-
Notifications
You must be signed in to change notification settings - Fork 44
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Switch to Cobra for CLI * fix metadata command * use arg for role name instead of flag, clean up pkger before build * go fmt * iron out cli a little, add support for fish exports * update readme, bump version
- Loading branch information
1 parent
acb6af8
commit 2baf8f1
Showing
19 changed files
with
447 additions
and
245 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
package challenge | ||
|
||
type ConsolemeChallenge struct { | ||
ChallengeURL string `json:"challenge_url"` | ||
PollingUrl string `json:"polling_url"` | ||
} | ||
|
||
type ConsolemeChallengeResponse struct { | ||
Status string `json:"status"` | ||
EncodedJwt string `json:"encoded_jwt"` | ||
CookieName string `json:"cookie_name"` | ||
WantSecure bool `json:"secure"` | ||
WantHttpOnly bool `json:"http_only"` | ||
SameSite int `json:"same_site"` | ||
Expires int64 `json:"expiration"` | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
package cmd | ||
|
||
import ( | ||
"fmt" | ||
"github.com/netflix/weep/consoleme" | ||
"github.com/spf13/cobra" | ||
"os" | ||
"strings" | ||
) | ||
|
||
var ( | ||
exportRole string | ||
exportNoIPRestrict bool | ||
) | ||
|
||
func init() { | ||
exportCmd.PersistentFlags().BoolVarP(&exportNoIPRestrict, "no-ip", "n", false, "remove IP restrictions") | ||
rootCmd.AddCommand(exportCmd) | ||
} | ||
|
||
var exportCmd = &cobra.Command{ | ||
Use: "export [role_name]", | ||
Short: "Retrieve credentials to be exported as environment variables", | ||
Args: cobra.ExactArgs(1), | ||
RunE: runExport, | ||
} | ||
|
||
func runExport(cmd *cobra.Command, args []string) error { | ||
exportRole = args[0] | ||
client, err := consoleme.GetClient() | ||
if err != nil { | ||
return err | ||
} | ||
creds, err := client.GetRoleCredentials(exportRole, exportNoIPRestrict) | ||
if err != nil { | ||
return err | ||
} | ||
printExport(creds) | ||
return nil | ||
} | ||
|
||
// isFish will try its best to identify if we're running in fish shell | ||
func isFish() bool { | ||
shellVar := os.Getenv("SHELL") | ||
|
||
if strings.Contains(shellVar, "fish") { | ||
return true | ||
} else { | ||
return false | ||
} | ||
} | ||
|
||
func printExport(creds consoleme.AwsCredentials) { | ||
if isFish() { | ||
// fish has a different way of setting variables than bash/zsh and others | ||
fmt.Printf("set -x AWS_ACCESS_KEY_ID %s && set -x AWS_SECRET_ACCESS_KEY %s && set -x AWS_SESSION_TOKEN %s\n", | ||
creds.AccessKeyId, creds.SecretAccessKey, creds.SessionToken) | ||
} else { | ||
fmt.Printf("export AWS_ACCESS_KEY_ID=%s && export AWS_SECRET_ACCESS_KEY=%s && export AWS_SESSION_TOKEN=%s\n", | ||
creds.AccessKeyId, creds.SecretAccessKey, creds.SessionToken) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
package cmd | ||
|
||
import ( | ||
"fmt" | ||
"github.com/netflix/weep/consoleme" | ||
"github.com/spf13/cobra" | ||
) | ||
|
||
func init() { | ||
rootCmd.AddCommand(listCmd) | ||
} | ||
|
||
var listCmd = &cobra.Command{ | ||
Use: "list", | ||
Short: "List available roles", | ||
RunE: runList, | ||
} | ||
|
||
func runList(cmd *cobra.Command, args []string) error { | ||
client, err := consoleme.GetClient() | ||
if err != nil { | ||
return err | ||
} | ||
roles, err := client.Roles() | ||
if err != nil { | ||
return err | ||
} | ||
fmt.Println("Roles:") | ||
