Refactoring to reuse picking logic

Author: null93

README.md

@@ -7,7 +7,9 @@
 
 ## About
 
-Knox is a powerful utility designed to simplify and streamline the process of managing AWS credentials. Whether you're frequently switching between different AWS profiles or managing credentials issuance in an SSO environment, Knox provides a straightforward CLI tool to handle these tasks effortlessly. Commands like `knox select`, `knox creds select`, `knox creds last-used`, and `knox clean` make it easy to navigate and manipulate your AWS credential configurations. Its configurable nature, showcased in the `~/.aws/config` setup recommendations, ensures seamless integration into your AWS workflows. Whether you're in development, staging, or production, Knox helps maintain efficient and secure AWS credential management.
+Knox is a powerful utility designed to simplify and streamline the process of managing AWS credentials. Whether you're frequently switching between different AWS profiles or managing credentials issuance in an SSO environment, Knox provides a straightforward CLI tool to handle these tasks effortlessly. Commands like `knox select`, `knox last-used`, and `knox clean` make it easy to navigate and manipulate your AWS credential configurations. Its configurable nature, showcased in the `~/.aws/config` setup recommendations, ensures seamless integration into your AWS workflows. Whether you're in development, staging, or production, Knox helps maintain efficient and secure AWS credential management.
+
+Additionally the `knox connect` command provides a simple way to start an SSM session with an EC2 instance. This feature is particularly useful for users who frequently SSH into EC2 instances using SSM Session Manager. Knox allows you to switch between different AWS profiles and start an interactive session with a specific instance using a single command.
 
 ## Install
 

internal/connect.go

@@ -15,74 +15,25 @@ const (
 	SESSION_MANAGER_PLUGIN_URL = "https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html"
 )
 
