fix: add some logging

Author: dnitsch

.gitignore

@@ -28,4 +28,5 @@ vendor/
 .ignore*
 local/
 .deps/
-.cache/
+.cache/
+*.env

aws-cli-auth.go

@@ -2,29 +2,33 @@ package main
 
 import (
 	"context"
-	"log"
 	"os"
 	"os/signal"
 	"syscall"
+	"time"
 
 	"github.com/DevLabFoundry/aws-cli-auth/cmd"
+	"github.com/rs/zerolog"
 )
 
 func main() {
 	ctx, stop := signal.NotifyContext(context.Background(), []os.Signal{os.Interrupt, syscall.SIGTERM, os.Kill}...)
 	defer stop()
+	logger := zerolog.New(zerolog.ConsoleWriter{Out: os.Stderr, TimeFormat: time.RFC3339}).
+		Level(zerolog.ErrorLevel).
+		With().Timestamp().
+		Logger()
 
 	go func() {
 		<-ctx.Done()
 		stop()
-		// log.Printf("\x1b[31minterrupted: %s\x1b[0m", ctx.Err())
-		os.Exit(0)
+		logger.Fatal().Msgf("\x1b[31minterrupted: %s\x1b[0m", ctx.Err())
 	}()
 
-	c := cmd.New()
+	c := cmd.New(logger)
 	c.WithSubCommands(cmd.SubCommands()...)
 
 	if err := c.Execute(ctx); err != nil {
-		log.Fatalf("\x1b[31m%s\x1b[0m", err)
+		logger.Fatal().Msgf("\x1b[31m%s\x1b[0m", err)
 	}
 }

cmd/awscliauth.go

@@ -9,6 +9,7 @@ import (
 
 	"github.com/DevLabFoundry/aws-cli-auth/internal/credentialexchange"
 	"github.com/Ensono/eirctl/selfupdate"
+	"github.com/rs/zerolog"
 	"github.com/spf13/cobra"
 )
 
@@ -23,6 +24,7 @@ type Root struct {
 	// ChannelErr io.Writer
 	// viperConf  *viper.Viper
 	rootFlags *RootCmdFlags
+	logger    zerolog.Logger
 	Datadir   string
 }
 
@@ -35,9 +37,10 @@ type RootCmdFlags struct {
 	CustomIniLocation string
 }
 
-func New() *Root {
+func New(logger zerolog.Logger) *Root {
 	rf := &RootCmdFlags{}
 	r := &Root{
+		logger:    logger,
 		rootFlags: rf,
 		Cmd: &cobra.Command{
 			Use:   "aws-cli-auth",

cmd/awscliauth_test.go

@@ -12,13 +12,14 @@ import (
 	"github.com/DevLabFoundry/aws-cli-auth/cmd"
 	"github.com/DevLabFoundry/aws-cli-auth/internal/credentialexchange"
 	"github.com/DevLabFoundry/aws-cli-auth/internal/web"
+	"github.com/rs/zerolog"
 )
 
 func cmdHelperExecutor(t *testing.T, args []string) (stdOut *bytes.Buffer, errOut *bytes.Buffer, err error) {
 	t.Helper()
 	errOut = new(bytes.Buffer)
 	stdOut = new(bytes.Buffer)
-	c := cmd.New()
+	c := cmd.New(zerolog.New(io.Discard))
 	c.WithSubCommands(cmd.SubCommands()...)
 	c.Cmd.SetArgs(args)
 	c.Cmd.SetErr(errOut)

cmd/saml.go

@@ -14,6 +14,7 @@ import (
 	"github.com/aws/aws-sdk-go-v2/config"
 	"github.com/aws/aws-sdk-go-v2/service/sts"
 	validator "github.com/rezakhademix/govalidator/v2"
+	"github.com/rs/zerolog"
 	"github.com/spf13/cobra"
 	"gopkg.in/ini.v1"
 )
@@ -66,17 +67,24 @@ func newSamlCmd(r *Root) {
 			if err != nil {
 				return err
 			}
-
+			if r.rootFlags.Verbose {
+				r.logger = r.logger.Level(zerolog.DebugLevel)
+			}
+			r.logger.Debug().Str("CustomIniLocation", r.rootFlags.CustomIniLocation).Msg("if empty using default ~/.aws-cli-auth.ini")
 			iniFile, err := samlInitConfig(r.rootFlags.CustomIniLocation)
 			if err != nil {
 				return err
 			}
 
