diff --git a/CHANGELOG.md b/CHANGELOG.md index 7a962128..55cbc5af 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ * No longer show help for sub-commands by default * Warnings about invalid accounts/roles in config.yaml are now Debug messages #980 * Default ProfileFormat is now the `Friendly` format #992 + * `config`, `config-profiles` and `completions` are now sub-commands of `setup` #975 ### New Features diff --git a/cmd/aws-sso/completions_cmd.go b/cmd/aws-sso/completions_cmd.go index 931ef646..5889dd8b 100644 --- a/cmd/aws-sso/completions_cmd.go +++ b/cmd/aws-sso/completions_cmd.go @@ -38,16 +38,16 @@ type CompleteCmd struct { func (cc *CompleteCmd) Run(ctx *RunContext) error { var err error - if ctx.Cli.Completions.Source { + if ctx.Cli.Setup.Completions.Source { err = helper.NewSourceHelper(os.Executable, os.Stdout). - Generate(ctx.Cli.Completions.Shell) - } else if ctx.Cli.Completions.Install { + Generate(ctx.Cli.Setup.Completions.Shell) + } else if ctx.Cli.Setup.Completions.Install { // install the current auto-complete helper - err = helper.InstallHelper(ctx.Cli.Completions.Shell, ctx.Cli.Completions.ShellScript) - } else if ctx.Cli.Completions.Uninstall { + err = helper.InstallHelper(ctx.Cli.Setup.Completions.Shell, ctx.Cli.Setup.Completions.ShellScript) + } else if ctx.Cli.Setup.Completions.Uninstall { // uninstall the current auto-complete helper - err = helper.UninstallHelper(ctx.Cli.Completions.Shell, ctx.Cli.Completions.ShellScript) - } else if ctx.Cli.Completions.UninstallPre19 { + err = helper.UninstallHelper(ctx.Cli.Setup.Completions.Shell, ctx.Cli.Setup.Completions.ShellScript) + } else if ctx.Cli.Setup.Completions.UninstallPre19 { // make sure we haven't installed our new completions first... if files := hasV19Installed(); len(files) == 0 { for _, f := range files { diff --git a/cmd/aws-sso/main.go b/cmd/aws-sso/main.go index 7f558e2f..34a399f2 100644 --- a/cmd/aws-sso/main.go +++ b/cmd/aws-sso/main.go @@ -113,24 +113,22 @@ type CLI struct { Threads int `kong:"help='Override number of threads for talking to AWS (default: 5)'"` // Commands - Cache CacheCmd `kong:"cmd,help='Force reload of cached AWS SSO role info and config.yaml'"` - Completions CompleteCmd `kong:"cmd,help='Manage shell completions'"` - Console ConsoleCmd `kong:"cmd,help='Open AWS Console using specificed AWS role/profile'"` - Config ConfigCmd `kong:"cmd,help='Run the configuration wizard'"` - ConfigProfiles ConfigProfilesCmd `kong:"cmd,help='Update ~/.aws/config with AWS SSO profiles from the cache'"` - Credentials CredentialsCmd `kong:"cmd,help='Generate static AWS credentials for use with AWS CLI'"` - Default DefaultCmd `kong:"cmd,hidden,default='1'"` // list command without args - Ecs EcsCmd `kong:"cmd,help='ECS server/client commands'"` - Eval EvalCmd `kong:"cmd,help='Print AWS environment vars for use with eval $(aws-sso eval ...)'"` - Exec ExecCmd `kong:"cmd,help='Execute command using specified IAM role in a new shell'"` - List ListCmd `kong:"cmd,help='List all accounts / roles (default command)'"` - Login LoginCmd `kong:"cmd,help='Login to an AWS Identity Center instance'"` - Logout LogoutCmd `kong:"cmd,help='Logout from an AWS Identity Center instance and invalidate all credentials'"` - ListSSORoles ListSSORolesCmd `kong:"cmd,hidden,help='List AWS SSO Roles (debugging)'"` - Process ProcessCmd `kong:"cmd,help='Generate JSON for credential_process in ~/.aws/config'"` - Tags TagsCmd `kong:"cmd,help='List tags'"` - Time TimeCmd `kong:"cmd,help='Print how much time before current STS Token expires'"` - Version VersionCmd `kong:"cmd,help='Print version and exit'"` + Cache CacheCmd `kong:"cmd,help='Force reload of cached AWS SSO role info and config.yaml'"` + Setup SetupCmd `kong:"cmd,help='Setup Wizard, Completions, etc'"` + Console ConsoleCmd `kong:"cmd,help='Open AWS Console using specificed AWS role/profile'"` + Credentials CredentialsCmd `kong:"cmd,help='Generate static AWS credentials for use with AWS CLI'"` + Default DefaultCmd `kong:"cmd,hidden,default='1'"` // list command without args + Ecs EcsCmd `kong:"cmd,help='ECS server/client commands'"` + Eval EvalCmd `kong:"cmd,help='Print AWS environment vars for use with eval $(aws-sso eval ...)'"