-var (
-	connectSessionName string
-	connectAccountId   string
-	connectRoleName    string
-	connectInstanceId  string
-	connectUid         uint32 = 0
-)
-
 var connectCmd = &cobra.Command{
 	Use:   "connect",
-	Short: "Connect to a specific EC2 instance using AWS session-manager-plugin",
+	Short: "Connect to an EC2 instance using session-manager-plugin",
 	Args:  cobra.ExactArgs(0),
 	Run: func(cmd *cobra.Command, args []string) {
 		var err error
-		var sessions credentials.Sessions
-		var session *credentials.Session
-		var roles credentials.Roles
 		var role *credentials.Role
 		var binaryPath string
-		if sessions, err = credentials.GetSessions(); err != nil {
-			ExitWithError(1, "failed to get configured sessions", err)
-		}
-		if connectSessionName == "" {
-			if connectSessionName, err = tui.SelectSession(sessions); err != nil {
-				ExitWithError(2, "failed to pick an sso session", err)
-			}
-		}
-		if session = sessions.FindByName(connectSessionName); session == nil {
-			ExitWithError(3, "session with passed name not found", err)
-		}
-		if session.ClientToken == nil || session.ClientToken.IsExpired() {
-			if err = tui.ClientLogin(session); err != nil {
-				ExitWithError(4, "failed to authorize device login", err)
-			}
-		}
-		if connectAccountId == "" {
-			if connectAccountId, err = tui.SelectAccount(session); err != nil {
-				ExitWithError(5, "failed to pick an account id", err)
-			}
-		}
-		if roles, err = session.GetRoles(connectAccountId); err != nil {
-			ExitWithError(6, "failed to get roles", err)
-		}
-		if connectRoleName == "" {
-			if connectRoleName, err = tui.SelectRole(roles); err != nil {
-				ExitWithError(7, "failed to pick a role", err)
-			}
-		}
-		if role = roles.FindByName(connectRoleName); role == nil {
-			ExitWithError(8, "role with passed name not found", err)
-		}
-		if role.Credentials == nil || role.Credentials.IsExpired() {
-			if err = session.RefreshRoleCredentials(role); err != nil {
-				ExitWithError(9, "failed to get credentials", err)
-			}
-			if err = role.Credentials.Save(session.Name, role.CacheKey()); err != nil {
-				ExitWithError(10, "failed to save credentials", err)
-			}
-		}
-		if err := role.MarkLastUsed(); err != nil {
-			ExitWithError(11, "failed to mark last used role", err)
+		if view == "session" {
+			_, _, _, role = SelectRoleCredentialsStartingFromSession()
+		} else {
+			_, _, role = SelectRoleCredentialsStartingFromCache()
 		}
-		if connectInstanceId == "" {
-			if connectInstanceId, err = tui.SelectInstance(role); err != nil {
+		if instanceId == "" {
+			if instanceId, err = tui.SelectInstance(role); err != nil {
 				ExitWithError(12, "failed to pick an instance", err)
 			}
 		}
-		details, err := role.StartSession(connectInstanceId, connectUid)
+		details, err := role.StartSession(instanceId, connectUid)
 		if err != nil {
 			ExitWithError(13, "failed to start ssm session", err)
 		}
@@ -95,7 +46,7 @@ var connectCmd = &cobra.Command{
 			role.Region,
 			"StartSession",
 			"", // No Profile
-			fmt.Sprintf(`{"Target": "%s"}`, connectInstanceId),
+			fmt.Sprintf(`{"Target": "%s"}`, instanceId),
 			fmt.Sprintf("https://ssm.%s.amazonaws.com", role.Region),
 		)
 		command.Stdin = os.Stdin
@@ -111,9 +62,10 @@ var connectCmd = &cobra.Command{
 func init() {
 	RootCmd.AddCommand(connectCmd)
 	connectCmd.Flags().SortFlags = true
-	connectCmd.Flags().StringVarP(&connectSessionName, "sso-session", "s", connectSessionName, "SSO session name")
-	connectCmd.Flags().StringVarP(&connectAccountId, "account-id", "a", connectAccountId, "AWS account ID")
-	connectCmd.Flags().StringVarP(&connectRoleName, "role-name", "r", connectRoleName, "AWS role name")
-	connectCmd.Flags().StringVarP(&connectInstanceId, "instance-id", "i", connectInstanceId, "EC2 instance ID")
+	connectCmd.Flags().StringVarP(&sessionName, "sso-session", "s", sessionName, "SSO session name")
+	connectCmd.Flags().StringVarP(&accountId, "account-id", "a", accountId, "AWS account ID")
+	connectCmd.Flags().StringVarP(&roleName, "role-name", "r", roleName, "AWS role name")
+	connectCmd.Flags().StringVarP(&instanceId, "instance-id", "i", instanceId, "EC2 instance ID")
+	connectCmd.Flags().StringVarP(&view, "view", "v", view, "session or cached")
 	connectCmd.Flags().Uint32VarP(&connectUid, "uid", "u", connectUid, "UID on instance to 'su' to")
 }

internal/creds-select.go

@@ -7,33 +7,124 @@ import (
 
 	"github.com/null93/aws-knox/pkg/ansi"
 	"github.com/null93/aws-knox/pkg/color"
+	"github.com/null93/aws-knox/sdk/credentials"
+	"github.com/null93/aws-knox/sdk/tui"
 	"github.com/spf13/cobra"
 )
 
 var (
-	Version = "0.0.0"
-	Debug   = false
+	Version     string = "0.0.0"
+	debug       bool   = false
+	view        string = "session"
+	connectUid  uint32 = 0
+	sessionName string
+	accountId   string
+	roleName    string
+	instanceId  string
 )
 
 var RootCmd = &cobra.Command{
 	Use:     "knox",
 	Version: Version,
-	Short:   "knox helps you manage AWS credentials that are created via AWS SSO",
+	Short:   "knox helps you manage AWS role credentials and connect to EC2 instances",
 }
 
 func ExitWithError(code int, message string, err error) {
 	fmt.Printf("Error: %s\n", message)
-	if err != nil && Debug {
+	if err != nil && debug {
 		fmt.Printf("Debug: %s\n", err.Error())
 	}
 	os.Exit(code)
 }
 
