Skip to content

feat(assume): add --export-as option #942

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
QuentinBtd wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(assume): add --export-as option #942

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 21 additions & 11 deletions pkg/assume/assume.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import (
"github.com/common-fate/clio"
"github.com/common-fate/clio/ansi"
"github.com/common-fate/clio/clierr"
"github.com/fatih/color"
"github.com/fwdcloudsec/granted/pkg/assumeprint"
"github.com/fwdcloudsec/granted/pkg/browser"
"github.com/fwdcloudsec/granted/pkg/cfaws"
Expand All @@ -30,7 +31,6 @@ import (
"github.com/fwdcloudsec/granted/pkg/launcher"
"github.com/fwdcloudsec/granted/pkg/testable"
cfflags "github.com/fwdcloudsec/granted/pkg/urfav_overrides"
"github.com/fatih/color"
"github.com/hako/durafmt"
"github.com/urfave/cli/v2"
"gopkg.in/ini.v1"
Expand Down Expand Up @@ -465,19 +465,29 @@ func AssumeCommand(c *cli.Context) error {
clio.Success("Exported credentials to .env file successfully")
}

if assumeFlags.Bool("export") || cfg.ExportCredsToAWS {
err = cfaws.ExportCredsToProfile(profile.Name, creds)
exportAsProfileName := strings.TrimSpace(assumeFlags.String("export-as"))
if assumeFlags.Bool("export") || cfg.ExportCredsToAWS || exportAsProfileName != "" {
exportProfileName := profile.Name
applyExportSuffix := true
if exportAsProfileName != "" {
exportProfileName = exportAsProfileName
applyExportSuffix = false
}

err = cfaws.ExportCredsToProfileWithOptions(exportProfileName, creds, applyExportSuffix)
if err != nil {
return err
}
var profileName string
if cfg.ExportCredentialSuffix == nil {
profileName = profile.Name
clio.Warn("No credential suffix found. This can cause issues with using exported credentials if conflicting profiles exist. Run `granted settings export-suffix set` to set one. Set to empty string to supress this warning")
} else if *cfg.ExportCredentialSuffix != "" {
profileName = profile.Name + "-" + *cfg.ExportCredentialSuffix
} else {
profileName = profile.Name
profileName := exportProfileName
if applyExportSuffix {
if cfg.ExportCredentialSuffix == nil {
profileName = profile.Name
clio.Warn("No credential suffix found. This can cause issues with using exported credentials if conflicting profiles exist. Run `granted settings export-suffix set` to set one. Set to empty string to supress this warning")
} else if *cfg.ExportCredentialSuffix != "" {
profileName = profile.Name + "-" + *cfg.ExportCredentialSuffix
} else {
profileName = profile.Name
}
}

credentialsFilePath := cfaws.GetAWSCredentialsPath()
Expand Down
1 change: 1 addition & 0 deletions pkg/assume/entrypoint.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ func GlobalFlags() []cli.Flag {
&cli.BoolFlag{Name: "terminal", Aliases: []string{"t"}, Usage: "Use this with '-c' to open a console session and export credentials into the terminal at the same time."},
&cli.BoolFlag{Name: "env", Aliases: []string{"e"}, Usage: "Export credentials to a .env file"},
&cli.BoolFlag{Name: "export", Aliases: []string{"ex"}, Usage: "Export credentials to a ~/.aws/credentials file"},
&cli.StringFlag{Name: "export-as", Usage: "Export credentials to ~/.aws/credentials using a custom profile name"},
&cli.BoolFlag{Name: "export-sso-token", Aliases: []string{"es"}, Usage: "Export sso token to ~/.aws/sso/cache"},
&cli.BoolFlag{Name: "unset", Aliases: []string{"un"}, Usage: "Unset all environment variables configured by Assume"},
&cli.BoolFlag{Name: "url", Aliases: []string{"u"}, Usage: "Get an active console session url"},
Expand Down
19 changes: 13 additions & 6 deletions pkg/cfaws/cred_exporter.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,11 @@ import (

// ExportCredsToProfile will write assumed credentials to ~/.aws/credentials with a specified profile name header
func ExportCredsToProfile(profileName string, creds aws.Credentials) error {
return ExportCredsToProfileWithOptions(profileName, creds, true)
}

// ExportCredsToProfileWithOptions will write assumed credentials to ~/.aws/credentials with additional export options
func ExportCredsToProfileWithOptions(profileName string, creds aws.Credentials, applySuffix bool) error {
// fetch the parsed cred file
credPath := GetAWSCredentialsPath()

Expand Down Expand Up @@ -40,13 +45,15 @@ func ExportCredsToProfile(profileName string, creds aws.Credentials) error {
return err
}

cfg, err := gconfig.Load()
if err != nil {
return err
}
if applySuffix {
cfg, err := gconfig.Load()
if err != nil {
return err
}

if cfg.ExportCredentialSuffix != nil && *cfg.ExportCredentialSuffix!= "" {
profileName = profileName + "-" + *cfg.ExportCredentialSuffix
if cfg.ExportCredentialSuffix != nil && *cfg.ExportCredentialSuffix != "" {
profileName = profileName + "-" + *cfg.ExportCredentialSuffix
}
}

credentialsFile.DeleteSection(profileName)
Expand Down