Initial commit

LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright © 2017 Jorge Dias
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

README.md

@@ -0,0 +1,34 @@
+# roly
+
+Set AWS environment variables based on your profile.
+The goal is to make it easy to work with AWS profiles using assume role.
+By working this way you don't need to have credentials in your accounts
+if you can assume a role to it from a different account.
+
+## Configuration
+
+In your ~/.aws/credentials you can set the profiles like this:
+
+```
+[identity-profile]
+aws_access_key_id=AWS_ACCESS_KEY_ID
+aws_secret_access_key=AWS_SECRET_ACCESS_KEY
+
+[target-profile]
+source_profile = identity-profile
+mfa_serial = arn:aws:iam::ACCOUNTID:mfa/MFA_DEVICE # Optional only if you need MFA
+role_arn = arn:aws:iam::ACCOUNTID:role/SomeRoleName
+```
+
+## Usage
+
+roly export target-profile
+
+role exec target-profile env
+
+## Known Limitations
+
+If you use MFA, you the process will stop to ask your MFA on the
+stdin, because of that if you pipe the output to another command you
+won't see the request message for it and the program will appear to
+freeze.

cmd/exec.go

@@ -0,0 +1,48 @@
+package cmd
+
+import (
+	"os"
+	osExec "os/exec"
+
+	"github.com/diasjorge/roly/credentials"
+	"github.com/spf13/cobra"
+)
+
+// execCmd represents the exec command
+var execCmd = &cobra.Command{
+	Use:   "exec PROFILE CMD",
+	Short: "Execute command with AWS environment variables set",
+	RunE:  exec,
+}
+
+func init() {
+	RootCmd.AddCommand(execCmd)
+}
+
+func exec(cmd *cobra.Command, args []string) error {
+	if len(args) < 2 {
+		return cmd.Usage()
+	}
+
+	creds, err := credentials.Get(args[0])
+
+	if err != nil {
+		return err
+	}
+
+	os.Setenv("AWS_ACCESS_KEY_ID", creds.AccessKeyID)
+	os.Setenv("AWS_SECRET_ACCESS_KEY", creds.SecretAccessKey)
+	os.Setenv("AWS_SESSION_TOKEN", creds.SessionToken)
+
+	subCommandName := args[1]
+	subCommandArgs := args[2:]
+
+	subCommand := osExec.Command(subCommandName, subCommandArgs...)
+	subCommand.Stdout = os.Stdout
+
+	if err := subCommand.Run(); err != nil {
+		return err
+	}
+
+	return nil
+}

cmd/export.go

@@ -0,0 +1,38 @@
+package cmd
+
+import (
+	"errors"
+	"fmt"
+
+	"github.com/diasjorge/roly/credentials"
+	"github.com/spf13/cobra"
+)
+
+// exportCmd represents the export command
+var exportCmd = &cobra.Command{
+	Use:   "export PROFILE",
+	Short: "Print export statements to use the profile",
+	RunE:  export,
+}
+
+func init() {
+	RootCmd.AddCommand(exportCmd)
+}
+
+func export(cmd *cobra.Command, args []string) error {
+	if len(args) != 1 {
+		return errors.New("PROFILE required")
+	}
+
+	creds, err := credentials.Get(args[0])
+
+	if err != nil {
+		return err
+	}
+
+	fmt.Printf("export AWS_ACCESS_KEY_ID='%s'\n", creds.AccessKeyID)
+	fmt.Printf("export AWS_SECRET_ACCESS_KEY='%s'\n", creds.SecretAccessKey)
+	fmt.Printf("export AWS_SESSION_TOKEN='%s'\n", creds.SessionToken)
+
+	return nil
+}

cmd/root.go

@@ -0,0 +1,28 @@
+package cmd
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+)
+
+// RootCmd represents the base command when called without any subcommands
+var RootCmd = &cobra.Command{
+	Use:   "roly",
+	Short: "Easily work with AWS profiles",
+	Long: `Set AWS environment variables based on your profile.
+The goal is to make it easy to work with AWS profiles using assume role.
+By working this way you don't need to have credentials in your accounts
+if you can assume a role to it from a different account.`,
+	SilenceUsage: true,
+}
+
+// Execute adds all child commands to the root command sets flags appropriately.
+// This is called by main.main(). It only needs to happen once to the rootCmd.
+func Execute() {
+	if err := RootCmd.Execute(); err != nil {
+		fmt.Println(err)
+		os.Exit(-1)
+	}
+}

credentials/credentials.go

@@ -0,0 +1,43 @@
+package credentials
+
+import (
+	"os"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
+	"github.com/aws/aws-sdk-go/aws/session"
+)
+
+var keys = []string{
+	"AWS_ACCESS_KEY_ID",
+	"AWS_SECRET_ACCESS_KEY",
+	"AWS_SESSION_TOKEN",
+}
+
+func cleanEnv() error {
+	for _, key := range keys {
+		if err := os.Setenv(key, ""); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// Get returns Profile Credentials
+func Get(profile string) (credentials.Value, error) {
+	if err := cleanEnv(); err != nil {
+		return *&credentials.Value{}, err
+	}
+
+	sess := session.Must(session.NewSessionWithOptions(session.Options{
+		Config: aws.Config{
+			CredentialsChainVerboseErrors: aws.Bool(true),
+		},
+		Profile:                 profile,
+		AssumeRoleTokenProvider: stscreds.StdinTokenProvider,
+		SharedConfigState:       session.SharedConfigEnable,
+	}))
+
+	return sess.Config.Credentials.Get()
+}

main.go

@@ -0,0 +1,15 @@
+package main
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/diasjorge/roly/cmd"
+)
+
+func main() {
+	if err := cmd.RootCmd.Execute(); err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+}