 	Tags               TagsCmd                      `kong:"cmd,help='List tags'"`
 	Time               TimeCmd                      `kong:"cmd,help='Print out much time before STS Token expires'"`
 	Version            VersionCmd                   `kong:"cmd,help='Print version and exit'"`

go.mod

@@ -7,7 +7,7 @@ replace github.com/keybase/go-keychain => github.com/99designs/go-keychain v0.0.
 
 require (
 	github.com/99designs/keyring v1.1.6
-	github.com/alecthomas/kong v0.2.17
+	github.com/alecthomas/kong v0.2.18
 	github.com/atotto/clipboard v0.1.4
 	github.com/aws/aws-sdk-go v1.38.40
 	github.com/c-bata/go-prompt v0.2.5 // 0.2.6 is broken

go.sum

@@ -5,8 +5,8 @@ github.com/99designs/keyring v1.1.6 h1:kVDC2uCgVwecxCk+9zoCt2uEL6dt+dfVzMvGgnVcI
 github.com/99designs/keyring v1.1.6/go.mod h1:16e0ds7LGQQcT59QqkTg72Hh5ShM51Byv5PEmW6uoRU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/alecthomas/kong v0.2.2/go.mod h1:kQOmtJgV+Lb4aj+I2LEn40cbtawdWJ9Y8QLq+lElKxE=
-github.com/alecthomas/kong v0.2.17 h1:URDISCI96MIgcIlQyoCAlhOmrSw6pZScBNkctg8r0W0=
-github.com/alecthomas/kong v0.2.17/go.mod h1:ka3VZ8GZNPXv9Ov+j4YNLkI8mTuhXyr/0ktSlqIydQQ=
+github.com/alecthomas/kong v0.2.18 h1:H05f55eRO5f9gusObxgjpqKtozJNvniqMTuOPnf+2SQ=
+github.com/alecthomas/kong v0.2.18/go.mod h1:ka3VZ8GZNPXv9Ov+j4YNLkI8mTuhXyr/0ktSlqIydQQ=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4=