Skip to content

Commit

Permalink
Merge pull request #75 from Cox-Automotive/develop
Browse files Browse the repository at this point in the history 
LTK support
  • Loading branch information
@brianantonelli
brianantonelli authored Nov 14, 2017
2 parents 7e7487d + 62d674e commit d034741
Show file tree
Hide file tree
Showing 13 changed files with 1,729 additions and 632 deletions.
30 changes: 30 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,10 @@ docker run -it -e PLATFORM=windows -v %USERPROFILE%:/root coxauto/alks-cli sessi

`alks developer configure` - Configures ALKS

### `developer favorites`

`alks developer favorites` - Configure which accounts are favorites

### `developer switch`

`alks developer switch` - Switch the active ALKS account/role
Expand Down Expand Up @@ -128,6 +132,7 @@ Arguments:
* `-N` Forces a new session to be generated
* `-d` Uses your default account from `alks developer configure`
* `-f` If output is set to creds, force overwriting of AWS credentials if they already exist
* `-F` Filters favorite accounts

Output values:

Expand All @@ -149,6 +154,7 @@ Arguments:
* `-N` Forces a new session to be generated
* `-d` Uses your default account from `alks developer configure`
* `-p [password]` Your password
* `-F` Filters favorite accounts

### `sessions list`

Expand All @@ -170,6 +176,7 @@ Arguments:
* `-n [roleName]` The name of the role, be sure to wrap in quotes, alphanumeric including: `@+=._-`
* `-t [roleType]` The role type, to see available roles: `alks iam roletypes`, be sure to wrap in quotes
* `-d`: Include default policies, defaults to false
* `-F` Filters favorite accounts

Outputs the created role's ARN.

Expand All @@ -192,6 +199,29 @@ Arguments:

Outputs a list of available role types.

### `iam createltk`

`alks iam createltk` Creates a new long term key in the specified AWS account.

Arguments:

* `-p [password]` Your password
* `-a [account]` The ALKS account to use, be sure to wrap in quotes
* `-r [role]` The ALKS role to use, be sure to wrap in quotes
* `-n [iamusername]` The name of the IAM user associated with the LTK, be sure to wrap in quotes, alphanumeric including: `@+=._-`
* `-F` Filters favorite accounts

Outputs the created user's ARN along with the long term access key and long term secret key.

### `iam deleteltk`

`alks iam deleteltk` Deletes a previously created LTK in the specified AWS account.

Arguments:

* `-p [password]` Your password
* `-n [iamusername]` The name of the IAM user, be sure to wrap in quotes, alphanumeric including: `@+=._-`

# Output Formats

ALKS CLI will output in a variety of formats:
Expand Down
2 changes: 1 addition & 1 deletion bin/alks-developer-configure
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ program
var logger = 'dev-config';

function getPrompt(field, data, text, validator, callback){
inquirer.prompt([{
utils.getStdErrPrompt()([{
type: 'input',
name: field,
message: text,
Expand Down
4 changes: 3 additions & 1 deletion bin/alks-iam
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,10 @@ var program = require('commander'),
program
.version(config.version)
.command('createrole', 'create IAM role')
.command('deleterole', 'remove an IAM role')
.command('deleterole', 'remove an IAM role')
.command('roletypes', 'list the available iam role types')
.command('createltk', 'create a longterm key')
.command('deleteltk', 'delete a longterm key')
.parse(process.argv);

utils.subcommandSuggestion(program, 'iam');
68 changes: 68 additions & 0 deletions bin/alks-iam-createltk
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
#!/usr/bin/env node
'use strict';

process.title = 'ALKS';

var program = require('commander'),
_ = require('underscore'),
clc = require('cli-color'),
alks = require('alks-node'),
Iam = require('../lib/iam'),
utils = require('../lib/utils'),
Developer = require('../lib/developer'),
config = require('../package.json');

var logger = 'iam-createltk',
nameDesc = 'alphanumeric including @+=._-';

program
.version(config.version)
.description('creates a new IAM Longterm Key')
.option('-n, --iamusername [iamUsername]', 'the name of the iam user associated with the LTK, ' + nameDesc)
.option('-a, --account [alksAccount]', 'alks account to use')
.option('-r, --role [alksRole]', 'alks role to use')
.option('-F, --favorites', 'filters favorite accounts')
.option('-v, --verbose', 'be verbose')
.parse(process.argv);

var NAME_REGEX = /^[a-zA-Z0-9!@+=._-]+$/g,
iamUsername = program.iamusername,
alksAccount = program.account,
alksRole = program.role,
filterFaves = program.favorites || false;

utils.log(program, logger, 'validating iam user name: ' + iamUsername);
if(_.isEmpty(iamUsername) || !NAME_REGEX.test(iamUsername)){
utils.errorAndExit('The username provided contains illegal characters. It must be ' + nameDesc);
}

if(!_.isUndefined(alksAccount) && _.isUndefined(alksRole)){
utils.log(program, logger, 'trying to extract role from account');
alksRole = utils.tryToExtractRole(alksAccount);
}