+			r.logger.Debug().Msgf("iniFile: %+v", iniFile)
+
 			conf, err := credentialexchange.LoadCliConfig(iniFile, r.rootFlags.CfgSectionName)
 			if err != nil {
 				return err
 			}
 
+			r.logger.Debug().Str("section", r.rootFlags.CfgSectionName).Msgf("loaded section: %+v", conf)
+
 			if err := ConfigFromFlags(conf, r.rootFlags, flags, user.Username); err != nil {
 				return err
 			}
@@ -97,25 +105,28 @@ func newSamlCmd(r *Root) {
 				saveRole = allRoles[len(allRoles)-1]
 			}
 
+			r.logger.Debug().Str("saveRole", saveRole).
+				Str("SsoEndpoint", conf.SsoUserEndpoint).
+				Str("SsoCredFedEndpoint", conf.SsoCredFedEndpoint).
+				Msg("")
+
 			secretStore, err := credentialexchange.NewSecretStore(saveRole,
 				fmt.Sprintf("%s-%s", credentialexchange.SELF_NAME, credentialexchange.RoleKeyConverter(saveRole)),
 				os.TempDir(), user.Username)
 			if err != nil {
 				return err
 			}
 
-			// we want to remove any AWS_* env vars that could interfere with the default config
-			// for _, envVar := range []string{"AWS_PROFILE", "AWS_ACCESS_KEY_ID",
-			// 	"AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"} {
-			// 	os.Unsetenv(envVar)
-			// }
-
-			awsConf, err := config.LoadDefaultConfig(ctx)
+			cfg, err := config.LoadDefaultConfig(ctx)
 			if err != nil {
 				return fmt.Errorf("failed to create session %s, %w", err, ErrUnableToCreateSession)
 			}
 
-			svc := sts.NewFromConfig(awsConf)
+			if cfg.Region == "" {
+				return fmt.Errorf("unable to deduce AWS region, AWS_REGION, AWS_DEFAULT_REGION, ~/.aws/config default or profile level region must be set")
+			}
+
+			svc := sts.NewFromConfig(cfg)
 			webConfig := web.NewWebConf(r.Datadir).
 				WithTimeout(flags.SamlTimeout).
 				WithCustomExecutable(conf.BaseConfig.BrowserExecutablePath)
@@ -167,7 +178,7 @@ If this flag is specified the --sso-role must also be specified.`)
 	// sc.cmd.MarkFlagsRequiredTogether("principal", "role")
 	// SSO flow for SAML
 	sc.cmd.MarkFlagsRequiredTogether("is-sso", "sso-role", "sso-region")
-	sc.cmd.PersistentFlags().Int32VarP(&flags.SamlTimeout, "saml-timeout", "", 120, "Timeout in seconds, before the operation of waiting for a response is cancelled via the chrome driver")
+	sc.cmd.PersistentFlags().Int32VarP(&flags.SamlTimeout, "saml-timeout", "", 120, "Timeout in seconds, before the operation of waiting for a response is cancelled via CDP (ChromeDeubgProto)")
 	// Add subcommand to root command
 	r.Cmd.AddCommand(sc.cmd)
 }

eirctl.yaml

@@ -1,5 +1,5 @@
 import:
-  - https://raw.githubusercontent.com/Ensono/eirctl/e71dd9d66293e27e70fd0620e63a6d627579c060/shared/build/go/eirctl.yaml
+  - https://raw.githubusercontent.com/Ensono/eirctl/refs/tags/v0.9.7/shared/build/go/eirctl.yaml
 
 contexts:
   unit:test:
@@ -12,14 +12,16 @@ contexts:
         - GO
 
 pipelines:
-  build: 
+  build:
     - task: build:unix
     - task: build:win
       depends_on: build:unix
 
   unit:test:run:
     - task: unit:test:prereqs
     - task: unit:test
+      env:
+        ROOT_PKG_NAME: github.com/DevLabFoundry
       depends_on: unit:test:prereqs
 