` + Exec ExecCmd `kong:"cmd,help='Execute command using specified IAM role in a new shell'"` + List ListCmd `kong:"cmd,help='List all accounts / roles (default command)'"` + Login LoginCmd `kong:"cmd,help='Login to an AWS Identity Center instance'"` + Logout LogoutCmd `kong:"cmd,help='Logout from an AWS Identity Center instance and invalidate all credentials'"` + ListSSORoles ListSSORolesCmd `kong:"cmd,hidden,help='List AWS SSO Roles (debugging)'"` + Process ProcessCmd `kong:"cmd,help='Generate JSON for credential_process in ~/.aws/config'"` + Tags TagsCmd `kong:"cmd,help='List tags'"` + Time TimeCmd `kong:"cmd,help='Print how much time before current STS Token expires'"` + Version VersionCmd `kong:"cmd,help='Print version and exit'"` } func main() { @@ -177,7 +175,7 @@ func main() { if _, err := os.Stat(cli.ConfigFile); errors.Is(err, os.ErrNotExist) { log.Warnf("No config file found! Will now prompt you for a basic config...") - if err = setupWizard(&runCtx, false, false, runCtx.Cli.Config.Advanced); err != nil { + if err = setupWizard(&runCtx, false, false, runCtx.Cli.Setup.Wizard.Advanced); err != nil { log.Fatalf("%s", err.Error()) } if ctx.Command() == "config" { diff --git a/cmd/aws-sso/setup_cmd.go b/cmd/aws-sso/setup_cmd.go new file mode 100644 index 00000000..2dc2b28c --- /dev/null +++ b/cmd/aws-sso/setup_cmd.go @@ -0,0 +1,25 @@ +package main + +/* + * AWS SSO CLI + * Copyright (c) 2021-2024 Aaron Turner + * + * This program is free software: you can redistribute it + * and/or modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or with the authors permission any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +type SetupCmd struct { + Completions CompleteCmd `kong:"cmd,help='Manage shell completions'"` + Wizard SetupWizardCmd `kong:"cmd,help='Run the configuration wizard'"` + Profiles SetupProfilesCmd `kong:"cmd,help='Update ~/.aws/config with AWS SSO profiles from the cache'"` +} diff --git a/cmd/aws-sso/config_profiles_cmd.go b/cmd/aws-sso/setup_profiles_cmd.go similarity index 88% rename from cmd/aws-sso/config_profiles_cmd.go rename to cmd/aws-sso/setup_profiles_cmd.go index 71b798c2..f0caaeef 100644 --- a/cmd/aws-sso/config_profiles_cmd.go +++ b/cmd/aws-sso/setup_profiles_cmd.go @@ -34,7 +34,7 @@ credential_process = {{ $profile.BinaryPath }} -u {{ $profile.Open }} -S "{{ $pr {{end}}{{end}}{{end}}` ) -type ConfigProfilesCmd struct { +type SetupProfilesCmd struct { Diff bool `kong:"help='Print a diff of changes to the config file instead of modifying it',xor='action'"` Force bool `kong:"help='Write a new config file without prompting'"` Open string `kong:"help='Specify how to open URLs: [clip|exec|open|granted-containers|open-url-in-container]'"` @@ -42,12 +42,12 @@ type ConfigProfilesCmd struct { AwsConfig string `kong:"help='Path to AWS config file',env='AWS_CONFIG_FILE',default='~/.aws/config'"` } -func (cc *ConfigProfilesCmd) Run(ctx *RunContext) error { +func (cc *SetupProfilesCmd) Run(ctx *RunContext) error { var err error var action url.ConfigProfilesAction - if ctx.Cli.ConfigProfiles.Open != "" { - if action, err = url.NewConfigProfilesAction(ctx.Cli.ConfigProfiles.Open); err != nil { + if ctx.Cli.Setup.Profiles.Open != "" { + if action, err = url.NewConfigProfilesAction(ctx.Cli.Setup.Profiles.Open); err != nil { return err } } else { @@ -66,9 +66,9 @@ func (cc *ConfigProfilesCmd) Run(ctx *RunContext) error { return err } - if ctx.Cli.ConfigProfiles.Print { + if ctx.Cli.Setup.Profiles.Print { return awsconfig.PrintAwsConfig(ctx.Settings, urlAction) } - return awsconfig.UpdateAwsConfig(ctx.Settings, urlAction, ctx.Cli.ConfigProfiles.AwsConfig, - ctx.Cli.ConfigProfiles.Diff, ctx.Cli.ConfigProfiles.Force) + return awsconfig.UpdateAwsConfig(ctx.Settings, urlAction, ctx.Cli.Setup.Profiles.AwsConfig, + ctx.Cli.Setup.Profiles.Diff, ctx.Cli.Setup.Profiles.Force) } diff --git a/cmd/aws-sso/config_wizard.go b/cmd/aws-sso/setup_wizard.go similarity index 98% rename from cmd/aws-sso/config_wizard.go rename to cmd/aws-sso/setup_wizard.go index 6e2b2808..33355053 100644 --- a/cmd/aws-sso/config_wizard.go +++ b/cmd/aws-sso/setup_wizard.go @@ -131,7 +131,7 @@ func checkPromptError(err error) { switch err.Error() { case "^D": // https://github.com/synfinatic/aws-sso-cli/issues/531 - log.Errorf("Sorry, not supported") + log.Errorf("sorry, not supported") case "^C": log.Fatalf("User aborted.") default: @@ -170,7 +170,7 @@ func promptStartUrl(defaultValue string) string { if len(input) > 0 && len(input) < 64 && ssoHostnameRegexp.Match([]byte(input)) { return nil } - return fmt.Errorf("Invalid DNS hostname: %s", input) + return fmt.Errorf("invalid DNS hostname: %s", input) }, Default: defaultValue, Stdout: &utils.BellSkipper{}, @@ -191,7 +191,7 @@ func promptStartUrl(defaultValue string) string { if _, err := net.LookupHost(val); err == nil { validFQDN = true } else if err != nil { - log.Errorf("Unable to resolve %s", val) + log.Errorf("unable to resolve %s", val) } } log.Infof("Using %s", val) @@ -474,7 +474,7 @@ func promptConsoleDuration(defaultValue int32) int32 { istr := strings.TrimSpace(input) x, err := strconv.ParseInt(istr, 10, 64) if err != nil || x > 720 || x < 15 { - return fmt.Errorf("Value must be a valid integer between 15 and 720") + return fmt.Errorf("value must be a valid integer between 15 and 720") } return nil }, @@ -784,7 +784,7 @@ func validateInteger(input string) error { input = strings.TrimSpace(input) _, err := strconv.ParseInt(input, 10, 64) if err != nil { - return fmt.Errorf("Value must be a valid integer") + return fmt.Errorf("value must be a valid integer") } return nil } diff --git a/cmd/aws-sso/config_cmd.go b/cmd/aws-sso/setup_wizard_cmd.go similarity index 97% rename from cmd/aws-sso/config_cmd.go rename to cmd/aws-sso/setup_wizard_cmd.go index a0b89c26..49210c32 100644 --- a/cmd/aws-sso/config_cmd.go +++ b/cmd/aws-sso/setup_wizard_cmd.go @@ -33,17 +33,17 @@ import ( var ranSetup = false -type ConfigCmd struct { +type SetupWizardCmd struct { // AddSSO bool `kong:"help='Add a new AWS SSO instance'"` Advanced bool `kong:"help='Enable advanced configuration'"` } -func (cc *ConfigCmd) Run(ctx *RunContext) error { +func (cc *SetupWizardCmd) Run(ctx *RunContext) error { if err := backupConfig(ctx.Cli.ConfigFile); err != nil { return err } - return setupWizard(ctx, true, false, ctx.Cli.Config.Advanced) // ctx.Cli.Config.AddSSO) + return setupWizard(ctx, true, false, ctx.Cli.Setup.Wizard.Advanced) // ctx.Cli.Config.AddSSO) } func setupWizard(ctx *RunContext, reconfig, addSSO, advanced bool) error { diff --git a/docs/commands.md b/docs/commands.md index 00c4f9cb..8a337605 100644 --- a/docs/commands.md +++ b/docs/commands.md @@ -26,73 +26,6 @@ modified. --- -### config - -Allows you to run through the configuration wizard and update your AWS SSO CLI -config file (`~/.aws-sso/config.yaml`). By default, it only does a very basic -configuration to get started with. The `--advanced` flag prompts for more -settings and is useful for taking advantage of some of the new settings if -you've upgraded from a previous version! - -Flags: - - * `--advanced` -- Prompts for many more config options - ---- - -### config-profiles - -Modifies the `~/.aws/config` file to contain a [named profile]( -https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html#cli-configure-files-using-profiles) -for every role accessible via AWS SSO CLI. - -Flags: - - * `--diff` -- Print a diff of changes to the config file instead of modifying it - * `--open` -- Specify how to open URls: [clip|exec|open|granted-containers|open-url-in-container] - * `--print` -- Print profile entries instead of modifying config file - * `--force` -- Write a new config file without prompting - * `--aws-config` -- Override path to `~/.aws/config` file - -By default, each profile is named according to the [ProfileFormat]( -config.md#profileformat) config option or overridden by the user defined -[Profile](config.md#profile) option on a role by role basis. - -For each profile generated, it will specify a [list of settings]( -https://docs.aws.amazon.com/sdkref/latest/guide/settings-global.html) as defined -by the [ConfigVariables](config.md#configvariables) setting in the -`~/.aws-sso/config.yaml`. - -For more information on this feature, [read the Quickstart Guide]( -quickstart.md#integrating-with-the-aws-profile-variable). - -Unlike with other ways to use AWS SSO CLI, the AWS IAM STS credentials will -_automatically refresh_. This means, if you do not have a valid AWS SSO token, -you will be prompted to authentiate via your SSO provider and subsequent -requests to obtain new IAM STS credentials will automatically happen as needed. - -**Note:** Due to a limitation in the AWS tooling, `print` and `printurl` are not -supported values for `--url-action`. Hence, you must use `open` or `exec` to -auto-open URLs in your browser (recommended) or `clip` to automatically copy -URLs to your clipboard. _No user prompting is possible._ - -**Note:** You should run this command any time your list of AWS roles changes -in order to update the `~/.aws/config` file or enable [AutoConfigCheck]( -config.md#autoconfigcheck) and [ConfigProfilesUrlAction]( -config.md#configprofilesurlaction). - -**Note:** If `ConfigProfilesUrlAction` is set, then `--open` is optional, -otherwise it is required. - -**Note:** It is important that you do _NOT_ remove the `# BEGIN_AWS_SSO_CLI` and -`# END_AWS_SSO_CLI` lines from your config file! These markers are used to track -which profiles are managed by AWS SSO CLI. - -**Note:** This command does not honor the `--sso` option as it operates on all -of the configured AWS SSO instances in the `~/.aws-sso/config.yaml` file. - ---- - ### console Console generates a URL which will grant you access to the AWS Console in your @@ -137,7 +70,7 @@ Generate static credentials in the format for [~/.aws/credentials](https://docs. This command will expose your temporary AWS IAM credentials in clear text which can be a security issue, and is not recommended except for cases where going through the AWS Identity Center web-based authentication workflow is not possible. The most common example of this would be integrating with Docker and needing -multiple IAM Roles. Most use cases are better served by using the [config-profiles](#config-profiles) command or +multiple IAM Roles. Most use cases are better served by using the [setup-profiles](#setup-profiles) command or passing in IAM credentials via [environment variables](https://docs.aws.amazon.com/cli/v1/userguide/cli-configure-envvars.html). Flags: @@ -321,6 +254,97 @@ for the selected SSO instance and removes all IAM Role Credentials cached in the --- +### setup completions + +Configures your appropriate shell configuration file to add auto-complete +and [Shell Helpers](#shell-helpers) functionality for commands, flags and +options. Must restart your shell for this to take effect. + +For more information about this