Merge pull request #98 from Cox-Automotive/develop

2.17.0

.gitignore

@@ -1 +1,2 @@
-node_modules
+node_modules
+.idea/

README.md

@@ -75,7 +75,7 @@ docker run -it -v ~:/root coxauto/alks-cli
 If you are on a windows host and need SET instead of export then add a PLATFORM env:
 
 ```
-docker run -it -e PLATFORM=windows -v %USERPROFILE%:/root coxauto/alks-cli sessions open -a %AWS_ACCT% -r %AWS_ROLE% -o env 
+docker run -it -e PLATFORM=windows -v %USERPROFILE%:/root coxauto/alks-cli sessions open -a %AWS_ACCT% -r %AWS_ROLE% -o env
 ```
 
 # Commands
@@ -173,6 +173,21 @@ Arguments:
 
 Outputs the created role's ARN.
 
+### `iam createtrustrole`
+
+`alks iam createtrustrole` Creates a new IAM Trust role for the requested type in the specified AWS account.
+
+Arguments:
+
+* `-T [trustarn]` Your trust arn
+* `-n [roleName]` The name of the role, be sure to wrap in quotes, alphanumeric including: `@+=._-`
+* `-t [roleType]` The role type `Cross Account` or `Inner Account`, be sure to wrap in quotes
+* `-a [alksAccount]`: ALKS account to use
+* `-r [alksRole]`: ALKS role to use
+* `-F` Filters favorite accounts
+
+Outputs the created role's ARN.
+
 ### `iam deleterole`
 
 `alks iam deleterole` Deletes a previously created IAM role in the specified AWS account. Note this only works for IAM roles that were created with ALKS.
@@ -257,3 +272,4 @@ ALKS CLI will output in a variety of formats, it uses the developer default (set
 * `set`: Outputs environment variables via `SET`
 * `powershell`: Outputs environment variables for Windows PowerShell
 * `fishshell`: Outputs environment variables for Fishshell
+* `terraform`: Outputs environment variables prefixed with `ALKS`

bin/alks-developer-accounts

@@ -7,7 +7,7 @@ var program   = require('commander'),
     clc       = require('cli-color'),
     _         = require('underscore'),
     async     = require('async'),
-    Table     = require('cli-table2'),
+    Table     = require('cli-table3'),
     alks      = require('alks-node'),
     config    = require('../package.json'),
     Developer = require('../lib/developer'),

bin/alks-developer-favorites

@@ -7,7 +7,6 @@ var program   = require('commander'),
     clc       = require('cli-color'),
     _         = require('underscore'),
     async     = require('async'),
-    Table     = require('cli-table2'),
     alks      = require('alks-node'),
     inquirer  = require('inquirer'),
     config    = require('../package.json'),

bin/alks-developer-info

@@ -7,7 +7,7 @@ var program   = require('commander'),
     clc       = require('cli-color'),
     _         = require('underscore'),
     async     = require('async'),
-    Table     = require('cli-table2'),
+    Table     = require('cli-table3'),
     config    = require('../package.json'),
     Developer = require('../lib/developer'),
     utils     = require('../lib/utils');

bin/alks-iam

@@ -10,6 +10,7 @@ var program   = require('commander'),
 program
     .version(config.version)
     .command('createrole', 'create IAM role')
+    .command('createtrustrole', 'create IAM trust role')
     .command('deleterole', 'remove an IAM role')
     .command('roletypes',  'list the available iam role types')
     .command('createltk',  'create a longterm key')

bin/alks-iam-createltk

@@ -34,7 +34,10 @@ var NAME_REGEX  = /^[a-zA-Z0-9!@+=._-]+$/g,
     output      = program.output || 'text';
 
 utils.log(program, logger, 'validating iam user name: ' + iamUsername);
-if(_.isEmpty(iamUsername) || !NAME_REGEX.test(iamUsername)){
+if(_.isEmpty(iamUsername)){
+    utils.errorAndExit('Please provide a username (-n)');
+}
+else if(!NAME_REGEX.test(iamUsername)){
     utils.errorAndExit('The username provided contains illegal characters. It must be ' + nameDesc);
 }
 