for i := range roles { | ||
fmt.Println(" ", roles[i]) | ||
} | ||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
package cmd | ||
|
||
import ( | ||
"fmt" | ||
"github.com/gorilla/mux" | ||
"github.com/netflix/weep/consoleme" | ||
"github.com/netflix/weep/handlers" | ||
"github.com/netflix/weep/metadata" | ||
log "github.com/sirupsen/logrus" | ||
"github.com/spf13/cobra" | ||
"net" | ||
"net/http" | ||
"os" | ||
"os/signal" | ||
"syscall" | ||
) | ||
|
||
var ( | ||
metadataRole string | ||
metadataRegion string | ||
metadataListenAddr string | ||
metadataListenPort int | ||
) | ||
|
||
func init() { | ||
metadataCmd.PersistentFlags().StringVarP(&metadataRegion, "region", "r", "us-east-1", "region of metadata service") | ||
metadataCmd.PersistentFlags().StringVarP(&metadataListenAddr, "listen-address", "a", "127.0.0.1", "IP address for metadata service to listen on") | ||
metadataCmd.PersistentFlags().IntVarP(&metadataListenPort, "port", "p", 9090, "port for metadata service to listen on") | ||
rootCmd.AddCommand(metadataCmd) | ||
} | ||
|
||
var metadataCmd = &cobra.Command{ | ||
Use: "metadata [role_name]", | ||
Short: "Run a local Instance Metadata Service (IMDS) endpoint that serves credentials", | ||
Args: cobra.ExactArgs(1), | ||
RunE: runMetadata, | ||
} | ||
|
||
func runMetadata(cmd *cobra.Command, args []string) error { | ||
metadataRole = args[0] | ||
metadata.Role = metadataRole | ||
metadata.MetadataRegion = metadataRegion | ||
client, err := consoleme.GetClient() | ||
if err != nil { | ||
return err | ||
} | ||
ipaddress := net.ParseIP(metadataListenAddr) | ||
|
||
if ipaddress == nil { | ||
fmt.Println("Invalid IP: ", metadataListenAddr) | ||
os.Exit(1) | ||
} | ||
|
||
listenAddr := fmt.Sprintf("%s:%d", ipaddress, metadataListenPort) | ||
|
||
router := mux.NewRouter() | ||
router.HandleFunc("/{version}/", handlers.MetaDataServiceMiddleware(handlers.BaseVersionHandler)) | ||
router.HandleFunc("/{version}/api/token", handlers.MetaDataServiceMiddleware(handlers.TokenHandler)).Methods("PUT") | ||
router.HandleFunc("/{version}/meta-data", handlers.MetaDataServiceMiddleware(handlers.BaseHandler)) | ||
router.HandleFunc("/{version}/meta-data/", handlers.MetaDataServiceMiddleware(handlers.BaseHandler)) | ||
router.HandleFunc("/{version}/meta-data/iam/info", handlers.MetaDataServiceMiddleware(handlers.IamInfoHandler)) | ||
router.HandleFunc("/{version}/meta-data/iam/security-credentials/", handlers.MetaDataServiceMiddleware(handlers.RoleHandler)) | ||
router.HandleFunc("/{version}/meta-data/iam/security-credentials/{role}", handlers.MetaDataServiceMiddleware(handlers.CredentialsHandler)) | ||
router.HandleFunc("/{version}/dynamic/instance-identity/document", handlers.MetaDataServiceMiddleware(handlers.InstanceIdentityDocumentHandler)) | ||
router.HandleFunc("/{path:.*}", handlers.MetaDataServiceMiddleware(handlers.CustomHandler)) | ||
|
||
go metadata.StartMetaDataRefresh(client) | ||
|
||
go func() { | ||
log.Info("Starting weep meta-data service...") | ||
log.Info("Server started on: ", listenAddr) | ||
log.Info(http.ListenAndServe(listenAddr, router)) | ||
}() | ||
|
||
// Check for interrupt signal and exit cleanly | ||
quit := make(chan os.Signal, 1) | ||
signal.Notify(quit, syscall.SIGINT, syscall.SIGTERM) | ||
<-quit | ||
log.Print("Shutdown signal received, exiting weep meta-data service...") | ||
|
||
return nil | ||
} |
Oops, something went wrong.