Iam.getIAMAccount(program, logger, alksAccount, alksRole, filterFaves, function(err, developer, password, alksAccount, alksRole){
if(err){
return utils.errorAndExit(err);
}

// create the LTK
var data = _.extend({}, developer);
data.alksAccount = alksAccount;
data.alksRole = alksRole;
utils.log(program, logger, 'calling api to create ltk: ' + iamUsername);

alks.createLongTermKey(data, password, iamUsername, { debug: program.verbose, ua: utils.getUA() }, function(err, data){
if(err){
return utils.errorAndExit(err);
}

console.error(clc.white(['LTK created for IAM User: ', iamUsername, ' was created with the ARN: '].join('')) + clc.white.underline(data.iamUserArn));
console.error(clc.white(['LTK Access Key: '].join('')) + clc.white.underline(data.accessKey));
console.error(clc.white(['LTK Secret Key: '].join('')) + clc.white.underline(data.secretKey));

utils.log(program, logger, 'checking for updates');
utils.checkForUpdate();
Developer.trackActivity(logger);
});
});
64 changes: 64 additions & 0 deletions bin/alks-iam-deleteltk
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
#!/usr/bin/env node
'use strict';

process.title = 'ALKS';

var program = require('commander'),
_ = require('underscore'),
clc = require('cli-color'),
alks = require('alks-node'),
Iam = require('../lib/iam'),
utils = require('../lib/utils'),
Developer = require('../lib/developer'),
config = require('../package.json');

var logger = 'iam-deleteltk';

program
.version(config.version)
.description('deletes an IAM Longterm Key')
.option('-n, --iamusername [iamUsername]', 'the name of the iam user associated with the LTK')
.option('-a, --account [alksAccount]', 'alks account to use')
.option('-r, --role [alksRole]', 'alks role to use')
.option('-F, --favorites', 'filters favorite accounts')
.option('-v, --verbose', 'be verbose')
.parse(process.argv);

var iamUsername = program.iamusername,
alksAccount = program.account,
alksRole = program.role,
filterFaves = program.favorites || false;

utils.log(program, logger, 'validating iam user name: ' + iamUsername);
if(_.isEmpty(iamUsername)){
utils.errorAndExit('The IAM username is required.');
}

if(!_.isUndefined(alksAccount) && _.isUndefined(alksRole)){
utils.log(program, logger, 'trying to extract role from account');
alksRole = utils.tryToExtractRole(alksAccount);
}

Iam.getIAMAccount(program, logger, alksAccount, alksRole, filterFaves, function(err, developer, password, alksAccount, alksRole){
if(err){
return utils.errorAndExit(err);
}

// delete the LTK
var data = _.extend({}, developer);
data.alksAccount = alksAccount;
data.alksRole = alksRole;
utils.log(program, logger, 'calling api to delete ltk: ' + iamUsername);

alks.deleteLongTermKey(data, password, iamUsername, { debug: program.verbose, ua: utils.getUA() }, function(err, data){
if(err){
return utils.errorAndExit(err);
}

console.error(clc.white(['LTK deleted for IAM User: ', iamUsername].join('')));

utils.log(program, logger, 'checking for updates');
utils.checkForUpdate();
Developer.trackActivity(logger);
});
});
8 changes: 4 additions & 4 deletions bin/alks-iam-deleterole
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,10 @@ program
.option('-v, --verbose', 'be verbose')
.parse(process.argv);

var roleName = program.rolename,
alksAccount = program.account,
filterFaves = program.favorites || false,
alksRole = program.role;
var roleName = program.rolename,
alksAccount = program.account,
alksRole = program.role,
filterFaves = program.favorites || false;

utils.log(program, logger, 'validating role name: ' + roleName);
if(_.isEmpty(roleName)){
Expand Down
13 changes: 6 additions & 7 deletions changelog.txt
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,13 @@
★ Release Notes: 2017-06-20
★ Release Notes: 2017-11-14
≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡

Thanks for upgrading to the latest version of the ALKS CLI!

