Merge pull request #75 from common-fate/jackmeyer/cf-626-issue-71-rol…

…e-assume-error-no-role-found Jackmeyer/cf-626 issue 71 role assume error no role found
common-fate · Mar 2, 2022 · fa18ff4 · fa18ff4
2 parents d373151 + 3d57971
commit fa18ff4
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 1 deletion.
diff --git a/pkg/cfaws/assumer_aws_azure_login.go b/pkg/cfaws/assumer_aws_azure_login.go
@@ -0,0 +1,57 @@
+package cfaws
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"os/exec"
+	"strings"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/bigkevmcd/go-configparser"
+)
+
+// Implements Assumer
+type AwsAzureLoginAssumer struct {
+}
+
+//https://github.com/sportradar/aws-azure-login
+
+// launch the aws-google-auth utility to generate the credentials
+// then fetch them from the environment for use
+func (aal *AwsAzureLoginAssumer) AssumeTerminal(ctx context.Context, c *CFSharedConfig) (aws.Credentials, error) {
+	cmd := exec.Command("aws-azure-login", fmt.Sprintf("--profile=%s", c.Name))
+
+	cmd.Stdout = os.Stderr
+	cmd.Stdin = os.Stdin
+	cmd.Stderr = os.Stderr
+	err := cmd.Run()
+	if err != nil {
+		return aws.Credentials{}, err
+	}
+	creds := GetEnvCredentials(ctx)
+	if !creds.HasKeys() {
+		return aws.Credentials{}, fmt.Errorf("no credentials exported to terminal when using %s to assume profile: %s", aal.Type(), c.Name)
+	}
+	return creds, nil
+}
+
+func (aal *AwsAzureLoginAssumer) AssumeConsole(ctx context.Context, c *CFSharedConfig) (aws.Credentials, error) {
+	return aal.AssumeTerminal(ctx, c)
+}
+
+// A unique key which identifies this assumer e.g AWS-SSO or GOOGLE-AWS-AUTH
+func (aal *AwsAzureLoginAssumer) Type() string {
+	return "AWS_AZURE_LOGIN"
+}
+
+// inspect for any items on the profile prefixed with "AZURE_"
+func (aal *AwsAzureLoginAssumer) ProfileMatchesType(rawProfile configparser.Dict, parsedProfile config.SharedConfig) bool {
+	for k := range rawProfile {
+		if strings.HasPrefix(k, "azure_") {
+			return true
+		}
+	}
+	return false
+}
diff --git a/pkg/cfaws/assumers.go b/pkg/cfaws/assumers.go
@@ -22,7 +22,7 @@ type Assumer interface {
 // List of assumers should be ordered by how they match type
 // specific types should be first, generic types like IAM should be last / the (default)
 // for sso profiles, the internal implementation takes precedence over credential processes
-var assumers []Assumer = []Assumer{&AwsGoogleAuthAssumer{}, &AwsSsoAssumer{}, &CredentialProcessAssumer{}, &AwsIamAssumer{}}
+var assumers []Assumer = []Assumer{&AwsGoogleAuthAssumer{}, &AwsAzureLoginAssumer{}, &AwsSsoAssumer{}, &CredentialProcessAssumer{}, &AwsIamAssumer{}}
 
 // RegisterAssumer allows assumers to be registered when using this library as a package in other projects
 // position = -1 will append the assumer