bin/alks-iam-createtrustrole

@@ -0,0 +1,82 @@
+#!/usr/bin/env node
+'use strict';
+
+process.title = 'ALKS';
+
+var program   = require('commander'),
+    _         = require('underscore'),
+    clc       = require('cli-color'),
+    alks      = require('alks-node'),
+    Iam       = require('../lib/iam'),
+    utils     = require('../lib/utils'),
+    Developer = require('../lib/developer'),
+    config    = require('../package.json');
+
+var logger       = 'iam-createtrustrole',
+    roleNameDesc = 'alphanumeric including @+=._-',
+    trustArnDesc = 'arn:aws|aws-us-gov:iam::d{12}:role/TestRole';
+
+program
+    .version(config.version)
+    .description('creates a new IAM Trust role')
+    .option('-n, --rolename [rolename]', 'the name of the role, ' + roleNameDesc)
+    .option('-t, --roletype [roletype]', 'the role type: Cross Account or Inner Account')
+    .option('-T, --trustarn [trustarn]', 'trust arn, ' + trustArnDesc)
+    .option('-a, --account [alksAccount]', 'alks account to use')
+    .option('-r, --role [alksRole]', 'alks role to use')
+    .option('-F, --favorites', 'filters favorite accounts')
+    .option('-v, --verbose', 'be verbose')
+    .parse(process.argv);
+
+var ROLE_NAME_REGEX = /^[a-zA-Z0-9!@+=._-]+$/g,
+    TRUST_ARN_REGEX = /arn:(aws|aws-us-gov):iam::\d{12}:role\/?[a-zA-Z_0-9+=,.@-_/]+/g,
+    roleName        = program.rolename,
+    roleType        = program.roletype,
+    trustArn        = program.trustarn,
+    alksAccount     = program.account,
+    alksRole        = program.role,
+    filterFaves     = program.favorites || false;
+
+utils.log(program, logger, 'validating role name: ' + roleName);
+if(_.isEmpty(roleName) || !ROLE_NAME_REGEX.test(roleName)){
+    utils.errorAndExit('The role name provided contains illegal characters. It must be ' + roleNameDesc);
+}
+
+utils.log(program, logger, 'validating role type: ' + roleType);
+if(_.isEmpty(roleType) || (roleType !== "Cross Account" && roleType !== "Inner Account")){
+    utils.errorAndExit('The role type is required');
+}
+
+utils.log(program, logger, 'validating trust arn: ' + trustArn);
+if(_.isEmpty(trustArn) || !TRUST_ARN_REGEX.test(trustArn)){
+    utils.errorAndExit('The trust arn provided contains illegal characters. It must be ' + trustArnDesc);
+}
+
+if(!_.isUndefined(alksAccount) && _.isUndefined(alksRole)){
+    utils.log(program, logger, 'trying to extract role from account');
+    alksRole = utils.tryToExtractRole(alksAccount);
+}
+
+Iam.getIAMKey(program, logger, alksAccount, alksRole, false, filterFaves, function(err, key, developer){
+    if(err){
+        return utils.errorAndExit(err);
+    }
+
+    // create the role
+    var data = _.extend({}, developer, key);
+    utils.log(program, logger, 'calling api to create trust role: ' + roleName);
+    delete data.userid
+    alks.createIamTrustRole(data, null, roleName, roleType, trustArn, { debug: program.verbose, ua: utils.getUA() }, function(err, data){
+        if(err){
+            return utils.errorAndExit(err);
+        }
+
+        console.error(clc.white(['The role: ', data.roleName, ' was created with the ARN: '].join('')) + clc.white.underline(data.roleArn));
+        if(data.instanceProfileArn){
+            console.error(clc.white(['An instance profile was also created with the ARN: '].join('')) + clc.white.underline(data.instanceProfileArn));
+        }
+        utils.log(program, logger, 'checking for updates');
+        utils.checkForUpdate();
+        Developer.trackActivity(logger);
+    });
+});

bin/alks-sessions-list

@@ -6,7 +6,7 @@ process.title = 'ALKS';
 var program   = require('commander'),
     clc       = require('cli-color'),
     _         = require('underscore'),
-    Table     = require('cli-table2'),
+    Table     = require('cli-table3'),
     moment    = require('moment'),
     async     = require('async'),
     config    = require('../package.json'),

changelog.txt

@@ -1,10 +1,14 @@
-★ Release Notes: 2018-05-08 ★
+★ Release Notes: 2018-07-18 ★
 ≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡
 
 Thanks for upgrading to the latest version of the ALKS CLI!
 