   bin:release:
@@ -34,7 +36,7 @@ pipelines:
 
 tasks:
   tag:
-    command: 
+    command:
       - |
         git tag -a ${VERSION} -m "ci tag release" ${REVISION}
         git push origin ${VERSION}
@@ -48,6 +50,7 @@ tasks:
     description: |
       Unit test runner needs a bit of extra care in this case to ensure we have all the dependencies
     command: |
+      unset GOTOOLCHAIN
       export GOPATH=$PWD/.deps GOBIN=$PWD/.deps/bin
       CGO_ENABLED=1 go test ./... -v -coverpkg=github.com/DevLabFoundry/... -race -mod=readonly -timeout=1m -shuffle=on -buildvcs=false -coverprofile=.coverage/out -count=1 -run=$GO_TEST_RUN_ARGS | tee .coverage/test.out
       cat .coverage/test.out | .deps/bin/go-junit-report > .coverage/report-junit.xml
@@ -56,7 +59,7 @@ tasks:
   unit:test:prereqs:
     description: Installs coverage and junit tools
     context: unit:test
-    command: 
+    command:
       - |
         mkdir -p .coverage
         export GOPATH="${PWD}/.deps" GOBIN="${PWD}/.deps/bin"
@@ -65,13 +68,14 @@ tasks:
         go install github.com/AlekSi/gocov-xml@v1.0.0
 
   clean:dir:
-    command: 
+    command:
       - |
         rm -rf dist/
 
   build:win:
     context: go1x
     description: Builds Go binary
+    reset_context: true
     command:
       - |
         mkdir -p .deps

go.mod

@@ -16,8 +16,11 @@ require (
 )
 
 require (
+	github.com/mattn/go-colorable v0.1.14 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
+	github.com/rs/zerolog v1.34.0 // indirect
 	github.com/schollz/progressbar/v3 v3.18.0 // indirect
 	golang.org/x/term v0.37.0 // indirect
 )

go.sum

@@ -40,6 +40,7 @@ github.com/chengxilo/virtualterm v1.0.4 h1:Z6IpERbRVlfB8WkOmtbHiDbBANU7cimRIof7m
 github.com/chengxilo/virtualterm v1.0.4/go.mod h1:DyxxBZz/x1iqJjFxTFcr6/x+jSpqN0iwWCOK1q10rlY=
 github.com/clipperhouse/uax29/v2 v2.2.0 h1:ChwIKnQN3kcZteTXMgb1wztSgaU+ZemkgWdohwgs8tY=
 github.com/clipperhouse/uax29/v2 v2.2.0/go.mod h1:EFJ2TJMRUaplDxHKj1qAEhCtQPW2tJSwu5BF98AuoVM=
+github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/danieljoos/wincred v1.2.3 h1:v7dZC2x32Ut3nEfRH+vhoZGvN72+dQ/snVXo/vMFLdQ=
 github.com/danieljoos/wincred v1.2.3/go.mod h1:6qqX0WNrS4RzPZ1tnroDzq9kY3fu1KwE7MRLQK4X0bs=
@@ -51,6 +52,7 @@ github.com/go-rod/rod v0.116.2 h1:A5t2Ky2A+5eD/ZJQr1EfsQSe5rms5Xof/qj296e+ZqA=
 github.com/go-rod/rod v0.116.2/go.mod h1:H+CMO9SCNc2TJ2WfrG+pKhITz57uGNYU43qYHh438Mg=
 github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U=
 github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
+github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
 github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gofrs/flock v0.13.0 h1:95JolYOvGMqeH31+FC7D2+uULf6mG61mEZ/A8dRYMzw=
@@ -65,20 +67,27 @@ github.com/invopop/jsonschema v0.13.0 h1:KvpoAJWEjR3uD9Kbm2HWJmqsEaHt8lBUpd0qHcI
 github.com/invopop/jsonschema v0.13.0/go.mod h1:ffZ5Km5SWWRAIN6wbDXItl95euhFz2uON45H2qjYt+0=
 github.com/mailru/easyjson v0.9.1 h1:LbtsOm5WAswyWbvTEOqhypdPeZzHavpZx96/n553mR8=
 github.com/mailru/easyjson v0.9.1/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
 github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-runewidth v0.0.19 h1:v++JhqYnZuu5jSKrk9RbgF5v4CGUjqRfBm05byFGLdw=
 github.com/mattn/go-runewidth v0.0.19/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs=
 github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db h1:62I3jR2EmQ4l5rM/4FEfDWcRD+abF5XlKShorW5LRoQ=
 github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/rezakhademix/govalidator/v2 v2.1.2 h1:qqCIkWC6sWr8zeW9zCkYEJxbZMt/Dn1ASXkGIQe3rDI=
 github.com/rezakhademix/govalidator/v2 v2.1.2/go.mod h1:be7JrYM3STiL5jYt1WrQN5ArR8xTov/DvWJ9yXtULj8=
 github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
+github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
+github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY=
+github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/schollz/progressbar/v3 v3.18.0 h1:uXdoHABRFmNIjUfte/Ex7WtuyVslrw2wVPQmCN62HpA=
 github.com/schollz/progressbar/v3 v3.18.0/go.mod h1:IsO3lpbaGuzh8zIMzgY3+J8l4C8GjO0Y9S69eFvNsec=
@@ -117,6 +126,9 @@ github.com/zalando/go-keyring v0.2.6 h1:r7Yc3+H+Ux0+M72zacZoItR3UDxeWfKTcabvkI8u
 github.com/zalando/go-keyring v0.2.6/go.mod h1:2TCrxYrbUNYfNS/Kgy/LSrkSQzZ5UPVH85RwfczwvcI=
 golang.org/x/crypto v0.44.0 h1:A97SsFvM3AIwEEmTBiaxPPTYpDC47w720rdiiUvgoAU=
 golang.org/x/crypto v0.44.0/go.mod h1:013i+Nw79BMiQiMsOPcVCB5ZIJbYkerPrGnOa00tvmc=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
 golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=

