-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathapp.js
executable file
·153 lines (141 loc) · 3.78 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
#!/usr/bin/env node
import yargs from "yargs";
import chalk from "chalk";
import open from "open";
import { hideBin } from "yargs/helpers";
import Configstore from "configstore";
import { getSigninUrl } from "./lib/web.js";
import { refreshCredentials } from "./lib/auth.js";
import { handleError } from "./lib/error.js";
import {
addProfile,
chooseProfile,
deleteProfile,
listProfiles,
loadConfig,
updateConfig,
} from "./lib/profiles.js";
import {
chooseAccount,
chooseRole,
getCredentials,
findAccountByName,
findRoleByName,
} from "./lib/accounts.js";
const configstore = new Configstore("aws-sso-cli");
const signInHandler = async (argv) => {
try {
const profile = "profile" in argv ? argv.profile : await chooseProfile(configstore);
const config = await refreshCredentials(loadConfig(configstore, profile), argv.forceNewToken);
updateConfig(configstore, profile, config);
const {
token: { accessToken },
region,
} = config;
const { accountId } =
"account" in argv
? await findAccountByName(accessToken, argv.account, region)
: await chooseAccount(accessToken, region);
const { roleName } =
"role" in argv
? await findRoleByName(accessToken, argv.role, accountId, region)
: await chooseRole(accessToken, accountId, region);
const {
roleCredentials: { accessKeyId, secretAccessKey, sessionToken },
} = await getCredentials(accessToken, accountId, roleName, region);
if (argv.web) {
open(await getSigninUrl(accessKeyId, secretAccessKey, sessionToken));
} else {
console.log(
"",
`export AWS_ACCESS_KEY_ID=${accessKeyId}`,
"\n",
`export AWS_SECRET_ACCESS_KEY=${secretAccessKey}`,
"\n",
`export AWS_SESSION_TOKEN=${sessionToken}`
);
}
console.error(chalk.bold.green("\nAll set!"));
} catch (err) {
handleError(err);
}
process.exit(0);
};
const addProfileHandler = async () => {
try {
await addProfile(configstore);
console.error("Profile added.");
} catch (err) {
handleError(err);
}
};
const deleteProfileHandler = async () => {
try {
await deleteProfile(configstore);
console.error("Profile successfully deleted.");
} catch (err) {
handleError(err);
}
};
const listProfilesHandler = () => {
try {
const profiles = listProfiles(configstore);
if (profiles.length === 0) {
console.error("No profiles configured yet.");
return;
}
console.error("Profiles:", `\n\n* ${profiles.join("\n* ")}`);
} catch (err) {
handleError(err);
}
};
yargs(hideBin(process.argv))
.scriptName("aws-sso-cli")
.usage("Usage: $0 [options]")
.command({
command: "add-profile",
desc: "Add a new SSO profile",
handler: addProfileHandler,
})
.command({
command: "delete-profile",
desc: "Remove an SSO profile",
handler: deleteProfileHandler,
})
.command({
command: "list-profiles",
desc: "List all currently configured profiles",
handler: listProfilesHandler,
})
.command({
command: "$0",
desc: "Sign in to an AWS account using AWS SSO",
handler: signInHandler,
})
.option("p", {
alias: "profile",
describe: "The SSO profile to use",
type: "string",
})
.option("a", {
alias: "account",
describe: "The name of the account you wish to sign into",
type: "string",
})
.option("r", {
alias: "role",
describe: "The role you wish to assume for the specified account",
type: "string",
})
.option("f", {
alias: "force-new-token",
describe: "Force fetch a new access token for AWS SSO",
type: "boolean",
})
.option("w", {
alias: "web",
describe: "Open selected AWS account in your web browser",
type: "boolean",
})
.wrap(90)
.help("help", "Show help.").argv;