-→ Support for running without configuring (supply $ALKS_SERVER & $ALKS_USERID)
-→ Fix for missing AWS credentials file
+→ Developer configure will no longer show existing password in plaintext
+→ Improved error messaging during developer configure
+→ Output support for ALKS Terraform provider (`-o terraform`)
+→ ALKS DB location is configurable via env param (`ALKS_DB=`)
+→ Adds support for creating trust roles (`alks iam createtrustrole`)
+→ Resolves issue where `alks sessions list` would prune non-expired keys
 
 → Have feedback? https://github.com/Cox-Automotive/ALKS-CLI/issues
 

lib/keys.js

@@ -143,32 +143,33 @@ exports.getKeys = function(password, isIAM, callback){
 
         // first delete any expired keys
         keys.removeWhere({ expires : { '$lte': now } });
-        db.save();
-
-        // now get valid keys, decrypt their values and return
-        var data = keys
-                    .chain()
-                    .find({ isIAM : { '$eq': isIAM } })
-                    .simplesort('expires')
-                    .data();
-
-        var dataOut = [];
-        _.each(data, function(keydata, i){
-            // try catch here since we upgraded encryption and previously encrypted sessions will fail to decrypt
-            try{
-                keydata.accessKey    = decrypt(keydata.accessKey, password);
-                keydata.secretKey    = decrypt(keydata.secretKey, password);
-                keydata.sessionToken = decrypt(keydata.sessionToken, password);
-                keydata.alksAccount  = decrypt(keydata.alksAccount, password);
-                keydata.alksRole     = decrypt(keydata.alksRole, password);
-                keydata.isIAM        = isIAM;
-                dataOut.push(keydata);
-            } catch(e){
-                // console.warn('Error decrypting session data.', e.message);
-            }
+        // save the db to prune expired keys, wait for transaction to complete
+        db.save(function(){
+            // now get valid keys, decrypt their values and return
+            var data = keys
+                        .chain()
+                        .find({ isIAM : { '$eq': isIAM } })
+                        .simplesort('expires')
+                        .data();
+
+            var dataOut = [];
+            _.each(data, function(keydata, i){
+                // try catch here since we upgraded encryption and previously encrypted sessions will fail to decrypt
+                try{
+                    keydata.accessKey    = decrypt(keydata.accessKey, password);
+                    keydata.secretKey    = decrypt(keydata.secretKey, password);
+                    keydata.sessionToken = decrypt(keydata.sessionToken, password);
+                    keydata.alksAccount  = decrypt(keydata.alksAccount, password);
+                    keydata.alksRole     = decrypt(keydata.alksRole, password);
+                    keydata.isIAM        = isIAM;
+                    dataOut.push(keydata);
+                } catch(e){
+                    // console.warn('Error decrypting session data.', e.message);
+                }
+            });
+
+            callback(null, dataOut);
         });
-
-        callback(null, dataOut);
     });
 };
 
@@ -189,6 +190,14 @@ exports.getKeyOutput = function(format, key, profile, force){
             ' -e AWS_SESSION_EXPIRES=', keyExpires
         ].join('');
     }
+    else if(format === 'terraform'){
+        return [
+            ' -e ALKS_ACCESS_KEY_ID=', key.accessKey,
+            ' -e ALKS_SECRET_ACCESS_KEY=', key.secretKey,
+            ' -e ALKS_SESSION_TOKEN=', key.sessionToken,
+            ' -e ALKS_SESSION_EXPIRES=', keyExpires
+        ].join('');
+    }
     else if(format === 'json'){
         return JSON.stringify(key, null, 4);
     }

lib/utils.js

@@ -6,7 +6,7 @@ var _        = require('underscore'),
     fuzzy    = require('fuzzy'),
     exec     = require('child_process').exec,
     clc      = require('cli-color'),
-    Table    = require('cli-table2'),
+    Table    = require('cli-table3'),
     path     = require('path'),
     os       = require('os'),
     fs       = require('fs'),
@@ -42,7 +42,7 @@ exports.deprecationWarning = function(msg){
 };
 
 exports.getDBFile = function(){
-    var path = exports.getFilePathInHome('alks.db');
+    var path = process.env.ALKS_DB || exports.getFilePathInHome('alks.db');
 
     // if we have a db, chmod it
     if(fs.existsSync(path)){
@@ -67,7 +67,7 @@ exports.getFilePathInHome = function(filename){
 
 exports.getOutputValues = function(){
     // if adding new output types be sure to update keys.js:getKeyOutput
-    return [ 'env', 'json', 'docker', 'creds', 'idea', 'export', 'set', 'powershell', 'fishshell' ];
+    return [ 'env', 'json', 'docker', 'creds', 'idea', 'export', 'set', 'powershell', 'fishshell', 'terraform' ];
 };
 
 exports.trim = function(str){