feature, please read [the quickstart]( +quickstart.md#enabling-auto-completion-in-your-shell). + +Flags: + + * `--install` -- Install the new v1.9+ shell completions scripts + * `--uninstall` -- Uninstall the new v1.9+ shell completions scripts + * `--uninstall-pre-19` -- Uninstall the legacy pre-v1.9 scripts + * `--shell ` -- Override the detected shell + * `--shell-script ` -- Override the default shell script file to modify + +**Note:** You should uninstall the older pre-v1.9 completions before installing +the new version. Once the new version is installed, `--uninstall-pre-19` will +refuse to run so you will have to either manually edit the file or run +`--uninstall`, then `--uninstall-pre-19` and finally `--install` again. + +--- + +### setup profiles + +Modifies the `~/.aws/config` file to contain a [named profile]( +https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html#cli-configure-files-using-profiles) +for every role accessible via AWS SSO CLI. + +Flags: + + * `--diff` -- Print a diff of changes to the config file instead of modifying it + * `--open` -- Specify how to open URls: [clip|exec|open|granted-containers|open-url-in-container] + * `--print` -- Print profile entries instead of modifying config file + * `--force` -- Write a new config file without prompting + * `--aws-config` -- Override path to `~/.aws/config` file + +By default, each profile is named according to the [ProfileFormat]( +config.md#profileformat) config option or overridden by the user defined +[Profile](config.md#profile) option on a role by role basis. + +For each profile generated, it will specify a [list of settings]( +https://docs.aws.amazon.com/sdkref/latest/guide/settings-global.html) as defined +by the [ConfigVariables](config.md#configvariables) setting in the +`~/.aws-sso/config.yaml`. + +For more information on this feature, [read the Quickstart Guide]( +quickstart.md#using-the-aws_profile-variable). + +Unlike with other ways to use AWS SSO CLI, the AWS IAM STS credentials will +_automatically refresh_. This means, if you do not have a valid AWS SSO token, +you will be prompted to authentiate via your SSO provider and subsequent +requests to obtain new IAM STS credentials will automatically happen as needed. + +**Note:** Due to a limitation in the AWS tooling, `print` and `printurl` are not +supported values for `--url-action`. Hence, you must use `open` or `exec` to +auto-open URLs in your browser (recommended) or `clip` to automatically copy +URLs to your clipboard. _No user prompting is possible._ + +**Note:** You should run this command any time your list of AWS roles changes +in order to update the `~/.aws/config` file or enable [AutoConfigCheck]( +config.md#autoconfigcheck) and [ConfigProfilesUrlAction]( +config.md#configprofilesurlaction). + +**Note:** If `ConfigProfilesUrlAction` is set, then `--open` is optional, +otherwise it is required. + +**Note:** It is important that you do _NOT_ remove the `# BEGIN_AWS_SSO_CLI` and +`# END_AWS_SSO_CLI` lines from your config file! These markers are used to track +which profiles are managed by AWS SSO CLI. + +**Note:** This command does not honor the `--sso` option as it operates on all +of the configured AWS SSO instances in the `~/.aws-sso/config.yaml` file. + +--- + +### setup wizard + +Allows you to run through the configuration wizard and update your AWS SSO CLI +config file (`~/.aws-sso/config.yaml`). By default, it only does a very basic +configuration to get started with. The `--advanced` flag prompts for more +settings and is useful for taking advantage of some of the new settings if +you've upgraded from a previous version! + +Flags: + + * `--advanced` -- Prompts for many more config options + +--- + ### tags Tags dumps a list of AWS SSO roles with the available metadata