internal/credentialexchange/config.go

@@ -1,5 +1,11 @@
 package credentialexchange
 
+import (
+	"encoding/json"
+	"fmt"
+	"time"
+)
+
 const (
 	SELF_NAME        = "aws-cli-auth"
 	WEB_ID_TOKEN_VAR = "AWS_WEB_IDENTITY_TOKEN_FILE"
@@ -29,3 +35,43 @@ type CredentialConfig struct {
 	SsoUserEndpoint    string `ini:"is-sso-endpoint"`
 	SsoCredFedEndpoint string
 }
+
+// AWSRole aws role attributes
+type AWSRoleConfig struct {
+	RoleARN      string
+	PrincipalARN string
+	Name         string
+}
+
+// AWSCredentials is a representation of the returned credential
+type AWSCredentials struct {
+	Version         int
+	AWSAccessKey    string    `json:"AccessKeyId"`
+	AWSSecretKey    string    `json:"SecretAccessKey"`
+	AWSSessionToken string    `json:"SessionToken"`
+	PrincipalARN    string    `json:"-"`
+	Expires         time.Time `json:"Expiration"`
+}
+
+// roleCreds can be encapsulated in this function
+// never used outside of this scope for now
+type roleCreds struct {
+	RoleCreds struct {
+		AccessKey    string `json:"accessKeyId"`
+		SecretKey    string `json:"secretAccessKey"`
+		SessionToken string `json:"sessionToken"`
+		Expiration   int64  `json:"expiration"`
+	} `json:"roleCredentials"`
+}
+
+func (a *AWSCredentials) FromRoleCredString(cred string) (*AWSCredentials, error) {
+	rc := &roleCreds{}
+	if err := json.Unmarshal([]byte(cred), rc); err != nil {
+		return nil, fmt.Errorf("%s, %w", err, ErrUnmarshalCred)
+	}
+	a.AWSAccessKey = rc.RoleCreds.AccessKey
+	a.AWSSecretKey = rc.RoleCreds.SecretKey
+	a.AWSSessionToken = rc.RoleCreds.SessionToken
+	a.Expires = time.UnixMilli(rc.RoleCreds.Expiration)
+	return a, nil
+}