Add flag to force the SSO login

leocomelli · Mar 24, 2021 · e193feb · e193feb
1 parent 35a78a6
commit e193feb
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 31 deletions.
diff --git a/aws_eks.go b/aws_eks.go
@@ -23,11 +23,11 @@ type EKS struct {
 }
 
 // NewEKS returns a new EKS
-func NewEKS(cmd EKSCommand, backup bool) *EKS {
+func NewEKS(cmd EKSCommand, c *ConfigOptions) *EKS {
 	return &EKS{
 		Cmd:            cmd,
 		KubeConfigPath: kubeConfig,
-		BackupFile:     backup,
+		BackupFile:     c.BackupFile,
 	}
 }
 

diff --git a/aws_sso.go b/aws_sso.go
@@ -40,12 +40,13 @@ type SSOCredential struct {
 
 // SSO implements the flow to retrieve the AWS SSO credentials
 type SSO struct {
-	Cmd        SSOCommand `json:"-"`
-	AccountID  string     `json:"accountId"`
-	RoleName   string     `json:"roleName"`
-	StartURL   string     `json:"startUrl"`
-	Region     string     `json:"region"`
-	BackupFile bool       `json:"-"`
+	Cmd           SSOCommand `json:"-"`
+	AccountID     string     `json:"accountId"`
+	RoleName      string     `json:"roleName"`
+	StartURL      string     `json:"startUrl"`
+	Region        string     `json:"region"`
+	BackupFile    bool       `json:"-"`
+	ForceSSOLogin bool       `json:"-"`
 }
 
 // Accounts defines the structure returned by AWS Cli
@@ -103,6 +104,7 @@ func NewSSO(cmd SSOCommand, c *ConfigOptions) *SSO {
 		c.StartURL,
 		c.Region,
 		c.BackupFile,
+		c.ForceSSOLogin,
 	}
 }
 
@@ -179,9 +181,22 @@ func (a *SSO) PersistConfig() error {
 	return nil
 }
 
+func (a *SSO) loginRetry(v []bool) bool {
+	return len(v) > 0 && v[0]
+}
+
 // Login checks if the sso cache file is valid,
 // when cache credential has expired forces a login
 func (a *SSO) Login(retry ...bool) (*SSOCredential, error) {
+	if a.ForceSSOLogin || a.loginRetry(retry) {
+		_, err := a.Cmd.Login(a.RoleName)
+		if err != nil {
+			return nil, err
+		}
+
+		logger.Info().Msg("the aws sso cache file has been updated successfully")
+	}
+
 	c, err := a.ReadCacheFile()
 
 	if err != nil && !os.IsNotExist(err) {
@@ -193,17 +208,10 @@ func (a *SSO) Login(retry ...bool) (*SSOCredential, error) {
 		return c, nil
 	}
 
-	if len(retry) > 0 && retry[0] {
+	if a.loginRetry(retry) {
 		return nil, errors.New("can not renew the sso token")
 	}
 
-	_, err = a.Cmd.Login(a.RoleName)
-	if err != nil {
-		return nil, err
-	}
-
-	logger.Info().Msg("the aws sso cache file has been updated successfully")
-
 	return a.Login(true)
 }
 

diff --git a/config.go b/config.go
@@ -14,11 +14,12 @@ var aslPath string
 
 // ConfigOptions defines the ASL options
 type ConfigOptions struct {
-	AccountID  string `json:"accountId"`
-	RoleName   string `json:"roleName"`
-	StartURL   string `json:"startUrl"`
-	Region     string `json:"region"`
-	BackupFile bool   `json:"-"`
+	AccountID     string `json:"accountId"`
+	RoleName      string `json:"roleName"`
+	StartURL      string `json:"startUrl"`
+	Region        string `json:"region"`
+	BackupFile    bool   `json:"-"`
+	ForceSSOLogin bool   `json:"-"`
 }
 
 func configureCmd(ctx context.Context) *cobra.Command {
@@ -67,7 +68,7 @@ func Configure(o *ConfigOptions) error {
 }
 
 // LoadConfig reads the ASL parameters
-func LoadConfig() (*ConfigOptions, error) {
+func LoadConfig(opts *Options) (*ConfigOptions, error) {
 	config := NewFile(aslPath)
 
 	if !config.Exists() {
@@ -82,6 +83,9 @@ func LoadConfig() (*ConfigOptions, error) {
 		return nil, err
 	}
 
+	data.BackupFile = opts.Backup
+	data.ForceSSOLogin = opts.ForceSSOLogin
+
 	logger.Debug().Interface("data", data).Msg("the asl config file has been successfully read")
 
 	return data, nil

diff --git a/main.go b/main.go
@@ -11,6 +11,13 @@ import (
 	"github.com/spf13/cobra"
 )
 
+// Options defines root command options
+type Options struct {
+	Backup        bool
+	EKS           bool
+	ForceSSOLogin bool
+}
+
 var (
 	// Version contains the current version of the app.
 	Version = ""
@@ -19,8 +26,7 @@ var (
 	// GitHash contains the hash of last commit in the repository.
 	GitHash = ""
 
-	backup bool
-	eks    bool
+	opts = &Options{}
 )
 
 const (
@@ -49,13 +55,11 @@ func main() {
 		Short: "Get credentials for all accounts for which you have permission in AWS SSO",
 		Long:  ``,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			cfg, err := LoadConfig()
+			cfg, err := LoadConfig(opts)
 			if err != nil {
 				return err
 			}
 
-			cfg.BackupFile = backup
-
 			sso := NewSSO(&SSOCli{}, cfg)
 			err = sso.PersistConfig()
 			if err != nil {
@@ -84,8 +88,8 @@ func main() {
 			ssoMsg := fmt.Sprintf(ssoMsgTmpl, res.Filename)
 
 			var eksMsg string
-			if eks {
-				eks := NewEKS(&EKSCli{}, backup)
+			if opts.EKS {
+				eks := NewEKS(&EKSCli{}, cfg)
 				err := eks.UpdateKubeConfig(c)
 				if err != nil {
 					return err
@@ -101,8 +105,9 @@ func main() {
 	}
 
 	rootCmd.PersistentFlags().StringP("loglevel", "d", "info", "set log level [info|debug|trace]")
-	rootCmd.PersistentFlags().BoolVarP(&backup, "backup", "b", false, "force a back up of the configuration files [.aws/config|.aws/credentials|.kube/config]")
-	rootCmd.PersistentFlags().BoolVarP(&eks, "eks", "k", false, "configure kubectl so that you can connect to an Amazon EKS cluster")
+	rootCmd.PersistentFlags().BoolVarP(&opts.Backup, "backup", "b", false, "force a back up of the configuration files [.aws/config|.aws/credentials|.kube/config]")
+	rootCmd.PersistentFlags().BoolVarP(&opts.EKS, "eks", "k", false, "configure kubectl so that you can connect to an Amazon EKS cluster")
+	rootCmd.PersistentFlags().BoolVarP(&opts.ForceSSOLogin, "login", "l", false, "force login to review the SSO access token")
 
 	logger.Logger = logger.Output(zerolog.ConsoleWriter{Out: os.Stderr})
 	setLogLevel(os.Args)