tags. @@ -350,30 +374,6 @@ AWS Role's STS credentials are valid for in the format of `HHhMMm` **Note:** This command is only useful when you have STS credentials configured in your shell via [eval](#eval) or [exec](#exec). ---- - -### completions - -Configures your appropriate shell configuration file to add auto-complete -and [Shell Helpers](#shell-helpers) functionality for commands, flags and -options. Must restart your shell for this to take effect. - -For more information about this feature, please read [the quickstart]( -quickstart.md#enabling-auto-completion-in-your-shell). - -Flags: - - * `--install` -- Install the new v1.9+ shell completions scripts - * `--uninstall` -- Uninstall the new v1.9+ shell completions scripts - * `--uninstall-pre-19` -- Uninstall the legacy pre-v1.9 scripts - * `--shell ` -- Override the detected shell - * `--shell-script ` -- Override the default shell script file to modify - -**Note:** You should uninstall the older pre-v1.9 completions before installing -the new version. Once the new version is installed, `--uninstall-pre-19` will -refuse to run so you will have to either manually edit the file or run -`--uninstall`, then `--uninstall-pre-19` and finally `--install` again. - ## Environment Variables ### Honored Variables @@ -396,7 +396,7 @@ The `file` SecureStore will use the `AWS_SSO_FILE_PASSWORD` environment variable for the password if it is set. (Not recommended.) Additionally, `$AWS_PROFILE` is honored via the standard AWS tooling when using -the [config-profiles](#config-profiles) command to manage your `~/.aws/config` file. +the [setup-profiles](#setup-profiles) command to manage your `~/.aws/config` file. --- @@ -430,7 +430,7 @@ and SDK. ## Shell Helpers These are optional helper functions installed in your shell as part of the -[completions](#completions) command. To install these helper functions, +[setup-completions](#setup-completions) command. To install these helper functions, please see the [quickstart](quickstart.md) page. **Important:** Unlike the commands above, these are standalone shell functions diff --git a/docs/quickstart.md b/docs/quickstart.md index 1a0e3094..b6fb6384 100644 --- a/docs/quickstart.md +++ b/docs/quickstart.md @@ -7,7 +7,7 @@ * Option 2: [Download RPM or DEB package](https://github.com/synfinatic/aws-sso-cli/releases) 1. Use your package manager to install (Linux only) * Option 3: Build & Install via [Homebrew](https://brew.sh) - 1. Run `brew install aws-sso-cli` + 1. Run `brew install aws-sso-cli` Note: You no longer need to install the hombrew tap as `aws-sso-cli` is now part of [homebrew-core]( https://github.com/Homebrew/homebrew-core/blob/master/Formula/a/aws-sso-cli.rb). @@ -131,8 +131,8 @@ which can be confusing. Full documentation for auto-completion [is available here]( commands.md#shell-helpers). -**Note:** Use of this feature requires [enabling auto-completion]( -#enabling-auto-completion-in-your-shell) as described above. +**Note:** Use of this feature requires +[enabling auto-completion](#enabling-auto-completion-in-your-shell) as described above. #### Usage @@ -214,7 +214,6 @@ docs: * [AutoConfigCheck / ConfigUrlAction](config.md#autoconfigcheck-configurlaction) * [ConfigVariables](config.md#configvariables) - #### Usage Once your `~/.aws/config` file has been modified as described above, you can @@ -226,15 +225,13 @@ The only difference is that your API keys are managed via AWS SSO and always safely stored encrypted on disk! ```bash -$ export AWS_PROFILE= -$ aws sts get-caller-identity -$ aws s3api list-buckets +export AWS_PROFILE= ``` or for a single command: ```bash -$ AWS_PROFILE= aws sts get-caller-identity +AWS_PROFILE= aws sts get-caller-identity ``` Note that every time the `aws` tool or your code makes a request for the API