+func SelectRoleCredentialsStartingFromSession() (credentials.Sessions, *credentials.Session, credentials.Roles, *credentials.Role) {
+	var err error
+	var sessions credentials.Sessions
+	var session *credentials.Session
+	var roles credentials.Roles
+	var role *credentials.Role
+	if sessions, err = credentials.GetSessions(); err != nil {
+		ExitWithError(1, "failed to get configured sessions", err)
+	}
+	if sessionName == "" {
+		if sessionName, err = tui.SelectSession(sessions); err != nil {
+			ExitWithError(2, "failed to pick an sso session", err)
+		}
+	}
+	if session = sessions.FindByName(sessionName); session == nil {
+		ExitWithError(3, "session with passed name not found", err)
+	}
+	if session.ClientToken == nil || session.ClientToken.IsExpired() {
+		if err = tui.ClientLogin(session); err != nil {
+			ExitWithError(4, "failed to authorize device login", err)
+		}
+	}
+	if accountId == "" {
+		if accountId, err = tui.SelectAccount(session); err != nil {
+			ExitWithError(5, "failed to pick an account id", err)
+		}
+	}
+	if roles, err = session.GetRoles(accountId); err != nil {
+		ExitWithError(6, "failed to get roles", err)
+	}
+	if roleName == "" {
+		if roleName, err = tui.SelectRole(roles); err != nil {
+			ExitWithError(7, "failed to pick a role", err)
+		}
+	}
+	if role = roles.FindByName(roleName); role == nil {
+		ExitWithError(8, "role with passed name not found", err)
+	}
+	if role.Credentials == nil || role.Credentials.IsExpired() {
+		if err = session.RefreshRoleCredentials(role); err != nil {
+			ExitWithError(9, "failed to get credentials", err)
+		}
+		if err = role.Credentials.Save(session.Name, role.CacheKey()); err != nil {
+			ExitWithError(10, "failed to save credentials", err)
+		}
+	}
+	if err := role.MarkLastUsed(); err != nil {
+		ExitWithError(11, "failed to mark last used role", err)
+	}
+	return sessions, session, roles, role
+}
+
+func SelectRoleCredentialsStartingFromCache() (credentials.Sessions, *credentials.Session, *credentials.Role) {
+	var err error
+	var sessions credentials.Sessions
+	var session *credentials.Session
+	var role *credentials.Role
+	role, err = tui.SelectRolesCredentials()
+	if role.Credentials == nil || role.Credentials.IsExpired() {
+		if sessions, err = credentials.GetSessions(); err != nil {
+			ExitWithError(1, "failed to parse sso sessions", err)
+		}
+		if session = sessions.FindByName(role.SessionName); session == nil {
+			ExitWithError(2, "failed to find sso session "+role.SessionName, err)
+		}
+		if session.ClientToken == nil || session.ClientToken.IsExpired() {
+			if err = tui.ClientLogin(session); err != nil {
+				ExitWithError(3, "failed to authorize device login", err)
+			}
+		}
+		if err = session.RefreshRoleCredentials(role); err != nil {
+			ExitWithError(9, "failed to get credentials", err)
+		}
+		if err = role.Credentials.Save(session.Name, role.CacheKey()); err != nil {
+			ExitWithError(10, "failed to save credentials", err)
+		}
+	}
+	if err = role.MarkLastUsed(); err != nil {
+		ExitWithError(11, "failed to mark last used role", err)
+	}
+	return sessions, session, role
+}
+
 func init() {
 	RootCmd.Flags().SortFlags = true
 	RootCmd.Root().CompletionOptions.DisableDefaultCmd = true
 	RootCmd.SetHelpCommand(&cobra.Command{Hidden: true})
-	RootCmd.PersistentFlags().BoolVarP(&Debug, "debug", "d", Debug, "Debug mode")
+	RootCmd.PersistentFlags().BoolVarP(&debug, "debug", "d", debug, "Debug mode")
 
 	if tty, err := os.OpenFile("/dev/tty", syscall.O_WRONLY, 0); err == nil {
 		ansi.Writer = tty