→ You can now set favorite accounts: `alks developer favorites`
→ `alks sessions open` now floats your favorites to the top
→ `alks sessions open` now supports `-F` to filter your favorites
→ `alks sessions console` now supports `-F` to filter your favorites
→ `alks iam createrole` now supports `-F` to filter your favorites
→ Adds support for long term keys (ltk) for non-prod and lab accounts
→ You can now create long term keys: `alks iam createltk`
→ You can remove long term keys: `alks iam deleteltk`
→ Sessions now provide the expiration time as: `env.AWS_SESSION_EXPIRES`
→ `alks iam deleterole` now supports `-F` to filter your favorites
→ Have feedback? https://github.com/Cox-Automotive/ALKS-CLI/issues

☁☁☁☁☁☁ Happy Clouding! ☁☁☁☁☁☁
☁☁☁☁☁☁ Happy Clouding! ☁☁☁☁☁☁
50 changes: 13 additions & 37 deletions lib/developer.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,9 @@ var _ = require('underscore'),
loki = require('lokijs'),
clortho = require('clortho').forService('alkscli'),
netrc = require('node-netrc'),
inquirer = require('inquirer'),
semVer = require('semver'),
path = require('path'),
clc = require('cli-color'),
alks = require('alks-node'),
utils = require('./utils'),
fs = require('fs'),
ua = require('universal-analytics'),
chmod = require('chmod'),
pkg = require(path.join(__dirname, '../', 'package.json'));
Expand All @@ -26,12 +22,17 @@ var ALKS_USERID = 'alksuid',
var db = new loki(utils.getDBFile()),
visitor = null,
delim = ' :: ',
logger = 'developer';
logger = 'developer',
vAtSt = null;

exports.getAccountDelim = function(){
return delim;
};

exports.getVersionAtStart = function(){
return vAtSt;
};

function getDeveloperCollection(callback){
// have the DB load from disk
db.loadDatabase({}, function(){
Expand Down Expand Up @@ -98,13 +99,6 @@ exports.getPasswordFromKeystore = function(cb){
}
}

function getChangeLog(){
var file = path.join(__dirname, '../', 'changelog.txt'),
contents = fs.readFileSync(file, 'utf8');

return contents;
}

exports.storePassword = function(password, callback){
utils.log(null, logger, 'storing password');
if(utils.isPasswordSecurelyStorable()){
Expand Down Expand Up @@ -141,7 +135,7 @@ exports.removePassword = function(){

exports.getPasswordFromPrompt = function (callback, text, currentPassword){
utils.log(null, logger, 'getting password from prompt');
inquirer.prompt([{
utils.getStdErrPrompt()([{
type: 'password',
name: 'password',
message: text ? text : 'Password',
Expand All @@ -158,33 +152,15 @@ exports.getPasswordFromPrompt = function (callback, text, currentPassword){

exports.ensureConfigured = function(callback){
exports.getDeveloper(function(err, developer){
if(!vAtSt) vAtSt = developer.lastVersion;

// validate we have a valid configuration
if(_.isEmpty(developer.server) ||
_.isEmpty(developer.userid)){
callback(new Error('ALKS CLI is not configured. Please run: alks developer configure'), developer);
}
else{
// since this is the first func to always get called check for update
var currentVersion = pkg.version,
lastRunVerion = developer.lastVersion;

// if they dont have a last version, set to current and save
if(!lastRunVerion){
developer.lastVersion = lastRunVerion = currentVersion;
exports.saveDeveloper(developer);
}

// check if they just updated
if(semVer.gt(currentVersion, lastRunVerion)){
// give them release notes
utils.showBorderedMessage(110, clc.white(getChangeLog()));

// save the last version
developer.lastVersion = currentVersion;
exports.saveDeveloper(developer);
}

callback(null);
callback();
}
});
};
Expand Down Expand Up @@ -297,10 +273,10 @@ exports.getALKSAccount = function(program, options, callback){
function(developer, password, cb){
alks.getAccounts(opts.server, opts.userid, password, { debug: program.verbose, ua: utils.getUA() }, function(err, alksAccounts){
var indexedAlksAccounts = [];
_.each(alksAccounts, function(alksAccount, i){
_.each(alksAccounts, function(alksAccount){
if(opts.iamOnly === true && alksAccount.iam === false) return;

alksAccount = [alksAccount.account, alksAccount.role].join(exports.getAccountDelim())
alksAccount = [alksAccount.account, alksAccount.role].join(exports.getAccountDelim());
indexedAlksAccounts.push(alksAccount);
});
cb(err, developer, password, indexedAlksAccounts);
Expand Down Expand Up @@ -353,7 +329,7 @@ exports.getALKSAccount = function(program, options, callback){
promptData['default'] = developer.lastAcctUsed;
}

inquirer.prompt([ promptData ]).then(function(answers){
utils.getStdErrPrompt()([ promptData ]).then(function(answers){
var acctStr = answers.alksAccount,
data = acctStr.split(exports.getAccountDelim()),
alksAccount = data[0],
Expand Down
Loading

0 comments on commit d034741

Please sign in to comment.