Export creds (#168)

* added flag for adding creds to credfile * use real cred location * working on updating the parser * update cred export to use profile parser * add error checking * simplify code * add error checks
common-fate · May 27, 2022 · d6b250a · d6b250a
1 parent b77a89e
commit d6b250a
Show file tree

Hide file tree

Showing 3 changed files with 76 additions and 0 deletions.
diff --git a/pkg/assume/assume.go b/pkg/assume/assume.go
@@ -205,6 +205,14 @@ func AssumeCommand(c *cli.Context) error {
 			}
 			green.Fprintln(color.Error, "Exported credentials to .env file successfully")
 		}
+
+		if assumeFlags.Bool("export") {
+			err = cfaws.ExportCredsToProfile(profile.Name, creds)
+			if err != nil {
+				return err
+			}
+			green.Fprintln(color.Error, "Exported credentials to ~.aws/credentials file successfully")
+		}
 		if assumeFlags.String("exec") != "" {
 			return RunExecCommandWithCreds(assumeFlags.String("exec"), creds, region)
 		}

diff --git a/pkg/assume/entrypoint.go b/pkg/assume/entrypoint.go
@@ -22,6 +22,7 @@ func GlobalFlags() []cli.Flag {
 	return []cli.Flag{
 		&cli.BoolFlag{Name: "console", Aliases: []string{"c"}, Usage: "Open a web console to the role"},
 		&cli.BoolFlag{Name: "env", Aliases: []string{"e"}, Usage: "export credentials to a .env file"},
+		&cli.BoolFlag{Name: "export", Aliases: []string{"ex"}, Usage: "export credentials to a ~.aws/credentials file"},
 		&cli.BoolFlag{Name: "unset", Aliases: []string{"un"}, Usage: "Unset all environment variables configured by Assume"},
 		&cli.BoolFlag{Name: "url", Aliases: []string{"u"}, Usage: "Get an active console session url"},
 		&cli.StringFlag{Name: "service", Aliases: []string{"s"}, Usage: "Specify a service to open the console into"},

diff --git a/pkg/cfaws/cred-exporter.go b/pkg/cfaws/cred-exporter.go
@@ -0,0 +1,67 @@
+package cfaws
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/bigkevmcd/go-configparser"
+	"github.com/fatih/color"
+)
+
+// ExportCredsToProfile will write assumed credentials to ~/.aws/credentials with a specified profile name header
+func ExportCredsToProfile(profileName string, creds aws.Credentials) error {
+	// fetch the parsed cred file
+	credPath := config.DefaultSharedCredentialsFilename()
+
+	//create it if it doesn't exist
+	if _, err := os.Stat(credPath); os.IsNotExist(err) {
+
+		f, err := os.Create(credPath)
+		if err != nil {
+			return err
+		}
+		err = f.Close()
+		if err != nil {
+			return err
+		}
+		fmt.Fprintln(color.Error, "Created file.")
+
+	}
+
+	credFile, err := configparser.NewConfigParserFromFile(credPath)
+	if err != nil {
+		return err
+	}
+
+	if credFile.HasSection(profileName) {
+		err := credFile.RemoveSection(profileName)
+		if err != nil {
+			return err
+		}
+	}
+	err = credFile.AddSection(profileName)
+	if err != nil {
+		return err
+	}
+	//put the creds into options
+	err = credFile.Set(profileName, "aws_access_key_id", creds.AccessKeyID)
+	if err != nil {
+		return err
+	}
+	err = credFile.Set(profileName, "aws_secret_access_key", creds.SecretAccessKey)
+	if err != nil {
+		return err
+	}
+	err = credFile.Set(profileName, "aws_session_token", creds.SessionToken)
+	if err != nil {
+		return err
+	}
+	err = credFile.SaveWithDelimiter(credPath, "=")
+	if err != nil {
+		return err
+	}
+
+	return nil
+}